15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2010 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/cert_database.h" 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <windows.h> 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <wincrypt.h> 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#pragma comment(lib, "crypt32.lib") 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/observer_list_threadsafe.h" 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/net_errors.h" 13c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/x509_certificate.h" 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace net { 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)CertDatabase::CertDatabase() 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) : observer_list_(new ObserverListThreadSafe<Observer>) { 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)CertDatabase::~CertDatabase() {} 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int CertDatabase::CheckUserCert(X509Certificate* cert) { 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!cert) 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_CERT_INVALID; 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (cert->HasExpired()) 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_CERT_DATE_INVALID; 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // TODO(rsleevi): Should CRYPT_FIND_SILENT_KEYSET_FLAG be specified? A UI 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // may be shown here / this call may block. 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!CryptFindCertificateKeyProvInfo(cert->os_cert_handle(), 0, NULL)) 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_NO_PRIVATE_KEY_FOR_CERT; 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return OK; 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int CertDatabase::AddUserCert(X509Certificate* cert) { 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // TODO(rsleevi): Would it be more appropriate to have the CertDatabase take 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // construction parameters (Keychain filepath on Mac OS X, PKCS #11 slot on 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // NSS, and Store Type / Path) here? For now, certs will be stashed into the 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // user's personal store, which will not automatically mark them as trusted, 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // but will allow them to be used for client auth. 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HCERTSTORE cert_db = CertOpenSystemStore(NULL, L"MY"); 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!cert_db) 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_ADD_USER_CERT_FAILED; 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) BOOL added = CertAddCertificateContextToStore(cert_db, 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cert->os_cert_handle(), 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_STORE_ADD_USE_EXISTING, 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NULL); 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CertCloseStore(cert_db, 0); 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!added) 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_ADD_USER_CERT_FAILED; 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NotifyObserversOfCertAdded(cert); 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return OK; 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace net 62