net/base/cert_test_util.cc - Issue 4646001: Implement LoadTemporaryRoot for Windows

Side by Side Diff: net/base/cert_test_util.cc

Issue 4646001: Implement LoadTemporaryRoot for Windows (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/net/base

Patch Set: bulach and wtc feedback Created 10 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
	(Empty)
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "net/base/cert_test_util.h"

6

7 #include "build/build_config.h"

8

9 #if defined(USE_OPENSSL)

10 #include <openssl/err.h>

11 #include <openssl/x509v3.h>

12 #include "net/base/openssl_util.h"

13 #elif defined(USE_NSS)

14 #include <cert.h>

15 #include "base/nss_util.h"

16 #elif defined(OS_MACOSX)

17 #include <Security/Security.h>

18 #include "base/mac/scoped_cftyperef.h"

19 #endif

20

21 #include "base/file_util.h"

22 #include "base/logging.h"

23 #include "base/path_service.h"

24 #include "net/base/x509_certificate.h"

25

26 namespace net {

27

28 #if defined(USE_OPENSSL)

29 X509Certificate* AddTemporaryRootCertToStore(X509* x509_cert) {

30 OpenSSLInitSingleton* openssl_init = GetOpenSSLInitSingleton();

31

32 if (!X509_STORE_add_cert(openssl_init->x509_store(), x509_cert)) {

33 unsigned long error_code = ERR_get_error();

34 if (ERR_GET_LIB(error_code) != ERR_LIB_X509 \|\|

35 ERR_GET_REASON(error_code) != X509_R_CERT_ALREADY_IN_HASH_TABLE) {

36 do {

37 LOG(ERROR) << "X509_STORE_add_cert error: " << error_code;

38 } while ((error_code = ERR_get_error()) != 0);

39 return NULL;

40 }

41 }

42 return X509Certificate::CreateFromHandle(

43 x509_cert, X509Certificate::SOURCE_LONE_CERT_IMPORT,

44 X509Certificate::OSCertHandles());

45 }

46

47 X509Certificate* LoadTemporaryRootCert(const FilePath& filename) {

48 EnsureOpenSSLInit();

49

50 std::string rawcert;

51 if (!file_util::ReadFileToString(filename, &rawcert)) {

52 LOG(ERROR) << "Can't load certificate " << filename.value();

53 return NULL;

54 }

55

56 ScopedSSL<BIO, BIO_free_all> cert_bio(

57 BIO_new_mem_buf(const_cast<char*>(rawcert.c_str()),

58 rawcert.length()));

59 if (!cert_bio.get()) {

60 LOG(ERROR) << "Can't create read-only BIO " << filename.value();

61 return NULL;

62 }

63

64 ScopedSSL<X509, X509_free> pem_cert(PEM_read_bio_X509(cert_bio.get(),

65 NULL, NULL, NULL));

66 if (pem_cert.get())

67 return AddTemporaryRootCertToStore(pem_cert.get());

68

69 // File does not contain PEM data, let's try DER.

70 const unsigned char* der_data =

71 reinterpret_cast<const unsigned char*>(rawcert.c_str());

72 int der_length = rawcert.length();

73 ScopedSSL<X509, X509_free> der_cert(d2i_X509(NULL, &der_data, der_length));

74 if (der_cert.get())

75 return AddTemporaryRootCertToStore(der_cert.get());

76

77 LOG(ERROR) << "Can't parse certificate " << filename.value();

78 return NULL;

79 }

80 #elif defined(USE_NSS)

81 X509Certificate* LoadTemporaryRootCert(const FilePath& filename) {

82 base::EnsureNSSInit();

83

84 std::string rawcert;

85 if (!file_util::ReadFileToString(filename, &rawcert)) {

86 LOG(ERROR) << "Can't load certificate " << filename.value();

87 return NULL;

88 }

89

90 CERTCertificate *cert;

91 cert = CERT_DecodeCertFromPackage(const_cast<char *>(rawcert.c_str()),

92 rawcert.length());

93 if (!cert) {

94 LOG(ERROR) << "Can't convert certificate " << filename.value();

95 return NULL;

96 }

97

98 // TODO(port): remove this const_cast after NSS 3.12.3 is released

99 CERTCertTrust trust;

100 int rv = CERT_DecodeTrustString(&trust, const_cast<char *>("TCu,Cu,Tu"));

101 if (rv != SECSuccess) {

102 LOG(ERROR) << "Can't decode trust string";

103 CERT_DestroyCertificate(cert);

104 return NULL;

105 }

106

107 rv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, &trust);

108 if (rv != SECSuccess) {

109 LOG(ERROR) << "Can't change trust for certificate " << filename.value();

110 CERT_DestroyCertificate(cert);

111 return NULL;

112 }

113

114 X509Certificate* result = X509Certificate::CreateFromHandle(

115 cert,

116 X509Certificate::SOURCE_LONE_CERT_IMPORT,

117 X509Certificate::OSCertHandles());

118 CERT_DestroyCertificate(cert);

119 return result;

120 }

121 #endif

122

123 #if defined(OS_MACOSX)

124 X509Certificate* LoadTemporaryRootCert(const FilePath& filename) {

125 std::string rawcert;

126 if (!file_util::ReadFileToString(filename, &rawcert)) {

127 LOG(ERROR) << "Can't load certificate " << filename.value();

128 return NULL;

129 }

130

131 CFDataRef pem = CFDataCreate(kCFAllocatorDefault,

132 reinterpret_cast<const UInt8*>(rawcert.data()),

133 static_cast<CFIndex>(rawcert.size()));

134 if (!pem)

135 return NULL;

136 base::mac::ScopedCFTypeRef<CFDataRef> scoped_pem(pem);

137

138 SecExternalFormat input_format = kSecFormatUnknown;

139 SecExternalItemType item_type = kSecItemTypeUnknown;

140 CFArrayRef cert_array = NULL;

141 if (SecKeychainItemImport(pem, NULL, &input_format, &item_type, 0, NULL, NULL,

142 &cert_array))

143 return NULL;

144 base::mac::ScopedCFTypeRef<CFArrayRef> scoped_cert_array(cert_array);

145

146 if (!CFArrayGetCount(cert_array))

147 return NULL;

148

149 SecCertificateRef cert_ref = static_cast<SecCertificateRef>(

150 const_cast<void*>(CFArrayGetValueAtIndex(cert_array, 0)));

151

152 return X509Certificate::CreateFromHandle(cert_ref,

153 X509Certificate::SOURCE_LONE_CERT_IMPORT,

154 X509Certificate::OSCertHandles());

155 }

156 #endif

157

158 } // namespace net

OLD	NEW

« no previous file with comments | « net/base/cert_test_util.h ('k') | net/base/openssl_util.h » ('j') | net/base/openssl_util.h » ('J')