| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/keygen_handler.h" | 5 #include "net/base/keygen_handler.h" |
| 6 | 6 |
| 7 #include <Security/SecAsn1Coder.h> | 7 #include <Security/SecAsn1Coder.h> |
| 8 #include <Security/SecAsn1Templates.h> | 8 #include <Security/SecAsn1Templates.h> |
| 9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
| 10 | 10 |
| 11 #include "base/base64.h" | 11 #include "base/base64.h" |
| 12 #include "base/crypto/cssm_init.h" | 12 #include "base/crypto/cssm_init.h" |
| 13 #include "base/lock.h" | 13 #include "base/lock.h" |
| 14 #include "base/logging.h" | 14 #include "base/logging.h" |
| 15 #include "base/scoped_cftyperef.h" | 15 #include "base/mac/scoped_cftyperef.h" |
| 16 #include "base/string_util.h" | 16 #include "base/string_util.h" |
| 17 #include "base/sys_string_conversions.h" | 17 #include "base/sys_string_conversions.h" |
| 18 | 18 |
| 19 // These are in Security.framework but not declared in a public header. | 19 // These are in Security.framework but not declared in a public header. |
| 20 extern const SecAsn1Template kSecAsn1AlgorithmIDTemplate[]; | 20 extern const SecAsn1Template kSecAsn1AlgorithmIDTemplate[]; |
| 21 extern const SecAsn1Template kSecAsn1SubjectPublicKeyInfoTemplate[]; | 21 extern const SecAsn1Template kSecAsn1SubjectPublicKeyInfoTemplate[]; |
| 22 | 22 |
| 23 namespace net { | 23 namespace net { |
| 24 | 24 |
| 25 // Declarations of Netscape keygen cert structures for ASN.1 encoding: | 25 // Declarations of Netscape keygen cert structures for ASN.1 encoding: |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 104 SecAccessRef initial_access = NULL; | 104 SecAccessRef initial_access = NULL; |
| 105 SecKeyRef public_key = NULL; | 105 SecKeyRef public_key = NULL; |
| 106 SecKeyRef private_key = NULL; | 106 SecKeyRef private_key = NULL; |
| 107 SecAsn1CoderRef coder = NULL; | 107 SecAsn1CoderRef coder = NULL; |
| 108 CSSM_DATA signature = {0, NULL}; | 108 CSSM_DATA signature = {0, NULL}; |
| 109 | 109 |
| 110 { | 110 { |
| 111 if (url_.has_host()) { | 111 if (url_.has_host()) { |
| 112 // TODO(davidben): Use something like "Key generated for | 112 // TODO(davidben): Use something like "Key generated for |
| 113 // example.com", but localize it. | 113 // example.com", but localize it. |
| 114 scoped_cftyperef<CFStringRef> label( | 114 base::mac::ScopedCFTypeRef<CFStringRef> label( |
| 115 base::SysUTF8ToCFStringRef(url_.host())); | 115 base::SysUTF8ToCFStringRef(url_.host())); |
| 116 // Create an initial access object to set the SecAccessRef. This | 116 // Create an initial access object to set the SecAccessRef. This |
| 117 // sets a label on the Keychain dialogs. Pass NULL as the second | 117 // sets a label on the Keychain dialogs. Pass NULL as the second |
| 118 // argument to use the default trusted list; only allow the | 118 // argument to use the default trusted list; only allow the |
| 119 // current application to access without user confirmation. | 119 // current application to access without user confirmation. |
| 120 err = SecAccessCreate(label, NULL, &initial_access); | 120 err = SecAccessCreate(label, NULL, &initial_access); |
| 121 // If we fail, just continue without a label. | 121 // If we fail, just continue without a label. |
| 122 if (err) | 122 if (err) |
| 123 base::LogCSSMError("SecAccessCreate", err); | 123 base::LogCSSMError("SecAccessCreate", err); |
| 124 } | 124 } |
| 125 | 125 |
| 126 // Create the key-pair. | 126 // Create the key-pair. |
| 127 err = CreateRSAKeyPair(key_size_in_bits_, initial_access, | 127 err = CreateRSAKeyPair(key_size_in_bits_, initial_access, |
| 128 &public_key, &private_key); | 128 &public_key, &private_key); |
| 129 if (err) | 129 if (err) |
| 130 goto failure; | 130 goto failure; |
| 131 | 131 |
| 132 // Get the public key data (DER sequence of modulus, exponent). | 132 // Get the public key data (DER sequence of modulus, exponent). |
| 133 CFDataRef key_data = NULL; | 133 CFDataRef key_data = NULL; |
| 134 err = SecKeychainItemExport(public_key, kSecFormatBSAFE, 0, NULL, | 134 err = SecKeychainItemExport(public_key, kSecFormatBSAFE, 0, NULL, |
| 135 &key_data); | 135 &key_data); |
| 136 if (err) { | 136 if (err) { |
| 137 base::LogCSSMError("SecKeychainItemExpor", err); | 137 base::LogCSSMError("SecKeychainItemExpor", err); |
| 138 goto failure; | 138 goto failure; |
| 139 } | 139 } |
| 140 scoped_cftyperef<CFDataRef> scoped_key_data(key_data); | 140 base::mac::ScopedCFTypeRef<CFDataRef> scoped_key_data(key_data); |
| 141 | 141 |
| 142 // Create an ASN.1 encoder. | 142 // Create an ASN.1 encoder. |
| 143 err = SecAsn1CoderCreate(&coder); | 143 err = SecAsn1CoderCreate(&coder); |
| 144 if (err) { | 144 if (err) { |
| 145 base::LogCSSMError("SecAsn1CoderCreate", err); | 145 base::LogCSSMError("SecAsn1CoderCreate", err); |
| 146 goto failure; | 146 goto failure; |
| 147 } | 147 } |
| 148 | 148 |
| 149 // Fill in and DER-encode the PublicKeyAndChallenge: | 149 // Fill in and DER-encode the PublicKeyAndChallenge: |
| 150 SignedPublicKeyAndChallenge spkac; | 150 SignedPublicKeyAndChallenge spkac; |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 225 SecAccessRef initial_access, | 225 SecAccessRef initial_access, |
| 226 SecKeyRef* out_pub_key, | 226 SecKeyRef* out_pub_key, |
| 227 SecKeyRef* out_priv_key) { | 227 SecKeyRef* out_priv_key) { |
| 228 OSStatus err; | 228 OSStatus err; |
| 229 SecKeychainRef keychain; | 229 SecKeychainRef keychain; |
| 230 err = SecKeychainCopyDefault(&keychain); | 230 err = SecKeychainCopyDefault(&keychain); |
| 231 if (err) { | 231 if (err) { |
| 232 base::LogCSSMError("SecKeychainCopyDefault", err); | 232 base::LogCSSMError("SecKeychainCopyDefault", err); |
| 233 return err; | 233 return err; |
| 234 } | 234 } |
| 235 scoped_cftyperef<SecKeychainRef> scoped_keychain(keychain); | 235 base::mac::ScopedCFTypeRef<SecKeychainRef> scoped_keychain(keychain); |
| 236 { | 236 { |
| 237 AutoLock locked(base::GetMacSecurityServicesLock()); | 237 AutoLock locked(base::GetMacSecurityServicesLock()); |
| 238 err = SecKeyCreatePair( | 238 err = SecKeyCreatePair( |
| 239 keychain, | 239 keychain, |
| 240 CSSM_ALGID_RSA, | 240 CSSM_ALGID_RSA, |
| 241 size_in_bits, | 241 size_in_bits, |
| 242 0LL, | 242 0LL, |
| 243 // public key usage and attributes: | 243 // public key usage and attributes: |
| 244 CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_WRAP, | 244 CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_WRAP, |
| 245 CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT, | 245 CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT, |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 314 return err; | 314 return err; |
| 315 } | 315 } |
| 316 err = CSSM_SignData(cc_handle, &data, 1, CSSM_ALGID_NONE, signature); | 316 err = CSSM_SignData(cc_handle, &data, 1, CSSM_ALGID_NONE, signature); |
| 317 if (err) | 317 if (err) |
| 318 base::LogCSSMError("CSSM_SignData", err); | 318 base::LogCSSMError("CSSM_SignData", err); |
| 319 CSSM_DeleteContext(cc_handle); | 319 CSSM_DeleteContext(cc_handle); |
| 320 return err; | 320 return err; |
| 321 } | 321 } |
| 322 | 322 |
| 323 } // namespace net | 323 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3855001:
Move scoped_cftyperef from base to base/mac, use the new namespace, and name ... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/