summaryrefslogtreecommitdiffstats
path: root/net/base/cert_database_nss.cc
diff options
context:
space:
mode:
authorsnej@chromium.org <snej@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-03-02 17:47:02 +0000
committersnej@chromium.org <snej@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-03-02 17:47:02 +0000
commitcdafbff7b3e83702c20b0f754a6d27159b78c06c (patch)
tree5b66619f7822e7189e8cc3287365ed49808d3c72 /net/base/cert_database_nss.cc
parent078a10a1c64458e5f5c4fdf57edbbc935dd145ca (diff)
downloadchromium_src-cdafbff7b3e83702c20b0f754a6d27159b78c06c.zip
chromium_src-cdafbff7b3e83702c20b0f754a6d27159b78c06c.tar.gz
chromium_src-cdafbff7b3e83702c20b0f754a6d27159b78c06c.tar.bz2
Mac: implement <keygen> support, including adding generated cert to the Keychain.
BUG=34607 TEST=KeygenHandlerTest.SmokeTest Review URL: http://codereview.chromium.org/652137 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40387 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/cert_database_nss.cc')
-rw-r--r--net/base/cert_database_nss.cc51
1 files changed, 20 insertions, 31 deletions
diff --git a/net/base/cert_database_nss.cc b/net/base/cert_database_nss.cc
index e3c1a09..636224f 100644
--- a/net/base/cert_database_nss.cc
+++ b/net/base/cert_database_nss.cc
@@ -15,6 +15,7 @@
#include "base/logging.h"
#include "base/scoped_ptr.h"
#include "base/nss_util.h"
+#include "net/base/net_errors.h"
namespace net {
@@ -22,24 +23,11 @@ CertDatabase::CertDatabase() {
Init();
}
-bool CertDatabase::AddUserCert(const char* data, int len) {
- CERTCertificate* cert = NULL;
- PK11SlotInfo* slot = NULL;
- std::string nickname;
- bool is_success = true;
-
- // Make a copy of "data" since CERT_DecodeCertPackage
- // might modify it.
- char* data_copy = new char[len];
- memcpy(data_copy, data, len);
-
- // Parse into a certificate structure.
- cert = CERT_DecodeCertFromPackage(data_copy, len);
- delete [] data_copy;
- if (!cert) {
- LOG(ERROR) << "Couldn't create a temporary certificate";
- return false;
- }
+int CertDatabase::CheckUserCert(X509Certificate* cert_obj) {
+ if (!cert_obj)
+ return ERR_CERT_INVALID;
+ if (cert_obj->HasExpired())
+ return ERR_CERT_DATE_INVALID;
// Check if the private key corresponding to the certificate exist
// We shouldn't accept any random client certificate sent by a CA.
@@ -48,22 +36,25 @@ bool CertDatabase::AddUserCert(const char* data, int len) {
// also imports the certificate if the private key exists. This
// doesn't seem to be the case.
- slot = PK11_KeyForCertExists(cert, NULL, NULL);
+ CERTCertificate* cert = cert_obj->os_cert_handle();
+ PK11SlotInfo* slot = PK11_KeyForCertExists(cert, NULL, NULL);
if (!slot) {
LOG(ERROR) << "No corresponding private key in store";
- CERT_DestroyCertificate(cert);
- return false;
+ return ERR_NO_PRIVATE_KEY_FOR_CERT;
}
PK11_FreeSlot(slot);
- slot = NULL;
- // TODO(gauravsh): We also need to make sure another certificate
- // doesn't already exist for the same private key.
+ return OK;
+}
+
+int CertDatabase::AddUserCert(X509Certificate* cert_obj) {
+ CERTCertificate* cert = cert_obj->os_cert_handle();
+ PK11SlotInfo* slot = NULL;
+ std::string nickname;
// Create a nickname for this certificate.
// We use the scheme used by Firefox:
// --> <subject's common name>'s <issuer's common name> ID.
- //
std::string username, ca_name;
char* temp_username = CERT_GetCommonName(&cert->subject);
@@ -81,14 +72,12 @@ bool CertDatabase::AddUserCert(const char* data, int len) {
slot = PK11_ImportCertForKey(cert,
const_cast<char*>(nickname.c_str()),
NULL);
- if (slot) {
- PK11_FreeSlot(slot);
- } else {
+ if (!slot) {
LOG(ERROR) << "Couldn't import user certificate.";
- is_success = false;
+ return ERR_ERR_ADD_USER_CERT_FAILED;
}
- CERT_DestroyCertificate(cert);
- return is_success;
+ PK11_FreeSlot(slot);
+ return OK;
}
void CertDatabase::Init() {
generated by cgit v1.1 at 2025-02-11 06:40:46 +0000