| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_database.h" | 5 #include "net/base/cert_database.h" |
| 6 | 6 |
| 7 #include <Security/Security.h> | 7 #include <Security/Security.h> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/mac/mac_logging.h" | 10 #include "base/mac/mac_logging.h" |
| 11 #include "base/synchronization/lock.h" | 11 #include "base/synchronization/lock.h" |
| 12 #include "crypto/mac_security_services_lock.h" | 12 #include "crypto/mac_security_services_lock.h" |
| 13 #include "net/base/net_errors.h" | 13 #include "net/base/net_errors.h" |
| 14 #include "net/base/x509_certificate.h" | 14 #include "net/base/x509_certificate.h" |
| 15 | 15 |
| 16 namespace net { | 16 namespace net { |
| 17 | 17 |
| 18 CertDatabase::CertDatabase() { | |
| 19 } | |
| 20 | |
| 21 int CertDatabase::CheckUserCert(X509Certificate* cert) { | 18 int CertDatabase::CheckUserCert(X509Certificate* cert) { |
| 22 if (!cert) | 19 if (!cert) |
| 23 return ERR_CERT_INVALID; | 20 return ERR_CERT_INVALID; |
| 24 if (cert->HasExpired()) | 21 if (cert->HasExpired()) |
| 25 return ERR_CERT_DATE_INVALID; | 22 return ERR_CERT_DATE_INVALID; |
| 26 | 23 |
| 27 // Verify the Keychain already has the corresponding private key: | 24 // Verify the Keychain already has the corresponding private key: |
| 28 SecIdentityRef identity = NULL; | 25 SecIdentityRef identity = NULL; |
| 29 OSStatus err = SecIdentityCreateWithCertificate(NULL, cert->os_cert_handle(), | 26 OSStatus err = SecIdentityCreateWithCertificate(NULL, cert->os_cert_handle(), |
| 30 &identity); | 27 &identity); |
| (...skipping 10 matching lines...) Expand all Loading... |
| 41 } | 38 } |
| 42 | 39 |
| 43 int CertDatabase::AddUserCert(X509Certificate* cert) { | 40 int CertDatabase::AddUserCert(X509Certificate* cert) { |
| 44 OSStatus err; | 41 OSStatus err; |
| 45 { | 42 { |
| 46 base::AutoLock locked(crypto::GetMacSecurityServicesLock()); | 43 base::AutoLock locked(crypto::GetMacSecurityServicesLock()); |
| 47 err = SecCertificateAddToKeychain(cert->os_cert_handle(), NULL); | 44 err = SecCertificateAddToKeychain(cert->os_cert_handle(), NULL); |
| 48 } | 45 } |
| 49 switch (err) { | 46 switch (err) { |
| 50 case noErr: | 47 case noErr: |
| 51 CertDatabase::NotifyObserversOfUserCertAdded(cert); | 48 CertDatabase::NotifyObserversOfCertAdded(cert); |
| 52 // Fall through. | 49 // Fall through. |
| 53 case errSecDuplicateItem: | 50 case errSecDuplicateItem: |
| 54 return OK; | 51 return OK; |
| 55 default: | 52 default: |
| 56 OSSTATUS_LOG(ERROR, err) << "CertDatabase failed to add cert to keychain"; | 53 OSSTATUS_LOG(ERROR, err) << "CertDatabase failed to add cert to keychain"; |
| 57 // TODO(snej): Map the error code more intelligently. | 54 // TODO(snej): Map the error code more intelligently. |
| 58 return ERR_ADD_USER_CERT_FAILED; | 55 return ERR_ADD_USER_CERT_FAILED; |
| 59 } | 56 } |
| 60 } | 57 } |
| 61 | 58 |
| 62 } // namespace net | 59 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10916094:
Move the NSS functions out of CertDatabase into a new NSSCertDatabase class. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src