OLD | NEW |
| (Empty) |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/base/cert_test_util.h" | |
6 | |
7 #include "build/build_config.h" | |
8 | |
9 #if defined(USE_OPENSSL) | |
10 #include <openssl/err.h> | |
11 #include <openssl/x509v3.h> | |
12 #include "net/base/openssl_util.h" | |
13 #elif defined(USE_NSS) | |
14 #include <cert.h> | |
15 #include "base/nss_util.h" | |
16 #elif defined(OS_MACOSX) | |
17 #include <Security/Security.h> | |
18 #include "base/mac/scoped_cftyperef.h" | |
19 #endif | |
20 | |
21 #include "base/file_util.h" | |
22 #include "base/logging.h" | |
23 #include "base/path_service.h" | |
24 #include "net/base/x509_certificate.h" | |
25 | |
26 namespace net { | |
27 | |
28 #if defined(USE_OPENSSL) | |
29 X509Certificate* AddTemporaryRootCertToStore(X509* x509_cert) { | |
30 OpenSSLInitSingleton* openssl_init = GetOpenSSLInitSingleton(); | |
31 | |
32 if (!X509_STORE_add_cert(openssl_init->x509_store(), x509_cert)) { | |
33 unsigned long error_code = ERR_get_error(); | |
34 if (ERR_GET_LIB(error_code) != ERR_LIB_X509 || | |
35 ERR_GET_REASON(error_code) != X509_R_CERT_ALREADY_IN_HASH_TABLE) { | |
36 do { | |
37 LOG(ERROR) << "X509_STORE_add_cert error: " << error_code; | |
38 } while ((error_code = ERR_get_error()) != 0); | |
39 return NULL; | |
40 } | |
41 } | |
42 return X509Certificate::CreateFromHandle( | |
43 x509_cert, X509Certificate::SOURCE_LONE_CERT_IMPORT, | |
44 X509Certificate::OSCertHandles()); | |
45 } | |
46 | |
47 X509Certificate* LoadTemporaryRootCert(const FilePath& filename) { | |
48 EnsureOpenSSLInit(); | |
49 | |
50 std::string rawcert; | |
51 if (!file_util::ReadFileToString(filename, &rawcert)) { | |
52 LOG(ERROR) << "Can't load certificate " << filename.value(); | |
53 return NULL; | |
54 } | |
55 | |
56 ScopedSSL<BIO, BIO_free_all> cert_bio( | |
57 BIO_new_mem_buf(const_cast<char*>(rawcert.c_str()), | |
58 rawcert.length())); | |
59 if (!cert_bio.get()) { | |
60 LOG(ERROR) << "Can't create read-only BIO " << filename.value(); | |
61 return NULL; | |
62 } | |
63 | |
64 ScopedSSL<X509, X509_free> pem_cert(PEM_read_bio_X509(cert_bio.get(), | |
65 NULL, NULL, NULL)); | |
66 if (pem_cert.get()) | |
67 return AddTemporaryRootCertToStore(pem_cert.get()); | |
68 | |
69 // File does not contain PEM data, let's try DER. | |
70 const unsigned char* der_data = | |
71 reinterpret_cast<const unsigned char*>(rawcert.c_str()); | |
72 int der_length = rawcert.length(); | |
73 ScopedSSL<X509, X509_free> der_cert(d2i_X509(NULL, &der_data, der_length)); | |
74 if (der_cert.get()) | |
75 return AddTemporaryRootCertToStore(der_cert.get()); | |
76 | |
77 LOG(ERROR) << "Can't parse certificate " << filename.value(); | |
78 return NULL; | |
79 } | |
80 #elif defined(USE_NSS) | |
81 X509Certificate* LoadTemporaryRootCert(const FilePath& filename) { | |
82 base::EnsureNSSInit(); | |
83 | |
84 std::string rawcert; | |
85 if (!file_util::ReadFileToString(filename, &rawcert)) { | |
86 LOG(ERROR) << "Can't load certificate " << filename.value(); | |
87 return NULL; | |
88 } | |
89 | |
90 CERTCertificate *cert; | |
91 cert = CERT_DecodeCertFromPackage(const_cast<char *>(rawcert.c_str()), | |
92 rawcert.length()); | |
93 if (!cert) { | |
94 LOG(ERROR) << "Can't convert certificate " << filename.value(); | |
95 return NULL; | |
96 } | |
97 | |
98 // TODO(port): remove this const_cast after NSS 3.12.3 is released | |
99 CERTCertTrust trust; | |
100 int rv = CERT_DecodeTrustString(&trust, const_cast<char *>("TCu,Cu,Tu")); | |
101 if (rv != SECSuccess) { | |
102 LOG(ERROR) << "Can't decode trust string"; | |
103 CERT_DestroyCertificate(cert); | |
104 return NULL; | |
105 } | |
106 | |
107 rv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, &trust); | |
108 if (rv != SECSuccess) { | |
109 LOG(ERROR) << "Can't change trust for certificate " << filename.value(); | |
110 CERT_DestroyCertificate(cert); | |
111 return NULL; | |
112 } | |
113 | |
114 X509Certificate* result = X509Certificate::CreateFromHandle( | |
115 cert, | |
116 X509Certificate::SOURCE_LONE_CERT_IMPORT, | |
117 X509Certificate::OSCertHandles()); | |
118 CERT_DestroyCertificate(cert); | |
119 return result; | |
120 } | |
121 #endif | |
122 | |
123 #if defined(OS_MACOSX) | |
124 X509Certificate* LoadTemporaryRootCert(const FilePath& filename) { | |
125 std::string rawcert; | |
126 if (!file_util::ReadFileToString(filename, &rawcert)) { | |
127 LOG(ERROR) << "Can't load certificate " << filename.value(); | |
128 return NULL; | |
129 } | |
130 | |
131 CFDataRef pem = CFDataCreate(kCFAllocatorDefault, | |
132 reinterpret_cast<const UInt8*>(rawcert.data()), | |
133 static_cast<CFIndex>(rawcert.size())); | |
134 if (!pem) | |
135 return NULL; | |
136 base::mac::ScopedCFTypeRef<CFDataRef> scoped_pem(pem); | |
137 | |
138 SecExternalFormat input_format = kSecFormatUnknown; | |
139 SecExternalItemType item_type = kSecItemTypeUnknown; | |
140 CFArrayRef cert_array = NULL; | |
141 if (SecKeychainItemImport(pem, NULL, &input_format, &item_type, 0, NULL, NULL, | |
142 &cert_array)) | |
143 return NULL; | |
144 base::mac::ScopedCFTypeRef<CFArrayRef> scoped_cert_array(cert_array); | |
145 | |
146 if (!CFArrayGetCount(cert_array)) | |
147 return NULL; | |
148 | |
149 SecCertificateRef cert_ref = static_cast<SecCertificateRef>( | |
150 const_cast<void*>(CFArrayGetValueAtIndex(cert_array, 0))); | |
151 | |
152 return X509Certificate::CreateFromHandle(cert_ref, | |
153 X509Certificate::SOURCE_LONE_CERT_IMPORT, | |
154 X509Certificate::OSCertHandles()); | |
155 } | |
156 #endif | |
157 | |
158 } // namespace net | |
OLD | NEW |