| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_database.h" | 5 #include "net/base/cert_database.h" |
| 6 | 6 |
| 7 #include <openssl/x509.h> | 7 #include <openssl/x509.h> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/observer_list_threadsafe.h" | 10 #include "base/observer_list_threadsafe.h" |
| 11 #include "crypto/openssl_util.h" |
| 11 #include "net/base/crypto_module.h" | 12 #include "net/base/crypto_module.h" |
| 12 #include "net/base/net_errors.h" | 13 #include "net/base/net_errors.h" |
| 13 #include "net/base/openssl_private_key_store.h" | 14 #include "net/base/openssl_private_key_store.h" |
| 14 #include "net/base/x509_certificate.h" | 15 #include "net/base/x509_certificate.h" |
| 15 | 16 |
| 16 namespace net { | 17 namespace net { |
| 17 | 18 |
| 18 CertDatabase::CertDatabase() | 19 CertDatabase::CertDatabase() |
| 19 : observer_list_(new ObserverListThreadSafe<Observer>) { | 20 : observer_list_(new ObserverListThreadSafe<Observer>) { |
| 20 } | 21 } |
| 21 | 22 |
| 22 CertDatabase::~CertDatabase() {} | 23 CertDatabase::~CertDatabase() {} |
| 23 | 24 |
| 25 // This method is used to check a client certificate before trying to |
| 26 // install it on the system, which will happen later by calling |
| 27 // AddUserCert() below. |
| 28 // |
| 29 // On the Linux/OpenSSL build, there is simply no system keystore, but |
| 30 // OpenSSLPrivateKeyStore() implements a small in-memory store for |
| 31 // (public/private) key pairs generated through keygen. |
| 32 // |
| 33 // Try to check for a private key in the in-memory store to check |
| 34 // for the case when the browser is trying to install a server-generated |
| 35 // certificate from a <keygen> exchange. |
| 24 int CertDatabase::CheckUserCert(X509Certificate* cert) { | 36 int CertDatabase::CheckUserCert(X509Certificate* cert) { |
| 25 if (!cert) | 37 if (!cert) |
| 26 return ERR_CERT_INVALID; | 38 return ERR_CERT_INVALID; |
| 27 if (cert->HasExpired()) | 39 if (cert->HasExpired()) |
| 28 return ERR_CERT_DATE_INVALID; | 40 return ERR_CERT_DATE_INVALID; |
| 29 | 41 |
| 30 if (!OpenSSLPrivateKeyStore::GetInstance()->FetchPrivateKey( | 42 // X509_PUBKEY_get() transfers ownership, not X509_get_X509_PUBKEY() |
| 31 X509_PUBKEY_get(X509_get_X509_PUBKEY(cert->os_cert_handle())))) | 43 crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> public_key( |
| 44 X509_PUBKEY_get(X509_get_X509_PUBKEY(cert->os_cert_handle()))); |
| 45 |
| 46 if (!OpenSSLPrivateKeyStore::HasPrivateKey(public_key.get())) |
| 32 return ERR_NO_PRIVATE_KEY_FOR_CERT; | 47 return ERR_NO_PRIVATE_KEY_FOR_CERT; |
| 33 | 48 |
| 34 return OK; | 49 return OK; |
| 35 } | 50 } |
| 36 | 51 |
| 37 int CertDatabase::AddUserCert(X509Certificate* cert) { | 52 int CertDatabase::AddUserCert(X509Certificate* cert) { |
| 53 // There is no certificate store on the Linux/OpenSSL build. |
| 38 NOTIMPLEMENTED(); | 54 NOTIMPLEMENTED(); |
| 39 return ERR_NOT_IMPLEMENTED; | 55 return ERR_NOT_IMPLEMENTED; |
| 40 } | 56 } |
| 41 | 57 |
| 42 } // namespace net | 58 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12220104:
Wire up SSL client authentication for OpenSSL/Android through the net/ stack (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master