| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <openssl/asn1.h> | 7 #include <openssl/asn1.h> |
| 8 #include <openssl/crypto.h> | 8 #include <openssl/crypto.h> |
| 9 #include <openssl/obj_mac.h> | 9 #include <openssl/obj_mac.h> |
| 10 #include <openssl/pem.h> | 10 #include <openssl/pem.h> |
| (...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 300 } | 300 } |
| 301 | 301 |
| 302 // static | 302 // static |
| 303 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { | 303 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { |
| 304 // Decrement the ref-count for the cert and, if all references are gone, | 304 // Decrement the ref-count for the cert and, if all references are gone, |
| 305 // free the memory and any application-specific data associated with the | 305 // free the memory and any application-specific data associated with the |
| 306 // certificate. | 306 // certificate. |
| 307 X509_free(cert_handle); | 307 X509_free(cert_handle); |
| 308 } | 308 } |
| 309 | 309 |
| 310 // static |
| 311 void X509Certificate::FreeOSCertListHandle(OSCertListHandle cert_list) { |
| 312 sk_X509_pop_free(cert_list, X509_free); |
| 313 } |
| 314 |
| 310 void X509Certificate::Initialize() { | 315 void X509Certificate::Initialize() { |
| 311 base::EnsureOpenSSLInit(); | 316 base::EnsureOpenSSLInit(); |
| 312 fingerprint_ = CalculateFingerprint(cert_handle_); | 317 fingerprint_ = CalculateFingerprint(cert_handle_); |
| 313 ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_); | 318 ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_); |
| 314 ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), &issuer_); | 319 ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), &issuer_); |
| 315 nxou::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_); | 320 nxou::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_); |
| 316 nxou::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_); | 321 nxou::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_); |
| 317 } | 322 } |
| 318 | 323 |
| 319 // static | 324 // static |
| (...skipping 26 matching lines...) Expand all Loading... |
| 346 Pickle* pickle) { | 351 Pickle* pickle) { |
| 347 DERCache der_cache; | 352 DERCache der_cache; |
| 348 if (!GetDERAndCacheIfNeeded(cert_handle_, &der_cache)) | 353 if (!GetDERAndCacheIfNeeded(cert_handle_, &der_cache)) |
| 349 return; | 354 return; |
| 350 | 355 |
| 351 return pickle->WriteData( | 356 return pickle->WriteData( |
| 352 reinterpret_cast<const char*>(der_cache.data), | 357 reinterpret_cast<const char*>(der_cache.data), |
| 353 der_cache.data_length); | 358 der_cache.data_length); |
| 354 } | 359 } |
| 355 | 360 |
| 361 X509Certificate::OSCertListHandle |
| 362 X509Certificate::CreateOSCertListHandle() const { |
| 363 STACK_OF(X509)* cert_list_handle = sk_X509_new_null(); |
| 364 if (!cert_list_handle) |
| 365 return NULL; |
| 366 |
| 367 if (!sk_X509_push(cert_list_handle, DupOSCertHandle(cert_handle_))) { |
| 368 FreeOSCertListHandle(cert_list_handle); |
| 369 return NULL; |
| 370 } |
| 371 |
| 372 bool ok = true; |
| 373 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { |
| 374 if (!sk_X509_push(cert_list_handle, |
| 375 DupOSCertHandle(intermediate_ca_certs_[i]))) { |
| 376 ok = false; |
| 377 break; |
| 378 } |
| 379 } |
| 380 if (!ok) { |
| 381 FreeOSCertListHandle(cert_list_handle); |
| 382 return NULL; |
| 383 } |
| 384 |
| 385 return cert_list_handle; |
| 386 } |
| 356 | 387 |
| 357 // static | 388 // static |
| 358 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( | 389 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( |
| 359 const char* data, int length) { | 390 const char* data, int length) { |
| 360 if (length < 0) | 391 if (length < 0) |
| 361 return NULL; | 392 return NULL; |
| 362 base::EnsureOpenSSLInit(); | 393 base::EnsureOpenSSLInit(); |
| 363 const unsigned char* d2i_data = | 394 const unsigned char* d2i_data = |
| 364 reinterpret_cast<const unsigned char*>(data); | 395 reinterpret_cast<const unsigned char*>(data); |
| 365 // Don't cache this data via SetDERCache as this wire format may be not be | 396 // Don't cache this data via SetDERCache as this wire format may be not be |
| (...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 483 // cache the DER (if not already cached via X509_set_ex_data). | 514 // cache the DER (if not already cached via X509_set_ex_data). |
| 484 DERCache der_cache_a, der_cache_b; | 515 DERCache der_cache_a, der_cache_b; |
| 485 | 516 |
| 486 return GetDERAndCacheIfNeeded(a, &der_cache_a) && | 517 return GetDERAndCacheIfNeeded(a, &der_cache_a) && |
| 487 GetDERAndCacheIfNeeded(b, &der_cache_b) && | 518 GetDERAndCacheIfNeeded(b, &der_cache_b) && |
| 488 der_cache_a.data_length == der_cache_b.data_length && | 519 der_cache_a.data_length == der_cache_b.data_length && |
| 489 memcmp(der_cache_a.data, der_cache_b.data, der_cache_a.data_length) == 0; | 520 memcmp(der_cache_a.data, der_cache_b.data, der_cache_a.data_length) == 0; |
| 490 } | 521 } |
| 491 | 522 |
| 492 } // namespace net | 523 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2944008:
Refactor X509Certificate caching to cache the OS handle, rather than the X509Certificate (Closed)
