OLD | NEW |
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/cert_database.h" | 5 #include "net/base/cert_database.h" |
6 | 6 |
7 #include <pk11pub.h> | 7 #include <pk11pub.h> |
8 #include <secmod.h> | 8 #include <secmod.h> |
9 #include <ssl.h> | 9 #include <ssl.h> |
10 #include <nssb64.h> // NSSBase64_EncodeItem() | 10 #include <nssb64.h> // NSSBase64_EncodeItem() |
11 #include <secder.h> // DER_Encode() | 11 #include <secder.h> // DER_Encode() |
12 #include <cryptohi.h> // SEC_DerSignData() | 12 #include <cryptohi.h> // SEC_DerSignData() |
13 #include <keyhi.h> // SECKEY_CreateSubjectPublicKeyInfo() | 13 #include <keyhi.h> // SECKEY_CreateSubjectPublicKeyInfo() |
14 | 14 |
15 #include "base/logging.h" | 15 #include "base/logging.h" |
16 #include "base/scoped_ptr.h" | 16 #include "base/scoped_ptr.h" |
17 #include "base/nss_util.h" | 17 #include "base/nss_util.h" |
18 #include "net/base/net_errors.h" | 18 #include "net/base/net_errors.h" |
| 19 #include "net/base/x509_certificate.h" |
19 | 20 |
20 namespace net { | 21 namespace net { |
21 | 22 |
22 CertDatabase::CertDatabase() { | 23 CertDatabase::CertDatabase() { |
23 Init(); | 24 base::EnsureNSSInit(); |
24 } | 25 } |
25 | 26 |
26 int CertDatabase::CheckUserCert(X509Certificate* cert_obj) { | 27 int CertDatabase::CheckUserCert(X509Certificate* cert_obj) { |
27 if (!cert_obj) | 28 if (!cert_obj) |
28 return ERR_CERT_INVALID; | 29 return ERR_CERT_INVALID; |
29 if (cert_obj->HasExpired()) | 30 if (cert_obj->HasExpired()) |
30 return ERR_CERT_DATE_INVALID; | 31 return ERR_CERT_DATE_INVALID; |
31 | 32 |
32 // Check if the private key corresponding to the certificate exist | 33 // Check if the private key corresponding to the certificate exist |
33 // We shouldn't accept any random client certificate sent by a CA. | 34 // We shouldn't accept any random client certificate sent by a CA. |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
67 ca_name = temp_ca_name; | 68 ca_name = temp_ca_name; |
68 PORT_Free(temp_ca_name); | 69 PORT_Free(temp_ca_name); |
69 } | 70 } |
70 nickname = username + "'s " + ca_name + " ID"; | 71 nickname = username + "'s " + ca_name + " ID"; |
71 | 72 |
72 slot = PK11_ImportCertForKey(cert, | 73 slot = PK11_ImportCertForKey(cert, |
73 const_cast<char*>(nickname.c_str()), | 74 const_cast<char*>(nickname.c_str()), |
74 NULL); | 75 NULL); |
75 if (!slot) { | 76 if (!slot) { |
76 LOG(ERROR) << "Couldn't import user certificate."; | 77 LOG(ERROR) << "Couldn't import user certificate."; |
77 return ERR_ERR_ADD_USER_CERT_FAILED; | 78 return ERR_ADD_USER_CERT_FAILED; |
78 } | 79 } |
79 PK11_FreeSlot(slot); | 80 PK11_FreeSlot(slot); |
80 return OK; | 81 return OK; |
81 } | 82 } |
82 | 83 |
83 void CertDatabase::Init() { | |
84 base::EnsureNSSInit(); | |
85 } | |
86 | |
87 } // namespace net | 84 } // namespace net |
OLD | NEW |