OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include <openssl/asn1.h> | 7 #include <openssl/asn1.h> |
8 #include <openssl/crypto.h> | 8 #include <openssl/crypto.h> |
9 #include <openssl/obj_mac.h> | 9 #include <openssl/obj_mac.h> |
10 #include <openssl/pem.h> | 10 #include <openssl/pem.h> |
(...skipping 198 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
209 static X509InitSingleton* GetInstance() { | 209 static X509InitSingleton* GetInstance() { |
210 // We allow the X509 store to leak, because it is used from a non-joinable | 210 // We allow the X509 store to leak, because it is used from a non-joinable |
211 // worker that is not stopped on shutdown, hence may still be using | 211 // worker that is not stopped on shutdown, hence may still be using |
212 // OpenSSL library after the AtExit runner has completed. | 212 // OpenSSL library after the AtExit runner has completed. |
213 return Singleton<X509InitSingleton, | 213 return Singleton<X509InitSingleton, |
214 LeakySingletonTraits<X509InitSingleton> >::get(); | 214 LeakySingletonTraits<X509InitSingleton> >::get(); |
215 } | 215 } |
216 int der_cache_ex_index() const { return der_cache_ex_index_; } | 216 int der_cache_ex_index() const { return der_cache_ex_index_; } |
217 X509_STORE* store() const { return store_.get(); } | 217 X509_STORE* store() const { return store_.get(); } |
218 | 218 |
219 private: | 219 void ResetCertStore() { |
220 friend struct DefaultSingletonTraits<X509InitSingleton>; | 220 store_.reset(X509_STORE_new()); |
221 X509InitSingleton() | 221 DCHECK(store_.get()); |
222 : der_cache_ex_index_((base::EnsureOpenSSLInit(), | |
223 X509_get_ex_new_index(0, 0, 0, 0, | |
224 DERCache_free))), | |
225 store_(X509_STORE_new()) { | |
226 DCHECK_NE(der_cache_ex_index_, -1); | |
227 X509_STORE_set_default_paths(store_.get()); | 222 X509_STORE_set_default_paths(store_.get()); |
228 // TODO(joth): Enable CRL (see X509_STORE_set_flags(X509_V_FLAG_CRL_CHECK)). | 223 // TODO(joth): Enable CRL (see X509_STORE_set_flags(X509_V_FLAG_CRL_CHECK)). |
229 } | 224 } |
230 | 225 |
| 226 private: |
| 227 friend struct DefaultSingletonTraits<X509InitSingleton>; |
| 228 X509InitSingleton() { |
| 229 base::EnsureOpenSSLInit(); |
| 230 der_cache_ex_index_ = X509_get_ex_new_index(0, 0, 0, 0, DERCache_free); |
| 231 DCHECK_NE(der_cache_ex_index_, -1); |
| 232 ResetCertStore(); |
| 233 } |
| 234 |
231 int der_cache_ex_index_; | 235 int der_cache_ex_index_; |
232 base::ScopedOpenSSL<X509_STORE, X509_STORE_free> store_; | 236 base::ScopedOpenSSL<X509_STORE, X509_STORE_free> store_; |
233 | 237 |
234 DISALLOW_COPY_AND_ASSIGN(X509InitSingleton); | 238 DISALLOW_COPY_AND_ASSIGN(X509InitSingleton); |
235 }; | 239 }; |
236 | 240 |
237 // Takes ownership of |data| (which must have been allocated by OpenSSL). | 241 // Takes ownership of |data| (which must have been allocated by OpenSSL). |
238 DERCache* SetDERCache(X509Certificate::OSCertHandle cert, | 242 DERCache* SetDERCache(X509Certificate::OSCertHandle cert, |
239 int x509_der_cache_index, | 243 int x509_der_cache_index, |
240 unsigned char* data, | 244 unsigned char* data, |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
305 | 309 |
306 void X509Certificate::Initialize() { | 310 void X509Certificate::Initialize() { |
307 base::EnsureOpenSSLInit(); | 311 base::EnsureOpenSSLInit(); |
308 fingerprint_ = CalculateFingerprint(cert_handle_); | 312 fingerprint_ = CalculateFingerprint(cert_handle_); |
309 ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_); | 313 ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_); |
310 ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), &issuer_); | 314 ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), &issuer_); |
311 nxou::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_); | 315 nxou::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_); |
312 nxou::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_); | 316 nxou::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_); |
313 } | 317 } |
314 | 318 |
| 319 // static |
| 320 void X509Certificate::ResetCertStore() { |
| 321 X509InitSingleton::Get()->ResetCertStore(); |
| 322 } |
| 323 |
315 SHA1Fingerprint X509Certificate::CalculateFingerprint(OSCertHandle cert) { | 324 SHA1Fingerprint X509Certificate::CalculateFingerprint(OSCertHandle cert) { |
316 SHA1Fingerprint sha1; | 325 SHA1Fingerprint sha1; |
317 unsigned int sha1_size = static_cast<unsigned int>(sizeof(sha1.data)); | 326 unsigned int sha1_size = static_cast<unsigned int>(sizeof(sha1.data)); |
318 int ret = X509_digest(cert, EVP_sha1(), sha1.data, &sha1_size); | 327 int ret = X509_digest(cert, EVP_sha1(), sha1.data, &sha1_size); |
319 CHECK(ret); | 328 CHECK(ret); |
320 CHECK_EQ(sha1_size, sizeof(sha1.data)); | 329 CHECK_EQ(sha1_size, sizeof(sha1.data)); |
321 return sha1; | 330 return sha1; |
322 } | 331 } |
323 | 332 |
324 // static | 333 // static |
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
455 // cache the DER (if not already cached via X509_set_ex_data). | 464 // cache the DER (if not already cached via X509_set_ex_data). |
456 DERCache der_cache_a, der_cache_b; | 465 DERCache der_cache_a, der_cache_b; |
457 | 466 |
458 return GetDERAndCacheIfNeeded(a, &der_cache_a) && | 467 return GetDERAndCacheIfNeeded(a, &der_cache_a) && |
459 GetDERAndCacheIfNeeded(b, &der_cache_b) && | 468 GetDERAndCacheIfNeeded(b, &der_cache_b) && |
460 der_cache_a.data_length == der_cache_b.data_length && | 469 der_cache_a.data_length == der_cache_b.data_length && |
461 memcmp(der_cache_a.data, der_cache_b.data, der_cache_a.data_length) == 0; | 470 memcmp(der_cache_a.data, der_cache_b.data, der_cache_a.data_length) == 0; |
462 } | 471 } |
463 | 472 |
464 } // namespace net | 473 } // namespace net |
OLD | NEW |