| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "net/cert/cert_database.h" |
| |
| #include <openssl/x509.h> |
| |
| #include "base/logging.h" |
| #include "base/observer_list_threadsafe.h" |
| #include "crypto/openssl_util.h" |
| #include "net/base/crypto_module.h" |
| #include "net/base/net_errors.h" |
| #include "net/base/openssl_private_key_store.h" |
| #include "net/cert/x509_certificate.h" |
| |
| namespace net { |
| |
| CertDatabase::CertDatabase() |
| : observer_list_(new ObserverListThreadSafe<Observer>) { |
| } |
| |
| CertDatabase::~CertDatabase() {} |
| |
| // This method is used to check a client certificate before trying to |
| // install it on the system, which will happen later by calling |
| // AddUserCert() below. |
| // |
| // On the Linux/OpenSSL build, there is simply no system keystore, but |
| // OpenSSLPrivateKeyStore() implements a small in-memory store for |
| // (public/private) key pairs generated through keygen. |
| // |
| // Try to check for a private key in the in-memory store to check |
| // for the case when the browser is trying to install a server-generated |
| // certificate from a <keygen> exchange. |
| int CertDatabase::CheckUserCert(X509Certificate* cert) { |
| if (!cert) |
| return ERR_CERT_INVALID; |
| if (cert->HasExpired()) |
| return ERR_CERT_DATE_INVALID; |
| |
| // X509_PUBKEY_get() transfers ownership, not X509_get_X509_PUBKEY() |
| crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> public_key( |
| X509_PUBKEY_get(X509_get_X509_PUBKEY(cert->os_cert_handle()))); |
| |
| if (!OpenSSLPrivateKeyStore::HasPrivateKey(public_key.get())) |
| return ERR_NO_PRIVATE_KEY_FOR_CERT; |
| |
| return OK; |
| } |
| |
| int CertDatabase::AddUserCert(X509Certificate* cert) { |
| // There is no certificate store on the Linux/OpenSSL build. |
| NOTIMPLEMENTED(); |
| return ERR_NOT_IMPLEMENTED; |
| } |
| |
| } // namespace net |