net/cert/cert_database_win.cc

   1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/cert/cert_database.h"
   6
   7 #include <windows.h>
   8
   9 #include "base/observer_list_threadsafe.h"
  10 #include "crypto/wincrypt_shim.h"
  11 #include "net/base/net_errors.h"
  12 #include "net/cert/x509_certificate.h"
  13
  14 #pragma comment(lib, "crypt32.lib")
  15
  16 namespace net {
  17
  18 CertDatabase::CertDatabase()
  19     : observer_list_(new ObserverListThreadSafe<Observer>) {
  20 }
  21
  22 CertDatabase::~CertDatabase() {}
  23
  24 int CertDatabase::CheckUserCert(X509Certificate* cert) {
  25   if (!cert)
  26     return ERR_CERT_INVALID;
  27   if (cert->HasExpired())
  28     return ERR_CERT_DATE_INVALID;
  29
  30   // TODO(rsleevi): Should CRYPT_FIND_SILENT_KEYSET_FLAG be specified? A UI
  31   // may be shown here / this call may block.
  32   if (!CryptFindCertificateKeyProvInfo(cert->os_cert_handle(), 0, NULL))
  33     return ERR_NO_PRIVATE_KEY_FOR_CERT;
  34
  35   return OK;
  36 }
  37
  38 int CertDatabase::AddUserCert(X509Certificate* cert) {
  39   // TODO(rsleevi): Would it be more appropriate to have the CertDatabase take
  40   // construction parameters (Keychain filepath on Mac OS X, PKCS #11 slot on
  41   // NSS, and Store Type / Path) here? For now, certs will be stashed into the
  42   // user's personal store, which will not automatically mark them as trusted,
  43   // but will allow them to be used for client auth.
  44   HCERTSTORE cert_db = CertOpenSystemStore(NULL, L"MY");
  45   if (!cert_db)
  46     return ERR_ADD_USER_CERT_FAILED;
  47
  48   BOOL added = CertAddCertificateContextToStore(cert_db,
  49                                                 cert->os_cert_handle(),
  50                                                 CERT_STORE_ADD_USE_EXISTING,
  51                                                 NULL);
  52
  53   CertCloseStore(cert_db, 0);
  54
  55   if (!added)
  56     return ERR_ADD_USER_CERT_FAILED;
  57
  58   NotifyObserversOfCertAdded(cert);
  59   return OK;
  60 }
  61
  62 }  // namespace net