OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_database.h" | 5 #include "net/cert/cert_database.h" |
6 | 6 |
7 #include <Security/Security.h> | 7 #include <Security/Security.h> |
8 | 8 |
9 #include "base/location.h" | 9 #include "base/location.h" |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
97 // that they have already been handled. This may miss events that | 97 // that they have already been handled. This may miss events that |
98 // originated as a result of spawning native dialogs that allow the user | 98 // originated as a result of spawning native dialogs that allow the user |
99 // to modify Keychain settings. However, err on the side of missing | 99 // to modify Keychain settings. However, err on the side of missing |
100 // events rather than sending too many events. | 100 // events rather than sending too many events. |
101 return errSecSuccess; | 101 return errSecSuccess; |
102 } | 102 } |
103 | 103 |
104 switch (keychain_event) { | 104 switch (keychain_event) { |
105 case kSecKeychainListChangedEvent: | 105 case kSecKeychainListChangedEvent: |
106 case kSecTrustSettingsChangedEvent: | 106 case kSecTrustSettingsChangedEvent: |
107 that->cert_db_->NotifyObserversOfCACertChanged(NULL); | 107 that->cert_db_->NotifyObserversCertDBChanged(NULL); |
108 break; | 108 break; |
109 | 109 |
110 default: | 110 default: |
111 break; | 111 break; |
112 } | 112 } |
113 | 113 |
114 return errSecSuccess; | 114 return errSecSuccess; |
115 } | 115 } |
116 | 116 |
117 void CertDatabase::SetMessageLoopForKeychainEvents() { | 117 void CertDatabase::SetMessageLoopForKeychainEvents() { |
118 // Shutdown will take care to delete the notifier on the right thread. | 118 // Shutdown will take care to delete the notifier on the right thread. |
119 if (notifier_.get()) | 119 if (notifier_.get()) |
120 notifier_.release()->Shutdown(); | 120 notifier_.release()->Shutdown(); |
121 | 121 |
122 notifier_.reset(new Notifier(this, base::MessageLoopForUI::current())); | 122 notifier_.reset(new Notifier(this, base::MessageLoopForUI::current())); |
123 } | 123 } |
124 | 124 |
125 CertDatabase::CertDatabase() | 125 CertDatabase::CertDatabase() |
126 : observer_list_(new base::ObserverListThreadSafe<Observer>) { | 126 : observer_list_(new base::ObserverListThreadSafe<Observer>) { |
127 } | 127 } |
128 | 128 |
129 CertDatabase::~CertDatabase() { | 129 CertDatabase::~CertDatabase() { |
130 // Shutdown will take care to delete the notifier on the right thread. | 130 // Shutdown will take care to delete the notifier on the right thread. |
131 if (notifier_.get()) | 131 if (notifier_.get()) |
132 notifier_.release()->Shutdown(); | 132 notifier_.release()->Shutdown(); |
133 } | 133 } |
134 | 134 |
135 int CertDatabase::CheckUserCert(X509Certificate* cert) { | |
136 if (!cert) | |
137 return ERR_CERT_INVALID; | |
138 if (cert->HasExpired()) | |
139 return ERR_CERT_DATE_INVALID; | |
140 | |
141 // Verify the Keychain already has the corresponding private key: | |
142 SecIdentityRef identity = NULL; | |
143 OSStatus err = SecIdentityCreateWithCertificate(NULL, cert->os_cert_handle(), | |
144 &identity); | |
145 if (err == errSecItemNotFound) | |
146 return ERR_NO_PRIVATE_KEY_FOR_CERT; | |
147 | |
148 if (err != noErr || !identity) { | |
149 // TODO(snej): Map the error code more intelligently. | |
150 return ERR_CERT_INVALID; | |
151 } | |
152 | |
153 CFRelease(identity); | |
154 return OK; | |
155 } | |
156 | |
157 int CertDatabase::AddUserCert(X509Certificate* cert) { | |
158 OSStatus err; | |
159 { | |
160 base::AutoLock locked(crypto::GetMacSecurityServicesLock()); | |
161 err = SecCertificateAddToKeychain(cert->os_cert_handle(), NULL); | |
162 } | |
163 switch (err) { | |
164 case noErr: | |
165 CertDatabase::NotifyObserversOfCertAdded(cert); | |
166 // Fall through. | |
167 case errSecDuplicateItem: | |
168 return OK; | |
169 default: | |
170 OSSTATUS_LOG(ERROR, err) << "CertDatabase failed to add cert to keychain"; | |
171 // TODO(snej): Map the error code more intelligently. | |
172 return ERR_ADD_USER_CERT_FAILED; | |
173 } | |
174 } | |
175 | |
176 } // namespace net | 135 } // namespace net |
OLD | NEW |