Add server certificate request parameters to be stored in SSLCertRequestInfo.

net/socket/ssl_client_socket_mac.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket_mac.h"
 
 #include <CoreServices/CoreServices.h>
 #include <netdb.h>
 #include <sys/socket.h>
 #include <sys/types.h>
@@ skipping 730 matching lines @@
   }
 
   if (ssl_config_.version_fallback)
     ssl_info->connection_status |= SSL_CONNECTION_VERSION_FALLBACK;
 
   return true;
 }
 
 void SSLClientSocketMac::GetSSLCertRequestInfo(
     SSLCertRequestInfo* cert_request_info) {
-  // I'm being asked for available client certs (identities).
-  // First, get the cert issuer names allowed by the server.
+  cert_request_info->host_and_port = host_and_port_.ToString();
+  cert_request_info->cert_authorities.clear();
+  cert_request_info->cert_key_types.clear();
+  cert_request_info->client_certs.clear();
+
+  // Retrieve the cert issuers accepted by the server. This information is
+  // currently (temporarily) being saved both in |valid_issuers| and
+  // |cert_authorities|, the latter being the target solution. The refactoring
+  // effort is being tracked in http://crbug.com/166642.
   std::vector<CertPrincipal> valid_issuers;
   CFArrayRef valid_issuer_names = NULL;
   if (SSLCopyDistinguishedNames(ssl_context_, &valid_issuer_names) == noErr &&
       valid_issuer_names != NULL) {
     VLOG(1) << "Server has " << CFArrayGetCount(valid_issuer_names)
             << " valid issuer names";
     int n = CFArrayGetCount(valid_issuer_names);
     for (int i = 0; i < n; i++) {
-      // Parse each name into a CertPrincipal object.
       CFDataRef issuer = reinterpret_cast<CFDataRef>(
           CFArrayGetValueAtIndex(valid_issuer_names, i));
+      // Add the DER-encoded issuer DistinguishedName to |cert_authorities|.
+      cert_request_info->cert_authorities.push_back(std::string(
+          reinterpret_cast<const char*>(CFDataGetBytePtr(issuer)),
+          static_cast<size_t>(CFDataGetLength(issuer))));
+      // Add the CertPrincipal object representing the issuer to
+      // |valid_issuers|.
       CertPrincipal p;
       if (p.ParseDistinguishedName(CFDataGetBytePtr(issuer),
                                    CFDataGetLength(issuer))) {
         valid_issuers.push_back(p);
       }
     }
     CFRelease(valid_issuer_names);
   }
 
   // Now get the available client certs whose issuers are allowed by the server.
-  cert_request_info->host_and_port = host_and_port_.ToString();
-  cert_request_info->client_certs.clear();
   // TODO(rch):  we should consider passing a host-port pair as the first
   // argument to X509Certificate::GetSSLClientCertificates.
   X509Certificate::GetSSLClientCertificates(host_and_port_.host(),
                                             valid_issuers,
                                             &cert_request_info->client_certs);
   std::sort(cert_request_info->client_certs.begin(),
             cert_request_info->client_certs.end(),
             x509_util::ClientCertSorter());
 
   VLOG(1) << "Asking user to choose between "
@@ skipping 666 matching lines @@
   if (rv < 0 && rv != ERR_IO_PENDING) {
     us->write_io_buf_ = NULL;
     return OSStatusFromNetError(rv);
   }
 
   // always lie to our caller
   return noErr;
 }
 
 }  // namespace net