diff options
| author | snej@chromium.org <snej@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-02 17:47:02 +0000 |
|---|---|---|
| committer | snej@chromium.org <snej@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-02 17:47:02 +0000 |
| commit | cdafbff7b3e83702c20b0f754a6d27159b78c06c (patch) | |
| tree | 5b66619f7822e7189e8cc3287365ed49808d3c72 /net/base/cert_database_mac.cc | |
| parent | 078a10a1c64458e5f5c4fdf57edbbc935dd145ca (diff) | |
| download | chromium_src-cdafbff7b3e83702c20b0f754a6d27159b78c06c.zip chromium_src-cdafbff7b3e83702c20b0f754a6d27159b78c06c.tar.gz chromium_src-cdafbff7b3e83702c20b0f754a6d27159b78c06c.tar.bz2 | |
Mac: implement <keygen> support, including adding generated cert to the Keychain.
BUG=34607
TEST=KeygenHandlerTest.SmokeTest
Review URL: http://codereview.chromium.org/652137
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40387 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/cert_database_mac.cc')
| -rw-r--r-- | net/base/cert_database_mac.cc | 46 |
1 files changed, 40 insertions, 6 deletions
diff --git a/net/base/cert_database_mac.cc b/net/base/cert_database_mac.cc index 5caf9db..96ab9e5 100644 --- a/net/base/cert_database_mac.cc +++ b/net/base/cert_database_mac.cc @@ -4,21 +4,55 @@ #include "net/base/cert_database.h" +#include <Security/Security.h> + #include "base/logging.h" +#include "net/base/net_errors.h" namespace net { CertDatabase::CertDatabase() { - NOTIMPLEMENTED(); } -bool CertDatabase::AddUserCert(const char* data, int len) { - NOTIMPLEMENTED(); - return false; +void CertDatabase::Init() { } -void CertDatabase::Init() { - NOTIMPLEMENTED(); +int CertDatabase::CheckUserCert(X509Certificate* cert) { + if (!cert) + return ERR_CERT_INVALID; + if (cert->HasExpired()) + return ERR_CERT_DATE_INVALID; + if (!cert->SupportsSSLClientAuth()) + return ERR_CERT_INVALID; + + // Verify the Keychain already has the corresponding private key: + SecIdentityRef identity = NULL; + OSStatus err = SecIdentityCreateWithCertificate(NULL, cert->os_cert_handle(), + &identity); + if (err == errSecItemNotFound) { + LOG(ERROR) << "CertDatabase couldn't find private key for user cert"; + return ERR_NO_PRIVATE_KEY_FOR_CERT; + } + if (err != noErr || !identity) { + // TODO(snej): Map the error code more intelligently. + return ERR_CERT_INVALID; + } + + CFRelease(identity); + return OK; +} + +int CertDatabase::AddUserCert(X509Certificate* cert) { + OSStatus err = SecCertificateAddToKeychain(cert->os_cert_handle(), NULL); + switch(err) { + case noErr: + case errSecDuplicateItem: + return OK; + default: + LOG(ERROR) << "CertDatabase failed to add cert to keychain: " << err; + // TODO(snej): Map the error code more intelligently. + return ERR_ERR_ADD_USER_CERT_FAILED; + } } } // namespace net |