OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include "base/lazy_instance.h" | |
8 #include "base/logging.h" | 7 #include "base/logging.h" |
9 #include "base/pickle.h" | 8 #include "base/pickle.h" |
10 #include "base/sha1.h" | 9 #include "base/sha1.h" |
11 #include "base/string_tokenizer.h" | 10 #include "base/string_tokenizer.h" |
12 #include "base/string_util.h" | 11 #include "base/string_util.h" |
13 #include "base/utf_string_conversions.h" | 12 #include "base/utf_string_conversions.h" |
14 #include "crypto/rsa_private_key.h" | 13 #include "crypto/rsa_private_key.h" |
15 #include "crypto/scoped_capi_types.h" | 14 #include "crypto/scoped_capi_types.h" |
16 #include "net/base/asn1_util.h" | 15 #include "net/base/asn1_util.h" |
17 #include "net/base/cert_status_flags.h" | 16 #include "net/base/cert_status_flags.h" |
(...skipping 580 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
598 | 597 |
599 PCCERT_CONTEXT cert_handle = | 598 PCCERT_CONTEXT cert_handle = |
600 CertCreateSelfSignCertificate(key->provider(), &subject_name, | 599 CertCreateSelfSignCertificate(key->provider(), &subject_name, |
601 CERT_CREATE_SELFSIGN_NO_KEY_INFO, NULL, | 600 CERT_CREATE_SELFSIGN_NO_KEY_INFO, NULL, |
602 &sign_algo, &start_time, &end_time, NULL); | 601 &sign_algo, &start_time, &end_time, NULL); |
603 DCHECK(cert_handle) << "Failed to create self-signed certificate: " | 602 DCHECK(cert_handle) << "Failed to create self-signed certificate: " |
604 << GetLastError(); | 603 << GetLastError(); |
605 if (!cert_handle) | 604 if (!cert_handle) |
606 return NULL; | 605 return NULL; |
607 | 606 |
608 X509Certificate* cert = CreateFromHandle(cert_handle, | 607 X509Certificate* cert = CreateFromHandle(cert_handle, OSCertHandles()); |
609 SOURCE_LONE_CERT_IMPORT, | |
610 OSCertHandles()); | |
611 FreeOSCertHandle(cert_handle); | 608 FreeOSCertHandle(cert_handle); |
612 return cert; | 609 return cert; |
613 } | 610 } |
614 | 611 |
615 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { | 612 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { |
616 dns_names->clear(); | 613 dns_names->clear(); |
617 if (cert_handle_) { | 614 if (cert_handle_) { |
618 scoped_ptr_malloc<CERT_ALT_NAME_INFO> alt_name_info; | 615 scoped_ptr_malloc<CERT_ALT_NAME_INFO> alt_name_info; |
619 GetCertSubjectAltName(cert_handle_, &alt_name_info); | 616 GetCertSubjectAltName(cert_handle_, &alt_name_info); |
620 CERT_ALT_NAME_INFO* alt_name = alt_name_info.get(); | 617 CERT_ALT_NAME_INFO* alt_name = alt_name_info.get(); |
621 if (alt_name) { | 618 if (alt_name) { |
622 int num_entries = alt_name->cAltEntry; | 619 int num_entries = alt_name->cAltEntry; |
623 for (int i = 0; i < num_entries; i++) { | 620 for (int i = 0; i < num_entries; i++) { |
624 // dNSName is an ASN.1 IA5String representing a string of ASCII | 621 // dNSName is an ASN.1 IA5String representing a string of ASCII |
625 // characters, so we can use WideToASCII here. | 622 // characters, so we can use WideToASCII here. |
626 if (alt_name->rgAltEntry[i].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME) | 623 if (alt_name->rgAltEntry[i].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME) |
627 dns_names->push_back( | 624 dns_names->push_back( |
628 WideToASCII(alt_name->rgAltEntry[i].pwszDNSName)); | 625 WideToASCII(alt_name->rgAltEntry[i].pwszDNSName)); |
629 } | 626 } |
630 } | 627 } |
631 } | 628 } |
632 if (dns_names->empty()) | 629 if (dns_names->empty()) |
633 dns_names->push_back(subject_.common_name); | 630 dns_names->push_back(subject_.common_name); |
634 } | 631 } |
635 | 632 |
636 class GlobalCertStore { | |
637 public: | |
638 HCERTSTORE cert_store() { | |
639 return cert_store_; | |
640 } | |
641 | |
642 private: | |
643 friend struct base::DefaultLazyInstanceTraits<GlobalCertStore>; | |
644 | |
645 GlobalCertStore() | |
646 : cert_store_(CertOpenStore(CERT_STORE_PROV_MEMORY, 0, NULL, 0, NULL)) { | |
647 } | |
648 | |
649 ~GlobalCertStore() { | |
650 CertCloseStore(cert_store_, 0 /* flags */); | |
651 } | |
652 | |
653 const HCERTSTORE cert_store_; | |
654 | |
655 DISALLOW_COPY_AND_ASSIGN(GlobalCertStore); | |
656 }; | |
657 | |
658 static base::LazyInstance<GlobalCertStore> g_cert_store( | |
659 base::LINKER_INITIALIZED); | |
660 | |
661 // static | |
662 HCERTSTORE X509Certificate::cert_store() { | |
663 return g_cert_store.Get().cert_store(); | |
664 } | |
665 | |
666 int X509Certificate::VerifyInternal(const std::string& hostname, | 633 int X509Certificate::VerifyInternal(const std::string& hostname, |
667 int flags, | 634 int flags, |
668 CertVerifyResult* verify_result) const { | 635 CertVerifyResult* verify_result) const { |
669 if (!cert_handle_) | 636 if (!cert_handle_) |
670 return ERR_UNEXPECTED; | 637 return ERR_UNEXPECTED; |
671 | 638 |
672 // Build and validate certificate chain. | 639 // Build and validate certificate chain. |
673 CERT_CHAIN_PARA chain_para; | 640 CERT_CHAIN_PARA chain_para; |
674 memset(&chain_para, 0, sizeof(chain_para)); | 641 memset(&chain_para, 0, sizeof(chain_para)); |
675 chain_para.cbSize = sizeof(chain_para); | 642 chain_para.cbSize = sizeof(chain_para); |
(...skipping 348 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1024 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0], | 991 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0], |
1025 &length)) { | 992 &length)) { |
1026 return false; | 993 return false; |
1027 } | 994 } |
1028 | 995 |
1029 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]), | 996 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]), |
1030 length); | 997 length); |
1031 } | 998 } |
1032 | 999 |
1033 } // namespace net | 1000 } // namespace net |
OLD | NEW |