OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_database.h" | 5 #include "net/cert/cert_database.h" |
6 | 6 |
7 #include <cert.h> | |
8 #include <pk11pub.h> | |
9 #include <secmod.h> | |
10 | |
11 #include <vector> | |
12 | |
13 #include "base/logging.h" | |
14 #include "base/observer_list_threadsafe.h" | 7 #include "base/observer_list_threadsafe.h" |
15 #include "crypto/nss_util.h" | 8 #include "crypto/nss_util.h" |
16 #include "crypto/scoped_nss_types.h" | |
17 #include "net/base/net_errors.h" | |
18 #include "net/cert/x509_certificate.h" | |
19 #include "net/cert/x509_util_nss.h" | |
20 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" | |
21 | |
22 // PSM = Mozilla's Personal Security Manager. | |
23 namespace psm = mozilla_security_manager; | |
24 | 9 |
25 namespace net { | 10 namespace net { |
26 | 11 |
27 CertDatabase::CertDatabase() | 12 CertDatabase::CertDatabase() |
28 : observer_list_(new base::ObserverListThreadSafe<Observer>) { | 13 : observer_list_(new base::ObserverListThreadSafe<Observer>) { |
29 crypto::EnsureNSSInit(); | 14 crypto::EnsureNSSInit(); |
30 } | 15 } |
31 | 16 |
32 CertDatabase::~CertDatabase() {} | 17 CertDatabase::~CertDatabase() {} |
33 | 18 |
34 int CertDatabase::CheckUserCert(X509Certificate* cert_obj) { | |
35 if (!cert_obj) | |
36 return ERR_CERT_INVALID; | |
37 if (cert_obj->HasExpired()) | |
38 return ERR_CERT_DATE_INVALID; | |
39 | |
40 // Check if the private key corresponding to the certificate exist | |
41 // We shouldn't accept any random client certificate sent by a CA. | |
42 | |
43 // Note: The NSS source documentation wrongly suggests that this | |
44 // also imports the certificate if the private key exists. This | |
45 // doesn't seem to be the case. | |
46 | |
47 CERTCertificate* cert = cert_obj->os_cert_handle(); | |
48 PK11SlotInfo* slot = PK11_KeyForCertExists(cert, NULL, NULL); | |
49 if (!slot) | |
50 return ERR_NO_PRIVATE_KEY_FOR_CERT; | |
51 | |
52 PK11_FreeSlot(slot); | |
53 | |
54 return OK; | |
55 } | |
56 | |
57 int CertDatabase::AddUserCert(X509Certificate* cert_obj) { | |
58 CertificateList cert_list; | |
59 cert_list.push_back(cert_obj); | |
60 int result = psm::ImportUserCert(cert_list); | |
61 | |
62 if (result == OK) | |
63 NotifyObserversOfCertAdded(NULL); | |
64 | |
65 return result; | |
66 } | |
67 | |
68 } // namespace net | 19 } // namespace net |
OLD | NEW |