Add ability to create self signed certs to mac.

base/crypto/cssm_init.h

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef BASE_CRYPTO_CSSM_INIT_H_
 #define BASE_CRYPTO_CSSM_INIT_H_
 #pragma once
 
 #include <Security/cssm.h>
 
+#include "base/basictypes.h"
 #include "base/scoped_ptr.h"
 
 namespace base {
 
 class Lock;
 
 // Initialize CSSM if it isn't already initialized.  This must be called before
 // any other CSSM functions.  This function is thread-safe, and CSSM will only
 // ever be initialized once.  CSSM will be properly shut down on program exit.
 void EnsureCSSMInit();
 
 // Returns the shared CSP handle used by CSSM functions.
 CSSM_CSP_HANDLE GetSharedCSPHandle();
 
+// Returns the shared CL handle used by CSSM functions.
+CSSM_CL_HANDLE GetSharedCLHandle();
+
+// Returns the shared TP handle used by CSSM functions.
+CSSM_TP_HANDLE GetSharedTPHandle();
+
 // Set of pointers to memory function wrappers that are required for CSSM
 extern const CSSM_API_MEMORY_FUNCS kCssmMemoryFunctions;
 
 // Utility function to log an error message including the error name.
 void LogCSSMError(const char *function_name, CSSM_RETURN err);
 
+// Utility function to release memory allocated by CSSM.
+// Note the wrapper classes below (ScopedCSSMData & ScopedCSSMTPtr)
+void CSSMFree(void* ptr);
+
 // The OS X certificate and key management wrappers over CSSM are not
 // thread-safe. In particular, code that accesses the CSSM database is
 // problematic.
 //
 // http://developer.apple.com/mac/library/documentation/Security/Reference/certifkeytrustservices/Reference/reference.html
 Lock& GetMacSecurityServicesLock();
 
+// Wrapper class for CSSM_DATA type.
+// The constructor initializes data_ to zero and the destructor releases the
+// data properly.
+class ScopedCSSMData {
+ public:
+  ScopedCSSMData();
+  ~ScopedCSSMData();
+  operator CSSM_DATA*() { return &data_; }
+  CSSM_DATA* operator ->() { return &data_; }
+
+ private:
+  CSSM_DATA data_;
+
+  DISALLOW_COPY_AND_ASSIGN(ScopedCSSMData);
+};
+
+// Wrapper class for CSSM types.
+// Destructor frees the memory properly.

[Ryan Sleevi, 2011/02/05 00:23:37]

nit: Can you specify that this should only be used when using the CL/TP/CSP
handles from above, since that's the only time we're guaranteed (or supposed to
be guaranteed) that our memory management functions will be used.

The point being is that when using Sec* APIs, they memory is managed by the Sec*
API, and typically lives as long as the native handle (SecKey, SecCertificate,
SecTrust, etc), so it shouldn't be used for those.

This also applies to ScopedCSSMData

[dmac, 2011/02/08 01:23:45]

Done.

+template<typename T>
+class ScopedCSSMTPtr {
+ public:
+  typedef T* TPtr;
+
+  explicit ScopedCSSMTPtr(T* ptr = NULL) : ptr_(ptr) { }
+  ~ScopedCSSMTPtr() {
+    reset();
+  }
+
+  void reset(T* p = NULL) {
+    if (p != ptr_) {
+      if (ptr_) {
+        CSSMFree(ptr_);
+      }
+      ptr_ = p;
+    }
+  }
+
+  T* get() const { return ptr_; }
+  T* release() WARN_UNUSED_RESULT {
+    void* retVal = ptr_;
+    ptr_ = NULL;
+    return retVal;
+  }
+
+  operator T*() { return ptr_; }
+  T* operator ->() { return ptr_; }
+
+  // Receive is used when you need to pass a CSSMType* into a system
+  // function and have this object take ownership of th result.
+  TPtr& receive() {
+    assert(ptr_ == NULL);
+    return ptr_;
+  }
+ private:
+  T* ptr_;
+
+  DISALLOW_COPY_AND_ASSIGN(ScopedCSSMTPtr);
+};
+
 }  // namespace base
 
 #endif  // BASE_CRYPTO_CSSM_INIT_H_