OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_database.h" | 5 #include "net/cert/cert_database.h" |
6 | 6 |
7 #include <windows.h> | |
8 | |
9 #include "base/observer_list_threadsafe.h" | 7 #include "base/observer_list_threadsafe.h" |
10 #include "crypto/wincrypt_shim.h" | |
11 #include "net/base/net_errors.h" | |
12 #include "net/cert/x509_certificate.h" | |
13 | 8 |
14 namespace net { | 9 namespace net { |
15 | 10 |
16 CertDatabase::CertDatabase() | 11 CertDatabase::CertDatabase() |
17 : observer_list_(new base::ObserverListThreadSafe<Observer>) { | 12 : observer_list_(new base::ObserverListThreadSafe<Observer>) { |
18 } | 13 } |
19 | 14 |
20 CertDatabase::~CertDatabase() {} | 15 CertDatabase::~CertDatabase() {} |
21 | 16 |
22 int CertDatabase::CheckUserCert(X509Certificate* cert) { | |
23 if (!cert) | |
24 return ERR_CERT_INVALID; | |
25 if (cert->HasExpired()) | |
26 return ERR_CERT_DATE_INVALID; | |
27 | |
28 // TODO(rsleevi): Should CRYPT_FIND_SILENT_KEYSET_FLAG be specified? A UI | |
29 // may be shown here / this call may block. | |
30 if (!CryptFindCertificateKeyProvInfo(cert->os_cert_handle(), 0, NULL)) | |
31 return ERR_NO_PRIVATE_KEY_FOR_CERT; | |
32 | |
33 return OK; | |
34 } | |
35 | |
36 int CertDatabase::AddUserCert(X509Certificate* cert) { | |
37 // TODO(rsleevi): Would it be more appropriate to have the CertDatabase take | |
38 // construction parameters (Keychain filepath on Mac OS X, PKCS #11 slot on | |
39 // NSS, and Store Type / Path) here? For now, certs will be stashed into the | |
40 // user's personal store, which will not automatically mark them as trusted, | |
41 // but will allow them to be used for client auth. | |
42 HCERTSTORE cert_db = CertOpenSystemStore(NULL, L"MY"); | |
43 if (!cert_db) | |
44 return ERR_ADD_USER_CERT_FAILED; | |
45 | |
46 BOOL added = CertAddCertificateContextToStore(cert_db, | |
47 cert->os_cert_handle(), | |
48 CERT_STORE_ADD_USE_EXISTING, | |
49 NULL); | |
50 | |
51 CertCloseStore(cert_db, 0); | |
52 | |
53 if (!added) | |
54 return ERR_ADD_USER_CERT_FAILED; | |
55 | |
56 NotifyObserversOfCertAdded(cert); | |
57 return OK; | |
58 } | |
59 | |
60 } // namespace net | 17 } // namespace net |
OLD | NEW |