OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_database.h" | 5 #include "net/cert/cert_database.h" |
6 | 6 |
7 #include <openssl/x509.h> | |
8 | |
9 #include "base/logging.h" | |
10 #include "base/observer_list_threadsafe.h" | 7 #include "base/observer_list_threadsafe.h" |
11 #include "crypto/scoped_openssl_types.h" | |
12 #include "net/base/crypto_module.h" | |
13 #include "net/base/net_errors.h" | |
14 #include "net/base/openssl_private_key_store.h" | |
15 #include "net/cert/x509_certificate.h" | |
16 | 8 |
17 namespace net { | 9 namespace net { |
18 | 10 |
19 CertDatabase::CertDatabase() | 11 CertDatabase::CertDatabase() |
20 : observer_list_(new base::ObserverListThreadSafe<Observer>) { | 12 : observer_list_(new base::ObserverListThreadSafe<Observer>) { |
21 } | 13 } |
22 | 14 |
23 CertDatabase::~CertDatabase() {} | 15 CertDatabase::~CertDatabase() {} |
24 | 16 |
25 // This method is used to check a client certificate before trying to | |
26 // install it on the system, which will happen later by calling | |
27 // AddUserCert() below. | |
28 // | |
29 // On the Linux/OpenSSL build, there is simply no system keystore, but | |
30 // OpenSSLPrivateKeyStore() implements a small in-memory store for | |
31 // (public/private) key pairs generated through keygen. | |
32 // | |
33 // Try to check for a private key in the in-memory store to check | |
34 // for the case when the browser is trying to install a server-generated | |
35 // certificate from a <keygen> exchange. | |
36 int CertDatabase::CheckUserCert(X509Certificate* cert) { | |
37 if (!cert) | |
38 return ERR_CERT_INVALID; | |
39 if (cert->HasExpired()) | |
40 return ERR_CERT_DATE_INVALID; | |
41 | |
42 // X509_PUBKEY_get() transfers ownership, not X509_get_X509_PUBKEY() | |
43 crypto::ScopedEVP_PKEY public_key( | |
44 X509_PUBKEY_get(X509_get_X509_PUBKEY(cert->os_cert_handle()))); | |
45 | |
46 if (!OpenSSLPrivateKeyStore::HasPrivateKey(public_key.get())) | |
47 return ERR_NO_PRIVATE_KEY_FOR_CERT; | |
48 | |
49 return OK; | |
50 } | |
51 | |
52 int CertDatabase::AddUserCert(X509Certificate* cert) { | |
53 // There is no certificate store on the Linux/OpenSSL build. | |
54 NOTIMPLEMENTED(); | |
55 return ERR_NOT_IMPLEMENTED; | |
56 } | |
57 | |
58 } // namespace net | 17 } // namespace net |
OLD | NEW |