cert_database_win.cc revision ddb351dbec246cf1fab5ec20d2d5520909041de1
1ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block// Copyright (c) 2010 The Chromium Authors. All rights reserved. 2ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block// Use of this source code is governed by a BSD-style license that can be 3ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block// found in the LICENSE file. 4ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block 5ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block#include "net/base/cert_database.h" 6ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block 7ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block#include <windows.h> 8ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block#include <wincrypt.h> 9ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block#pragma comment(lib, "crypt32.lib") 10ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block 11ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block#include "net/base/net_errors.h" 12ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block#include "net/base/x509_certificate.h" 13ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block 14ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Blocknamespace net { 15ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block 16ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve BlockCertDatabase::CertDatabase() { 17ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block} 18ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block 19ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Blockint CertDatabase::CheckUserCert(X509Certificate* cert) { 20ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block if (!cert) 21ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block return ERR_CERT_INVALID; 22ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block if (cert->HasExpired()) 23ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block return ERR_CERT_DATE_INVALID; 24ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block 25ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block // TODO(rsleevi): Should CRYPT_FIND_SILENT_KEYSET_FLAG be specified? A UI 26ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block // may be shown here / this call may block. 27ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block if (!CryptFindCertificateKeyProvInfo(cert->os_cert_handle(), 0, NULL)) 28ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block return ERR_NO_PRIVATE_KEY_FOR_CERT; 29ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block 30ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block return OK; 31ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block} 32ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block 33ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Blockint CertDatabase::AddUserCert(X509Certificate* cert) { 34ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block // TODO(rsleevi): Would it be more appropriate to have the CertDatabase take 35ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block // construction parameters (Keychain filepath on Mac OS X, PKCS #11 slot on 36ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block // NSS, and Store Type / Path) here? For now, certs will be stashed into the 37ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block // user's personal store, which will not automatically mark them as trusted, 38ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block // but will allow them to be used for client auth. 39ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block HCERTSTORE cert_db = CertOpenSystemStore(NULL, L"MY"); 40ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block if (!cert_db) 41ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block return ERR_ADD_USER_CERT_FAILED; 42ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block 43ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block BOOL added = CertAddCertificateContextToStore(cert_db, 44ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block cert->os_cert_handle(), 45ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block CERT_STORE_ADD_USE_EXISTING, 46ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block NULL); 47ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block 48ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block CertCloseStore(cert_db, 0); 49ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block 50ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block if (!added) 51ba620218cbf8e0ef4bcfd3055357e6fac2ac1507Steve Block return ERR_ADD_USER_CERT_FAILED; 52 53 CertDatabase::NotifyObserversOfUserCertAdded(cert); 54 return OK; 55} 56 57} // namespace net 58