OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/ssl_platform_key_mac.h" | 5 #include "net/ssl/ssl_platform_key_mac.h" |
6 | 6 |
7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
8 #include <CoreFoundation/CoreFoundation.h> | 8 #include <CoreFoundation/CoreFoundation.h> |
9 #include <Security/cssm.h> | 9 #include <Security/cssm.h> |
10 #include <Security/SecBase.h> | 10 #include <Security/SecBase.h> |
(...skipping 12 matching lines...) Expand all Loading... |
23 #include "base/mac/scoped_cftyperef.h" | 23 #include "base/mac/scoped_cftyperef.h" |
24 #include "base/macros.h" | 24 #include "base/macros.h" |
25 #include "base/memory/ptr_util.h" | 25 #include "base/memory/ptr_util.h" |
26 #include "base/memory/scoped_policy.h" | 26 #include "base/memory/scoped_policy.h" |
27 #include "base/numerics/safe_conversions.h" | 27 #include "base/numerics/safe_conversions.h" |
28 #include "base/synchronization/lock.h" | 28 #include "base/synchronization/lock.h" |
29 #include "crypto/mac_security_services_lock.h" | 29 #include "crypto/mac_security_services_lock.h" |
30 #include "crypto/openssl_util.h" | 30 #include "crypto/openssl_util.h" |
31 #include "net/base/net_errors.h" | 31 #include "net/base/net_errors.h" |
32 #include "net/cert/x509_certificate.h" | 32 #include "net/cert/x509_certificate.h" |
| 33 #include "net/cert/x509_util_mac.h" |
33 #include "net/ssl/ssl_platform_key.h" | 34 #include "net/ssl/ssl_platform_key.h" |
34 #include "net/ssl/ssl_platform_key_util.h" | 35 #include "net/ssl/ssl_platform_key_util.h" |
35 #include "net/ssl/ssl_private_key.h" | 36 #include "net/ssl/ssl_private_key.h" |
36 #include "net/ssl/threaded_ssl_private_key.h" | 37 #include "net/ssl/threaded_ssl_private_key.h" |
37 #include "third_party/boringssl/src/include/openssl/ecdsa.h" | 38 #include "third_party/boringssl/src/include/openssl/ecdsa.h" |
38 #include "third_party/boringssl/src/include/openssl/mem.h" | 39 #include "third_party/boringssl/src/include/openssl/mem.h" |
39 #include "third_party/boringssl/src/include/openssl/nid.h" | 40 #include "third_party/boringssl/src/include/openssl/nid.h" |
40 #include "third_party/boringssl/src/include/openssl/rsa.h" | 41 #include "third_party/boringssl/src/include/openssl/rsa.h" |
41 | 42 |
42 #if !defined(MAC_OS_X_VERSION_10_12) || \ | 43 #if !defined(MAC_OS_X_VERSION_10_12) || \ |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
77 }; | 78 }; |
78 | 79 |
79 // Looks up the private key for |certificate| in |keychain| and returns | 80 // Looks up the private key for |certificate| in |keychain| and returns |
80 // a SecKeyRef or nullptr on failure. The caller takes ownership of the | 81 // a SecKeyRef or nullptr on failure. The caller takes ownership of the |
81 // result. | 82 // result. |
82 SecKeyRef FetchSecKeyRefForCertificate(const X509Certificate* certificate, | 83 SecKeyRef FetchSecKeyRefForCertificate(const X509Certificate* certificate, |
83 SecKeychainRef keychain) { | 84 SecKeychainRef keychain) { |
84 OSStatus status; | 85 OSStatus status; |
85 base::ScopedCFTypeRef<SecIdentityRef> identity; | 86 base::ScopedCFTypeRef<SecIdentityRef> identity; |
86 { | 87 { |
| 88 base::ScopedCFTypeRef<SecCertificateRef> os_cert( |
| 89 x509_util::CreateSecCertificateFromX509Certificate(certificate)); |
| 90 if (!os_cert) |
| 91 return nullptr; |
87 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); | 92 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); |
88 status = SecIdentityCreateWithCertificate( | 93 status = SecIdentityCreateWithCertificate(keychain, os_cert.get(), |
89 keychain, certificate->os_cert_handle(), identity.InitializeInto()); | 94 identity.InitializeInto()); |
90 } | 95 } |
91 if (status != noErr) { | 96 if (status != noErr) { |
92 OSSTATUS_LOG(WARNING, status); | 97 OSSTATUS_LOG(WARNING, status); |
93 return nullptr; | 98 return nullptr; |
94 } | 99 } |
95 | 100 |
96 base::ScopedCFTypeRef<SecKeyRef> private_key; | 101 base::ScopedCFTypeRef<SecKeyRef> private_key; |
97 status = SecIdentityCopyPrivateKey(identity, private_key.InitializeInto()); | 102 status = SecIdentityCopyPrivateKey(identity, private_key.InitializeInto()); |
98 if (status != noErr) { | 103 if (status != noErr) { |
99 OSSTATUS_LOG(WARNING, status); | 104 OSSTATUS_LOG(WARNING, status); |
(...skipping 322 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
422 } | 427 } |
423 | 428 |
424 scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey( | 429 scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey( |
425 const X509Certificate* certificate) { | 430 const X509Certificate* certificate) { |
426 return FetchClientCertPrivateKeyFromKeychain(certificate, nullptr); | 431 return FetchClientCertPrivateKeyFromKeychain(certificate, nullptr); |
427 } | 432 } |
428 | 433 |
429 #pragma clang diagnostic pop // "-Wdeprecated-declarations" | 434 #pragma clang diagnostic pop // "-Wdeprecated-declarations" |
430 | 435 |
431 } // namespace net | 436 } // namespace net |
OLD | NEW |