// Copyright 2023 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "remoting/base/certificate_helpers.h" #include <string> #include "base/logging.h" #include "build/build_config.h" #include "crypto/crypto_buildflags.h" #include "net/cert/x509_certificate.h" #include "net/ssl/client_cert_store.h" #if BUILDFLAG(USE_NSS_CERTS) #include "net/ssl/client_cert_store_nss.h" #elif BUILDFLAG(IS_WIN) #include "net/ssl/client_cert_store_win.h" #elif BUILDFLAG(IS_APPLE) && !BUILDFLAG(IS_IOS) #include "net/ssl/client_cert_store_mac.h" #endif namespace remoting { namespace { constexpr char kCertIssuerWildCard[] = …; // Returns true if certificate |c1| is a worse match than |c2|. // // Criteria: // 1. An invalid certificate is always worse than a valid certificate. // 2. Invalid certificates are equally bad, in which case false will be // returned. // 3. A certificate with earlier |valid_start| time is worse. // 4. When |valid_start| are the same, the certificate with earlier // |valid_expiry| is worse. bool WorseThan(const std::string& issuer, const base::Time& now, const net::X509Certificate& c1, const net::X509Certificate& c2) { … } #if BUILDFLAG(IS_WIN) crypto::ScopedHCERTSTORE OpenLocalMachineCertStore() { return crypto::ScopedHCERTSTORE(::CertOpenStore( CERT_STORE_PROV_SYSTEM, 0, NULL, CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_STORE_READONLY_FLAG, L"MY")); } #endif } // namespace std::string GetPreferredIssuerFieldValue(const net::X509Certificate& cert) { … } bool IsCertificateValid(const std::string& issuer, const base::Time& now, const net::X509Certificate& cert) { … } std::unique_ptr<net::ClientCertIdentity> GetBestMatchFromCertificateList( const std::string& issuer, const base::Time& now, net::ClientCertIdentityList& client_certs) { … } std::unique_ptr<net::ClientCertStore> CreateClientCertStoreInstance() { … } } // namespace remoting
Codebase Browser
chromium