| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <cryptohi.h> | 8 #include <cryptohi.h> |
| 9 #include <keyhi.h> | 9 #include <keyhi.h> |
| 10 #include <nss.h> | 10 #include <nss.h> |
| (...skipping 674 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 685 // Sign the ASN1 encoded cert and save it to |result|. | 685 // Sign the ASN1 encoded cert and save it to |result|. |
| 686 rv = SEC_DerSignData(arena, result, der.data, der.len, key->key(), algo_id); | 686 rv = SEC_DerSignData(arena, result, der.data, der.len, key->key(), algo_id); |
| 687 if (rv != SECSuccess) { | 687 if (rv != SECSuccess) { |
| 688 CERT_DestroyCertificate(cert); | 688 CERT_DestroyCertificate(cert); |
| 689 return NULL; | 689 return NULL; |
| 690 } | 690 } |
| 691 | 691 |
| 692 // Save the signed result to the cert. | 692 // Save the signed result to the cert. |
| 693 cert->derCert = *result; | 693 cert->derCert = *result; |
| 694 | 694 |
| 695 X509Certificate* x509_cert = | 695 X509Certificate* x509_cert = CreateFromHandle(cert, OSCertHandles()); |
| 696 CreateFromHandle(cert, SOURCE_LONE_CERT_IMPORT, OSCertHandles()); | |
| 697 CERT_DestroyCertificate(cert); | 696 CERT_DestroyCertificate(cert); |
| 698 return x509_cert; | 697 return x509_cert; |
| 699 } | 698 } |
| 700 | 699 |
| 701 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { | 700 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { |
| 702 dns_names->clear(); | 701 dns_names->clear(); |
| 703 | 702 |
| 704 // Compare with CERT_VerifyCertName(). | 703 // Compare with CERT_VerifyCertName(). |
| 705 GetCertSubjectAltNamesOfType(cert_handle_, certDNSName, dns_names); | 704 GetCertSubjectAltNamesOfType(cert_handle_, certDNSName, dns_names); |
| 706 | 705 |
| 707 if (dns_names->empty()) | 706 if (dns_names->empty()) |
| 708 dns_names->push_back(subject_.common_name); | 707 dns_names->push_back(subject_.common_name); |
| 709 } | 708 } |
| 710 | 709 |
| 710 X509Certificate::OSCertListHandle |
| 711 X509Certificate::CreateOSCertListHandle() const { |
| 712 return CERT_DupCertificate(cert_handle_); |
| 713 } |
| 714 |
| 711 int X509Certificate::Verify(const std::string& hostname, | 715 int X509Certificate::Verify(const std::string& hostname, |
| 712 int flags, | 716 int flags, |
| 713 CertVerifyResult* verify_result) const { | 717 CertVerifyResult* verify_result) const { |
| 714 verify_result->Reset(); | 718 verify_result->Reset(); |
| 715 | 719 |
| 716 // Make sure that the hostname matches with the common name of the cert. | 720 // Make sure that the hostname matches with the common name of the cert. |
| 717 SECStatus status = CERT_VerifyCertName(cert_handle_, hostname.c_str()); | 721 SECStatus status = CERT_VerifyCertName(cert_handle_, hostname.c_str()); |
| 718 if (status != SECSuccess) | 722 if (status != SECSuccess) |
| 719 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; | 723 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; |
| 720 | 724 |
| (...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 895 OSCertHandle cert_handle) { | 899 OSCertHandle cert_handle) { |
| 896 return CERT_DupCertificate(cert_handle); | 900 return CERT_DupCertificate(cert_handle); |
| 897 } | 901 } |
| 898 | 902 |
| 899 // static | 903 // static |
| 900 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { | 904 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { |
| 901 CERT_DestroyCertificate(cert_handle); | 905 CERT_DestroyCertificate(cert_handle); |
| 902 } | 906 } |
| 903 | 907 |
| 904 // static | 908 // static |
| 909 void X509Certificate::FreeOSCertListHandle(OSCertListHandle cert_list) { |
| 910 CERT_DestroyCertificate(cert_list); |
| 911 } |
| 912 |
| 913 // static |
| 905 SHA1Fingerprint X509Certificate::CalculateFingerprint( | 914 SHA1Fingerprint X509Certificate::CalculateFingerprint( |
| 906 OSCertHandle cert) { | 915 OSCertHandle cert) { |
| 907 SHA1Fingerprint sha1; | 916 SHA1Fingerprint sha1; |
| 908 memset(sha1.data, 0, sizeof(sha1.data)); | 917 memset(sha1.data, 0, sizeof(sha1.data)); |
| 909 | 918 |
| 910 DCHECK(NULL != cert->derCert.data); | 919 DCHECK(NULL != cert->derCert.data); |
| 911 DCHECK(0 != cert->derCert.len); | 920 DCHECK(0 != cert->derCert.len); |
| 912 | 921 |
| 913 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data, | 922 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data, |
| 914 cert->derCert.data, cert->derCert.len); | 923 cert->derCert.data, cert->derCert.len); |
| (...skipping 16 matching lines...) Expand all Loading... |
| 931 | 940 |
| 932 // static | 941 // static |
| 933 bool X509Certificate::WriteCertHandleToPickle(OSCertHandle cert_handle, | 942 bool X509Certificate::WriteCertHandleToPickle(OSCertHandle cert_handle, |
| 934 Pickle* pickle) { | 943 Pickle* pickle) { |
| 935 return pickle->WriteData( | 944 return pickle->WriteData( |
| 936 reinterpret_cast<const char*>(cert_handle->derCert.data), | 945 reinterpret_cast<const char*>(cert_handle->derCert.data), |
| 937 cert_handle->derCert.len); | 946 cert_handle->derCert.len); |
| 938 } | 947 } |
| 939 | 948 |
| 940 } // namespace net | 949 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2944008:
Refactor X509Certificate caching to cache the OS handle, rather than the X509Certificate (Closed)
