| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/ssl_platform_key_mac.h" | 5 #include "net/ssl/ssl_platform_key_mac.h" |
| 6 | 6 |
| 7 #include <CoreFoundation/CoreFoundation.h> | 7 #include <CoreFoundation/CoreFoundation.h> |
| 8 #include <Security/SecCertificate.h> | 8 #include <Security/SecCertificate.h> |
| 9 #include <Security/SecImportExport.h> | 9 #include <Security/SecImportExport.h> |
| 10 #include <Security/SecKeychain.h> | 10 #include <Security/SecKeychain.h> |
| 11 | 11 |
| 12 #include <string> | 12 #include <string> |
| 13 | 13 |
| 14 #include "base/files/file_path.h" | 14 #include "base/files/file_path.h" |
| 15 #include "base/files/file_util.h" | 15 #include "base/files/file_util.h" |
| 16 #include "base/files/scoped_temp_dir.h" | 16 #include "base/files/scoped_temp_dir.h" |
| 17 #include "base/mac/scoped_cftyperef.h" | 17 #include "base/mac/scoped_cftyperef.h" |
| 18 #include "base/memory/ref_counted.h" | 18 #include "base/memory/ref_counted.h" |
| 19 #include "net/cert/x509_util_mac.h" |
| 19 #include "net/ssl/ssl_private_key.h" | 20 #include "net/ssl/ssl_private_key.h" |
| 20 #include "net/ssl/ssl_private_key_test_util.h" | 21 #include "net/ssl/ssl_private_key_test_util.h" |
| 21 #include "net/test/cert_test_util.h" | 22 #include "net/test/cert_test_util.h" |
| 22 #include "net/test/test_data_directory.h" | 23 #include "net/test/test_data_directory.h" |
| 23 #include "testing/gtest/include/gtest/gtest.h" | 24 #include "testing/gtest/include/gtest/gtest.h" |
| 24 #include "third_party/boringssl/src/include/openssl/bytestring.h" | 25 #include "third_party/boringssl/src/include/openssl/bytestring.h" |
| 25 #include "third_party/boringssl/src/include/openssl/ec_key.h" | 26 #include "third_party/boringssl/src/include/openssl/ec_key.h" |
| 26 #include "third_party/boringssl/src/include/openssl/evp.h" | 27 #include "third_party/boringssl/src/include/openssl/evp.h" |
| 27 #include "third_party/boringssl/src/include/openssl/mem.h" | 28 #include "third_party/boringssl/src/include/openssl/mem.h" |
| 28 #include "third_party/boringssl/src/include/openssl/rsa.h" | 29 #include "third_party/boringssl/src/include/openssl/rsa.h" |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 69 base::ScopedTempDir keychain_dir; | 70 base::ScopedTempDir keychain_dir; |
| 70 ASSERT_TRUE(keychain_dir.CreateUniqueTempDir()); | 71 ASSERT_TRUE(keychain_dir.CreateUniqueTempDir()); |
| 71 base::FilePath keychain_path = | 72 base::FilePath keychain_path = |
| 72 keychain_dir.GetPath().AppendASCII("test_keychain.keychain"); | 73 keychain_dir.GetPath().AppendASCII("test_keychain.keychain"); |
| 73 base::ScopedCFTypeRef<SecKeychainRef> keychain; | 74 base::ScopedCFTypeRef<SecKeychainRef> keychain; |
| 74 ASSERT_EQ(noErr, | 75 ASSERT_EQ(noErr, |
| 75 SecKeychainCreate(keychain_path.value().c_str(), 0, "", FALSE, | 76 SecKeychainCreate(keychain_path.value().c_str(), 0, "", FALSE, |
| 76 nullptr, keychain.InitializeInto())); | 77 nullptr, keychain.InitializeInto())); |
| 77 | 78 |
| 78 // Insert the certificate into the keychain. | 79 // Insert the certificate into the keychain. |
| 79 ASSERT_EQ(noErr, | 80 base::ScopedCFTypeRef<SecCertificateRef> sec_cert( |
| 80 SecCertificateAddToKeychain(cert->os_cert_handle(), keychain)); | 81 x509_util::CreateSecCertificateFromX509Certificate(cert.get())); |
| 82 ASSERT_TRUE(sec_cert); |
| 83 ASSERT_EQ(noErr, SecCertificateAddToKeychain(sec_cert, keychain)); |
| 81 | 84 |
| 82 // Import the key into the keychain. Apple doesn't accept unencrypted PKCS#8, | 85 // Import the key into the keychain. Apple doesn't accept unencrypted PKCS#8, |
| 83 // but it accepts the low-level RSAPrivateKey and ECPrivateKey types as | 86 // but it accepts the low-level RSAPrivateKey and ECPrivateKey types as |
| 84 // "kSecFormatOpenSSL", so produce those. There doesn't appear to be a way to | 87 // "kSecFormatOpenSSL", so produce those. There doesn't appear to be a way to |
| 85 // tell it which key type we have, so leave this unspecified and have it | 88 // tell it which key type we have, so leave this unspecified and have it |
| 86 // guess. | 89 // guess. |
| 87 CBS cbs; | 90 CBS cbs; |
| 88 CBS_init(&cbs, reinterpret_cast<const uint8_t*>(pkcs8.data()), pkcs8.size()); | 91 CBS_init(&cbs, reinterpret_cast<const uint8_t*>(pkcs8.data()), pkcs8.size()); |
| 89 bssl::UniquePtr<EVP_PKEY> openssl_key(EVP_parse_private_key(&cbs)); | 92 bssl::UniquePtr<EVP_PKEY> openssl_key(EVP_parse_private_key(&cbs)); |
| 90 ASSERT_TRUE(openssl_key); | 93 ASSERT_TRUE(openssl_key); |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 128 | 131 |
| 129 TestSSLPrivateKeyMatches(key.get(), pkcs8); | 132 TestSSLPrivateKeyMatches(key.get(), pkcs8); |
| 130 } | 133 } |
| 131 | 134 |
| 132 INSTANTIATE_TEST_CASE_P(, | 135 INSTANTIATE_TEST_CASE_P(, |
| 133 SSLPlatformKeyMacTest, | 136 SSLPlatformKeyMacTest, |
| 134 testing::ValuesIn(kTestKeys), | 137 testing::ValuesIn(kTestKeys), |
| 135 TestKeyToString); | 138 TestKeyToString); |
| 136 | 139 |
| 137 } // namespace net | 140 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2746103003:
Add X509CertificateBytes which uses CRYPTO_BUFFER instead of macOS-native certificate types. (Closed)
