1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/cert/cert_database.h" 6 7 #include <openssl/x509.h> 8 9 #include "base/logging.h" 10 #include "base/observer_list_threadsafe.h" 11 #include "crypto/openssl_util.h" 12 #include "net/base/crypto_module.h" 13 #include "net/base/net_errors.h" 14 #include "net/base/openssl_private_key_store.h" 15 #include "net/cert/x509_certificate.h" 16 17 namespace net { 18 19 CertDatabase::CertDatabase() 20 : observer_list_(new ObserverListThreadSafe<Observer>) { 21 } 22 23 CertDatabase::~CertDatabase() {} 24 25 // This method is used to check a client certificate before trying to 26 // install it on the system, which will happen later by calling 27 // AddUserCert() below. 28 // 29 // On the Linux/OpenSSL build, there is simply no system keystore, but 30 // OpenSSLPrivateKeyStore() implements a small in-memory store for 31 // (public/private) key pairs generated through keygen. 32 // 33 // Try to check for a private key in the in-memory store to check 34 // for the case when the browser is trying to install a server-generated 35 // certificate from a <keygen> exchange. 36 int CertDatabase::CheckUserCert(X509Certificate* cert) { 37 if (!cert) 38 return ERR_CERT_INVALID; 39 if (cert->HasExpired()) 40 return ERR_CERT_DATE_INVALID; 41 42 // X509_PUBKEY_get() transfers ownership, not X509_get_X509_PUBKEY() 43 crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> public_key( 44 X509_PUBKEY_get(X509_get_X509_PUBKEY(cert->os_cert_handle()))); 45 46 if (!OpenSSLPrivateKeyStore::HasPrivateKey(public_key.get())) 47 return ERR_NO_PRIVATE_KEY_FOR_CERT; 48 49 return OK; 50 } 51 52 int CertDatabase::AddUserCert(X509Certificate* cert) { 53 // There is no certificate store on the Linux/OpenSSL build. 54 NOTIMPLEMENTED(); 55 return ERR_NOT_IMPLEMENTED; 56 } 57 58 } // namespace net 59
