Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(107)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_database_mac.cc

Issue 2363653002: Cleanup unreachable cert adding code (Closed)
Patch Set: Rebased Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/cert_database_ios.cc ('k') | net/cert/cert_database_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_database.h" 5 #include "net/cert/cert_database.h"
6 6
7 #include <Security/Security.h> 7 #include <Security/Security.h>
8 8
9 #include "base/location.h" 9 #include "base/location.h"
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after
97 // that they have already been handled. This may miss events that 97 // that they have already been handled. This may miss events that
98 // originated as a result of spawning native dialogs that allow the user 98 // originated as a result of spawning native dialogs that allow the user
99 // to modify Keychain settings. However, err on the side of missing 99 // to modify Keychain settings. However, err on the side of missing
100 // events rather than sending too many events. 100 // events rather than sending too many events.
101 return errSecSuccess; 101 return errSecSuccess;
102 } 102 }
103 103
104 switch (keychain_event) { 104 switch (keychain_event) {
105 case kSecKeychainListChangedEvent: 105 case kSecKeychainListChangedEvent:
106 case kSecTrustSettingsChangedEvent: 106 case kSecTrustSettingsChangedEvent:
107 that->cert_db_->NotifyObserversOfCACertChanged(NULL); 107 that->cert_db_->NotifyObserversCertDBChanged(NULL);
108 break; 108 break;
109 109
110 default: 110 default:
111 break; 111 break;
112 } 112 }
113 113
114 return errSecSuccess; 114 return errSecSuccess;
115 } 115 }
116 116
117 void CertDatabase::SetMessageLoopForKeychainEvents() { 117 void CertDatabase::SetMessageLoopForKeychainEvents() {
118 // Shutdown will take care to delete the notifier on the right thread. 118 // Shutdown will take care to delete the notifier on the right thread.
119 if (notifier_.get()) 119 if (notifier_.get())
120 notifier_.release()->Shutdown(); 120 notifier_.release()->Shutdown();
121 121
122 notifier_.reset(new Notifier(this, base::MessageLoopForUI::current())); 122 notifier_.reset(new Notifier(this, base::MessageLoopForUI::current()));
123 } 123 }
124 124
125 CertDatabase::CertDatabase() 125 CertDatabase::CertDatabase()
126 : observer_list_(new base::ObserverListThreadSafe<Observer>) { 126 : observer_list_(new base::ObserverListThreadSafe<Observer>) {
127 } 127 }
128 128
129 CertDatabase::~CertDatabase() { 129 CertDatabase::~CertDatabase() {
130 // Shutdown will take care to delete the notifier on the right thread. 130 // Shutdown will take care to delete the notifier on the right thread.
131 if (notifier_.get()) 131 if (notifier_.get())
132 notifier_.release()->Shutdown(); 132 notifier_.release()->Shutdown();
133 } 133 }
134 134
135 int CertDatabase::CheckUserCert(X509Certificate* cert) {
136 if (!cert)
137 return ERR_CERT_INVALID;
138 if (cert->HasExpired())
139 return ERR_CERT_DATE_INVALID;
140
141 // Verify the Keychain already has the corresponding private key:
142 SecIdentityRef identity = NULL;
143 OSStatus err = SecIdentityCreateWithCertificate(NULL, cert->os_cert_handle(),
144 &identity);
145 if (err == errSecItemNotFound)
146 return ERR_NO_PRIVATE_KEY_FOR_CERT;
147
148 if (err != noErr || !identity) {
149 // TODO(snej): Map the error code more intelligently.
150 return ERR_CERT_INVALID;
151 }
152
153 CFRelease(identity);
154 return OK;
155 }
156
157 int CertDatabase::AddUserCert(X509Certificate* cert) {
158 OSStatus err;
159 {
160 base::AutoLock locked(crypto::GetMacSecurityServicesLock());
161 err = SecCertificateAddToKeychain(cert->os_cert_handle(), NULL);
162 }
163 switch (err) {
164 case noErr:
165 CertDatabase::NotifyObserversOfCertAdded(cert);
166 // Fall through.
167 case errSecDuplicateItem:
168 return OK;
169 default:
170 OSSTATUS_LOG(ERROR, err) << "CertDatabase failed to add cert to keychain";
171 // TODO(snej): Map the error code more intelligently.
172 return ERR_ADD_USER_CERT_FAILED;
173 }
174 }
175
176 } // namespace net 135 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/cert_database_ios.cc ('k') | net/cert/cert_database_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698