Add ability to create self signed certs to mac.

base/crypto/cssm_init.h

Index: base/crypto/cssm_init.h
diff --git a/base/crypto/cssm_init.h b/base/crypto/cssm_init.h
index 5644d7e62189111725902c753735dc6d2359336a..0b492e67b773c9c1bd8d23a9b4e988e3a607d0b7 100644
--- a/base/crypto/cssm_init.h
+++ b/base/crypto/cssm_init.h
@@ -8,6 +8,7 @@
 
 #include <Security/cssm.h>
 
+#include "base/basictypes.h"
 #include "base/scoped_ptr.h"
 
 namespace base {
@@ -22,12 +23,22 @@ void EnsureCSSMInit();
 // Returns the shared CSP handle used by CSSM functions.
 CSSM_CSP_HANDLE GetSharedCSPHandle();
 
+// Returns the shared CL handle used by CSSM functions.
+CSSM_CL_HANDLE GetSharedCLHandle();
+
+// Returns the shared TP handle used by CSSM functions.
+CSSM_TP_HANDLE GetSharedTPHandle();
+
 // Set of pointers to memory function wrappers that are required for CSSM
 extern const CSSM_API_MEMORY_FUNCS kCssmMemoryFunctions;
 
 // Utility function to log an error message including the error name.
 void LogCSSMError(const char *function_name, CSSM_RETURN err);
 
+// Utility function to release memory allocated by CSSM.
+// Note the wrapper classes below (ScopedCSSMData & ScopedCSSMTPtr)
+void CSSMFree(void* ptr);
+
 // The OS X certificate and key management wrappers over CSSM are not
 // thread-safe. In particular, code that accesses the CSSM database is
 // problematic.
@@ -35,6 +46,65 @@ void LogCSSMError(const char *function_name, CSSM_RETURN err);
 // http://developer.apple.com/mac/library/documentation/Security/Reference/certifkeytrustservices/Reference/reference.html
 Lock& GetMacSecurityServicesLock();
 
+// Wrapper class for CSSM_DATA type.
+// The constructor initializes data_ to zero and the destructor releases the
+// data properly.
+class ScopedCSSMData {
+ public:
+  ScopedCSSMData();
+  ~ScopedCSSMData();
+  operator CSSM_DATA*() { return &data_; }
+  CSSM_DATA* operator ->() { return &data_; }
+
+ private:
+  CSSM_DATA data_;
+
+  DISALLOW_COPY_AND_ASSIGN(ScopedCSSMData);
+};
+
+// Wrapper class for CSSM types.
+// Destructor frees the memory properly.

[Ryan Sleevi, 2011/02/05 00:23:37]

nit: Can you specify that this should only be used when using the CL/TP/CSP
handles from above, since that's the only time we're guaranteed (or supposed to
be guaranteed) that our memory management functions will be used.

The point being is that when using Sec* APIs, they memory is managed by the Sec*
API, and typically lives as long as the native handle (SecKey, SecCertificate,
SecTrust, etc), so it shouldn't be used for those.

This also applies to ScopedCSSMData

[dmac, 2011/02/08 01:23:45]

Done.

+template<typename T>
+class ScopedCSSMTPtr {
+ public:
+  typedef T* TPtr;
+
+  explicit ScopedCSSMTPtr(T* ptr = NULL) : ptr_(ptr) { }
+  ~ScopedCSSMTPtr() {
+    reset();
+  }
+
+  void reset(T* p = NULL) {
+    if (p != ptr_) {
+      if (ptr_) {
+        CSSMFree(ptr_);
+      }
+      ptr_ = p;
+    }
+  }
+
+  T* get() const { return ptr_; }
+  T* release() WARN_UNUSED_RESULT {
+    void* retVal = ptr_;
+    ptr_ = NULL;
+    return retVal;
+  }
+
+  operator T*() { return ptr_; }
+  T* operator ->() { return ptr_; }
+
+  // Receive is used when you need to pass a CSSMType* into a system
+  // function and have this object take ownership of th result.
+  TPtr& receive() {
+    assert(ptr_ == NULL);
+    return ptr_;
+  }
+ private:
+  T* ptr_;
+
+  DISALLOW_COPY_AND_ASSIGN(ScopedCSSMTPtr);
+};
+
 }  // namespace base
 
 #endif  // BASE_CRYPTO_CSSM_INIT_H_