blob: 5e97faea6812973463e4ca1ba43b0730893acd6e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/base/cert_database.h"
#include <Security/Security.h>
#include "base/logging.h"
#include "base/mac/mac_logging.h"
#include "base/synchronization/lock.h"
#include "crypto/mac_security_services_lock.h"
#include "net/base/net_errors.h"
#include "net/base/x509_certificate.h"
namespace net {
CertDatabase::CertDatabase() {
}
int CertDatabase::CheckUserCert(X509Certificate* cert) {
if (!cert)
return ERR_CERT_INVALID;
if (cert->HasExpired())
return ERR_CERT_DATE_INVALID;
// Verify the Keychain already has the corresponding private key:
SecIdentityRef identity = NULL;
OSStatus err = SecIdentityCreateWithCertificate(NULL, cert->os_cert_handle(),
&identity);
if (err == errSecItemNotFound)
return ERR_NO_PRIVATE_KEY_FOR_CERT;
if (err != noErr || !identity) {
// TODO(snej): Map the error code more intelligently.
return ERR_CERT_INVALID;
}
CFRelease(identity);
return OK;
}
int CertDatabase::AddUserCert(X509Certificate* cert) {
OSStatus err;
{
base::AutoLock locked(crypto::GetMacSecurityServicesLock());
err = SecCertificateAddToKeychain(cert->os_cert_handle(), NULL);
}
switch (err) {
case noErr:
CertDatabase::NotifyObserversOfUserCertAdded(cert);
// Fall through.
case errSecDuplicateItem:
return OK;
default:
OSSTATUS_LOG(ERROR, err) << "CertDatabase failed to add cert to keychain";
// TODO(snej): Map the error code more intelligently.
return ERR_ADD_USER_CERT_FAILED;
}
}
} // namespace net
|