OLD | NEW |
1 // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_cert_types.h" | 5 #include "net/base/x509_cert_types.h" |
6 | 6 |
7 #include <ostream> | |
8 | |
9 #include "net/base/x509_certificate.h" | 7 #include "net/base/x509_certificate.h" |
10 #include "base/logging.h" | 8 #include "base/logging.h" |
11 | 9 |
12 namespace net { | 10 namespace net { |
13 | 11 |
14 bool match(const std::string &str, const std::string &against) { | |
15 // TODO(snej): Use the full matching rules specified in RFC 5280 sec. 7.1 | |
16 // including trimming and case-folding: <http://www.ietf.org/rfc/rfc5280.txt>. | |
17 return against == str; | |
18 } | |
19 | |
20 bool match(const std::vector<std::string> &rdn1, | |
21 const std::vector<std::string> &rdn2) { | |
22 // "Two relative distinguished names RDN1 and RDN2 match if they have the | |
23 // same number of naming attributes and for each naming attribute in RDN1 | |
24 // there is a matching naming attribute in RDN2." --RFC 5280 sec. 7.1. | |
25 if (rdn1.size() != rdn2.size()) | |
26 return false; | |
27 for (unsigned i1 = 0; i1 < rdn1.size(); ++i1) { | |
28 unsigned i2; | |
29 for (i2 = 0; i2 < rdn2.size(); ++i2) { | |
30 if (match(rdn1[i1], rdn2[i2])) | |
31 break; | |
32 } | |
33 if (i2 == rdn2.size()) | |
34 return false; | |
35 } | |
36 return true; | |
37 } | |
38 | |
39 CertPrincipal::CertPrincipal() { | 12 CertPrincipal::CertPrincipal() { |
40 } | 13 } |
41 | 14 |
42 CertPrincipal::CertPrincipal(const std::string& name) : common_name(name) {} | 15 CertPrincipal::CertPrincipal(const std::string& name) : common_name(name) {} |
43 | 16 |
44 CertPrincipal::~CertPrincipal() { | 17 CertPrincipal::~CertPrincipal() { |
45 } | 18 } |
46 | 19 |
47 bool CertPrincipal::Matches(const CertPrincipal& against) const { | |
48 return match(common_name, against.common_name) && | |
49 match(common_name, against.common_name) && | |
50 match(locality_name, against.locality_name) && | |
51 match(state_or_province_name, against.state_or_province_name) && | |
52 match(country_name, against.country_name) && | |
53 match(street_addresses, against.street_addresses) && | |
54 match(organization_names, against.organization_names) && | |
55 match(organization_unit_names, against.organization_unit_names) && | |
56 match(domain_components, against.domain_components); | |
57 } | |
58 | |
59 std::string CertPrincipal::GetDisplayName() const { | 20 std::string CertPrincipal::GetDisplayName() const { |
60 if (!common_name.empty()) | 21 if (!common_name.empty()) |
61 return common_name; | 22 return common_name; |
62 if (!organization_names.empty()) | 23 if (!organization_names.empty()) |
63 return organization_names[0]; | 24 return organization_names[0]; |
64 if (!organization_unit_names.empty()) | 25 if (!organization_unit_names.empty()) |
65 return organization_unit_names[0]; | 26 return organization_unit_names[0]; |
66 | 27 |
67 return std::string(); | 28 return std::string(); |
68 } | 29 } |
69 | 30 |
70 std::ostream& operator<<(std::ostream& s, const CertPrincipal& p) { | |
71 s << "CertPrincipal["; | |
72 if (!p.common_name.empty()) | |
73 s << "cn=\"" << p.common_name << "\" "; | |
74 for (unsigned i = 0; i < p.street_addresses.size(); ++i) | |
75 s << "street=\"" << p.street_addresses[i] << "\" "; | |
76 if (!p.locality_name.empty()) | |
77 s << "l=\"" << p.locality_name << "\" "; | |
78 for (unsigned i = 0; i < p.organization_names.size(); ++i) | |
79 s << "o=\"" << p.organization_names[i] << "\" "; | |
80 for (unsigned i = 0; i < p.organization_unit_names.size(); ++i) | |
81 s << "ou=\"" << p.organization_unit_names[i] << "\" "; | |
82 if (!p.state_or_province_name.empty()) | |
83 s << "st=\"" << p.state_or_province_name << "\" "; | |
84 if (!p.country_name.empty()) | |
85 s << "c=\"" << p.country_name << "\" "; | |
86 for (unsigned i = 0; i < p.domain_components.size(); ++i) | |
87 s << "dc=\"" << p.domain_components[i] << "\" "; | |
88 return s << "]"; | |
89 } | |
90 | |
91 CertPolicy::CertPolicy() { | 31 CertPolicy::CertPolicy() { |
92 } | 32 } |
93 | 33 |
94 CertPolicy::~CertPolicy() { | 34 CertPolicy::~CertPolicy() { |
95 } | 35 } |
96 | 36 |
97 CertPolicy::Judgment CertPolicy::Check( | 37 CertPolicy::Judgment CertPolicy::Check( |
98 X509Certificate* cert) const { | 38 X509Certificate* cert) const { |
99 // It shouldn't matter which set we check first, but we check denied first | 39 // It shouldn't matter which set we check first, but we check denied first |
100 // in case something strange has happened. | 40 // in case something strange has happened. |
(...skipping 28 matching lines...) Expand all Loading... |
129 | 69 |
130 bool CertPolicy::HasAllowedCert() const { | 70 bool CertPolicy::HasAllowedCert() const { |
131 return !allowed_.empty(); | 71 return !allowed_.empty(); |
132 } | 72 } |
133 | 73 |
134 bool CertPolicy::HasDeniedCert() const { | 74 bool CertPolicy::HasDeniedCert() const { |
135 return !denied_.empty(); | 75 return !denied_.empty(); |
136 } | 76 } |
137 | 77 |
138 } // namespace net | 78 } // namespace net |
OLD | NEW |