1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "net/cert/cert_database.h" 6 7#include <openssl/x509.h> 8 9#include "base/logging.h" 10#include "base/observer_list_threadsafe.h" 11#include "crypto/openssl_util.h" 12#include "net/base/crypto_module.h" 13#include "net/base/net_errors.h" 14#include "net/base/openssl_private_key_store.h" 15#include "net/cert/x509_certificate.h" 16 17namespace net { 18 19CertDatabase::CertDatabase() 20 : observer_list_(new ObserverListThreadSafe<Observer>) { 21} 22 23CertDatabase::~CertDatabase() {} 24 25// This method is used to check a client certificate before trying to 26// install it on the system, which will happen later by calling 27// AddUserCert() below. 28// 29// On the Linux/OpenSSL build, there is simply no system keystore, but 30// OpenSSLPrivateKeyStore() implements a small in-memory store for 31// (public/private) key pairs generated through keygen. 32// 33// Try to check for a private key in the in-memory store to check 34// for the case when the browser is trying to install a server-generated 35// certificate from a <keygen> exchange. 36int CertDatabase::CheckUserCert(X509Certificate* cert) { 37 if (!cert) 38 return ERR_CERT_INVALID; 39 if (cert->HasExpired()) 40 return ERR_CERT_DATE_INVALID; 41 42 // X509_PUBKEY_get() transfers ownership, not X509_get_X509_PUBKEY() 43 crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> public_key( 44 X509_PUBKEY_get(X509_get_X509_PUBKEY(cert->os_cert_handle()))); 45 46 if (!OpenSSLPrivateKeyStore::HasPrivateKey(public_key.get())) 47 return ERR_NO_PRIVATE_KEY_FOR_CERT; 48 49 return OK; 50} 51 52int CertDatabase::AddUserCert(X509Certificate* cert) { 53 // There is no certificate store on the Linux/OpenSSL build. 54 NOTIMPLEMENTED(); 55 return ERR_NOT_IMPLEMENTED; 56} 57 58} // namespace net 59