Mac: implement <keygen> support, including adding generated cert to the Keychain.

net/base/cert_database_nss.cc

Index: net/base/cert_database_nss.cc
diff --git a/net/base/cert_database_nss.cc b/net/base/cert_database_nss.cc
index e3c1a09dfa127d459d3788ec79a54ef36cab342b..b24db2e3e615d1f2ddffbb7767a1a0464e0f9c84 100644
--- a/net/base/cert_database_nss.cc
+++ b/net/base/cert_database_nss.cc
@@ -15,6 +15,7 @@
 #include "base/logging.h"
 #include "base/scoped_ptr.h"
 #include "base/nss_util.h"
+#include "net/base/net_errors.h"
 
 namespace net {
 
@@ -22,24 +23,11 @@ CertDatabase::CertDatabase() {
   Init();
 }
 
-bool CertDatabase::AddUserCert(const char* data, int len) {
-  CERTCertificate* cert = NULL;
-  PK11SlotInfo* slot = NULL;
-  std::string nickname;
-  bool is_success = true;
-
-  // Make a copy of "data" since CERT_DecodeCertPackage
-  // might modify it.
-  char* data_copy = new char[len];
-  memcpy(data_copy, data, len);
-
-  // Parse into a certificate structure.
-  cert = CERT_DecodeCertFromPackage(data_copy, len);
-  delete [] data_copy;
-  if (!cert) {
-    LOG(ERROR) << "Couldn't create a temporary certificate";
-    return false;
-  }
+int CertDatabase::CheckUserCert(X509Certificate* cert_obj) {
+  if (!cert_obj)
+    return ERR_CERT_INVALID;
+  if (cert_obj->HasExpired())
+    return ERR_CERT_DATE_INVALID;
 
   // Check if the private key corresponding to the certificate exist
   // We shouldn't accept any random client certificate sent by a CA.
@@ -48,22 +36,26 @@ bool CertDatabase::AddUserCert(const char* data, int len) {
   // also imports the certificate if the private key exists. This
   // doesn't seem to be the case.
 
-  slot = PK11_KeyForCertExists(cert, NULL, NULL);
+  CERTCertificate* cert = cert_obj->os_cert_handle();
+  PK11SlotInfo* slot = PK11_KeyForCertExists(cert, NULL, NULL);
   if (!slot) {
     LOG(ERROR) << "No corresponding private key in store";
-    CERT_DestroyCertificate(cert);
-    return false;
+    return ERR_CERT_NO_PRIVATE_KEY;
   }
   PK11_FreeSlot(slot);
-  slot = NULL;
 
-  // TODO(gauravsh): We also need to make sure another certificate
-  // doesn't already exist for the same private key.
+  return OK;
+}
+
+int CertDatabase::AddUserCert(X509Certificate* cert_obj) {
+  CERTCertificate* cert = cert_obj->os_cert_handle();
+  PK11SlotInfo* slot = NULL;
+  std::string nickname;
+  bool is_success = true;
 
   // Create a nickname for this certificate.
   // We use the scheme used by Firefox:
   // --> <subject's common name>'s <issuer's common name> ID.
-  //
 
   std::string username, ca_name;
   char* temp_username = CERT_GetCommonName(&cert->subject);
@@ -87,7 +79,6 @@ bool CertDatabase::AddUserCert(const char* data, int len) {
     LOG(ERROR) << "Couldn't import user certificate.";
     is_success = false;
   }
-  CERT_DestroyCertificate(cert);
   return is_success;
 }