summaryrefslogtreecommitdiff
path: root/chromium/net/cert/cert_database_openssl.cc
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/net/cert/cert_database_openssl.cc')
-rw-r--r--chromium/net/cert/cert_database_openssl.cc58
1 files changed, 58 insertions, 0 deletions
diff --git a/chromium/net/cert/cert_database_openssl.cc b/chromium/net/cert/cert_database_openssl.cc
new file mode 100644
index 00000000000..23b64cc256f
--- /dev/null
+++ b/chromium/net/cert/cert_database_openssl.cc
@@ -0,0 +1,58 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/cert_database.h"
+
+#include <openssl/x509.h>
+
+#include "base/logging.h"
+#include "base/observer_list_threadsafe.h"
+#include "crypto/openssl_util.h"
+#include "net/base/crypto_module.h"
+#include "net/base/net_errors.h"
+#include "net/base/openssl_private_key_store.h"
+#include "net/cert/x509_certificate.h"
+
+namespace net {
+
+CertDatabase::CertDatabase()
+ : observer_list_(new ObserverListThreadSafe<Observer>) {
+}
+
+CertDatabase::~CertDatabase() {}
+
+// This method is used to check a client certificate before trying to
+// install it on the system, which will happen later by calling
+// AddUserCert() below.
+//
+// On the Linux/OpenSSL build, there is simply no system keystore, but
+// OpenSSLPrivateKeyStore() implements a small in-memory store for
+// (public/private) key pairs generated through keygen.
+//
+// Try to check for a private key in the in-memory store to check
+// for the case when the browser is trying to install a server-generated
+// certificate from a <keygen> exchange.
+int CertDatabase::CheckUserCert(X509Certificate* cert) {
+ if (!cert)
+ return ERR_CERT_INVALID;
+ if (cert->HasExpired())
+ return ERR_CERT_DATE_INVALID;
+
+ // X509_PUBKEY_get() transfers ownership, not X509_get_X509_PUBKEY()
+ crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> public_key(
+ X509_PUBKEY_get(X509_get_X509_PUBKEY(cert->os_cert_handle())));
+
+ if (!OpenSSLPrivateKeyStore::HasPrivateKey(public_key.get()))
+ return ERR_NO_PRIVATE_KEY_FOR_CERT;
+
+ return OK;
+}
+
+int CertDatabase::AddUserCert(X509Certificate* cert) {
+ // There is no certificate store on the Linux/OpenSSL build.
+ NOTIMPLEMENTED();
+ return ERR_NOT_IMPLEMENTED;
+}
+
+} // namespace net
View Lorry Controller Status