OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
8 #include <CoreServices/CoreServices.h> | 8 #include <CoreServices/CoreServices.h> |
9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
10 #include <time.h> | 10 #include <time.h> |
(...skipping 724 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
735 SecCertificateRef certificate_ref = NULL; | 735 SecCertificateRef certificate_ref = NULL; |
736 OSStatus os_status = | 736 OSStatus os_status = |
737 SecCertificateCreateFromData(&encCert->CertBlob, encCert->CertType, | 737 SecCertificateCreateFromData(&encCert->CertBlob, encCert->CertType, |
738 encCert->CertEncoding, &certificate_ref); | 738 encCert->CertEncoding, &certificate_ref); |
739 if (os_status != 0) { | 739 if (os_status != 0) { |
740 DLOG(ERROR) << "SecCertificateCreateFromData failed: " << os_status; | 740 DLOG(ERROR) << "SecCertificateCreateFromData failed: " << os_status; |
741 return NULL; | 741 return NULL; |
742 } | 742 } |
743 scoped_cert.reset(certificate_ref); | 743 scoped_cert.reset(certificate_ref); |
744 | 744 |
745 return CreateFromHandle( | 745 return CreateFromHandle(scoped_cert, X509Certificate::OSCertHandles()); |
746 scoped_cert, X509Certificate::SOURCE_LONE_CERT_IMPORT, | |
747 X509Certificate::OSCertHandles()); | |
748 } | 746 } |
749 | 747 |
750 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { | 748 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { |
751 dns_names->clear(); | 749 dns_names->clear(); |
752 | 750 |
753 GetCertGeneralNamesForOID(cert_handle_, CSSMOID_SubjectAltName, GNT_DNSName, | 751 GetCertGeneralNamesForOID(cert_handle_, CSSMOID_SubjectAltName, GNT_DNSName, |
754 dns_names); | 752 dns_names); |
755 | 753 |
756 if (dns_names->empty()) | 754 if (dns_names->empty()) |
757 dns_names->push_back(subject_.common_name); | 755 dns_names->push_back(subject_.common_name); |
(...skipping 384 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1142 return false; | 1140 return false; |
1143 ScopedCFTypeRef<CFArrayRef> scoped_cert_chain(cert_chain); | 1141 ScopedCFTypeRef<CFArrayRef> scoped_cert_chain(cert_chain); |
1144 | 1142 |
1145 // Check all the certs in the chain for a match. | 1143 // Check all the certs in the chain for a match. |
1146 int n = CFArrayGetCount(cert_chain); | 1144 int n = CFArrayGetCount(cert_chain); |
1147 for (int i = 0; i < n; ++i) { | 1145 for (int i = 0; i < n; ++i) { |
1148 SecCertificateRef cert_handle = reinterpret_cast<SecCertificateRef>( | 1146 SecCertificateRef cert_handle = reinterpret_cast<SecCertificateRef>( |
1149 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i))); | 1147 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i))); |
1150 scoped_refptr<X509Certificate> cert(X509Certificate::CreateFromHandle( | 1148 scoped_refptr<X509Certificate> cert(X509Certificate::CreateFromHandle( |
1151 cert_handle, | 1149 cert_handle, |
1152 X509Certificate::SOURCE_LONE_CERT_IMPORT, | |
1153 X509Certificate::OSCertHandles())); | 1150 X509Certificate::OSCertHandles())); |
wtc
2011/07/17 01:55:32
Move this to the previous line.
| |
1154 for (unsigned j = 0; j < valid_issuers.size(); j++) { | 1151 for (unsigned j = 0; j < valid_issuers.size(); j++) { |
1155 if (cert->issuer().Matches(valid_issuers[j])) | 1152 if (cert->issuer().Matches(valid_issuers[j])) |
1156 return true; | 1153 return true; |
1157 } | 1154 } |
1158 } | 1155 } |
1159 return false; | 1156 return false; |
1160 } | 1157 } |
1161 | 1158 |
1162 // static | 1159 // static |
1163 OSStatus X509Certificate::CreateSSLClientPolicy(SecPolicyRef* policy) { | 1160 OSStatus X509Certificate::CreateSSLClientPolicy(SecPolicyRef* policy) { |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1283 break; | 1280 break; |
1284 ScopedCFTypeRef<SecIdentityRef> scoped_identity(identity); | 1281 ScopedCFTypeRef<SecIdentityRef> scoped_identity(identity); |
1285 | 1282 |
1286 SecCertificateRef cert_handle; | 1283 SecCertificateRef cert_handle; |
1287 err = SecIdentityCopyCertificate(identity, &cert_handle); | 1284 err = SecIdentityCopyCertificate(identity, &cert_handle); |
1288 if (err != noErr) | 1285 if (err != noErr) |
1289 continue; | 1286 continue; |
1290 ScopedCFTypeRef<SecCertificateRef> scoped_cert_handle(cert_handle); | 1287 ScopedCFTypeRef<SecCertificateRef> scoped_cert_handle(cert_handle); |
1291 | 1288 |
1292 scoped_refptr<X509Certificate> cert( | 1289 scoped_refptr<X509Certificate> cert( |
1293 CreateFromHandle(cert_handle, SOURCE_LONE_CERT_IMPORT, | 1290 CreateFromHandle(cert_handle, OSCertHandles())); |
1294 OSCertHandles())); | |
1295 if (cert->HasExpired() || !cert->SupportsSSLClientAuth()) | 1291 if (cert->HasExpired() || !cert->SupportsSSLClientAuth()) |
1296 continue; | 1292 continue; |
1297 | 1293 |
1298 // Skip duplicates (a cert may be in multiple keychains). | 1294 // Skip duplicates (a cert may be in multiple keychains). |
1299 const SHA1Fingerprint& fingerprint = cert->fingerprint(); | 1295 const SHA1Fingerprint& fingerprint = cert->fingerprint(); |
1300 unsigned i; | 1296 unsigned i; |
1301 for (i = 0; i < certs->size(); ++i) { | 1297 for (i = 0; i < certs->size(); ++i) { |
1302 if ((*certs)[i]->fingerprint().Equals(fingerprint)) | 1298 if ((*certs)[i]->fingerprint().Equals(fingerprint)) |
1303 break; | 1299 break; |
1304 } | 1300 } |
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1383 CSSM_DATA cert_data; | 1379 CSSM_DATA cert_data; |
1384 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); | 1380 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); |
1385 if (status) | 1381 if (status) |
1386 return false; | 1382 return false; |
1387 | 1383 |
1388 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), | 1384 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), |
1389 cert_data.Length); | 1385 cert_data.Length); |
1390 } | 1386 } |
1391 | 1387 |
1392 } // namespace net | 1388 } // namespace net |
OLD | NEW |