| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
| 8 #include <Security/Security.h> | 8 #include <Security/Security.h> |
| 9 #include <time.h> | 9 #include <time.h> |
| 10 | 10 |
| 11 #include "base/lazy_instance.h" |
| 11 #include "base/logging.h" | 12 #include "base/logging.h" |
| 12 #include "base/pickle.h" | 13 #include "base/pickle.h" |
| 13 #include "base/mac/scoped_cftyperef.h" | 14 #include "base/mac/scoped_cftyperef.h" |
| 14 #include "base/sys_string_conversions.h" | 15 #include "base/sys_string_conversions.h" |
| 15 #include "net/base/cert_status_flags.h" | 16 #include "net/base/cert_status_flags.h" |
| 16 #include "net/base/cert_verify_result.h" | 17 #include "net/base/cert_verify_result.h" |
| 17 #include "net/base/net_errors.h" | 18 #include "net/base/net_errors.h" |
| 18 | 19 |
| 19 using base::mac::ScopedCFTypeRef; | 20 using base::mac::ScopedCFTypeRef; |
| 20 using base::Time; | 21 using base::Time; |
| 21 | 22 |
| 22 namespace net { | 23 namespace net { |
| 23 | 24 |
| 25 namespace { |
| 26 |
| 24 class MacTrustedCertificates { | 27 class MacTrustedCertificates { |
| 25 public: | 28 public: |
| 26 // Sets the trusted root certificate used by tests. Call with |cert| set | 29 // Sets the trusted root certificate used by tests. Call with |cert| set |
| 27 // to NULL to clear the test certificate. | 30 // to NULL to clear the test certificate. |
| 28 void SetTestCertificate(X509Certificate* cert) { | 31 void SetTestCertificate(X509Certificate* cert) { |
| 29 AutoLock lock(lock_); | 32 AutoLock lock(lock_); |
| 30 test_certificate_ = cert; | 33 test_certificate_ = cert; |
| 31 } | 34 } |
| 32 | 35 |
| 33 // Returns an array containing the trusted certificates for use with | 36 // Returns an array containing the trusted certificates for use with |
| (...skipping 16 matching lines...) Expand all Loading... |
| 50 ScopedCFTypeRef<CFArrayRef> scoped_anchor_array(anchor_array); | 53 ScopedCFTypeRef<CFArrayRef> scoped_anchor_array(anchor_array); |
| 51 CFMutableArrayRef merged_array = CFArrayCreateMutableCopy( | 54 CFMutableArrayRef merged_array = CFArrayCreateMutableCopy( |
| 52 kCFAllocatorDefault, 0, anchor_array); | 55 kCFAllocatorDefault, 0, anchor_array); |
| 53 if (!merged_array) | 56 if (!merged_array) |
| 54 return NULL; | 57 return NULL; |
| 55 CFArrayAppendValue(merged_array, test_certificate_->os_cert_handle()); | 58 CFArrayAppendValue(merged_array, test_certificate_->os_cert_handle()); |
| 56 | 59 |
| 57 return merged_array; | 60 return merged_array; |
| 58 } | 61 } |
| 59 private: | 62 private: |
| 60 friend struct DefaultSingletonTraits<MacTrustedCertificates>; | 63 friend struct base::DefaultLazyInstanceTraits<MacTrustedCertificates>; |
| 61 | 64 |
| 62 // Obtain an instance of MacTrustedCertificates via the singleton | 65 // Obtain an instance of MacTrustedCertificates via the singleton |
| 63 // interface. | 66 // interface. |
| 64 MacTrustedCertificates() : test_certificate_(NULL) { } | 67 MacTrustedCertificates() : test_certificate_(NULL) { } |
| 65 | 68 |
| 66 // An X509Certificate object that may be appended to the list of | 69 // An X509Certificate object that may be appended to the list of |
| 67 // system trusted anchors. | 70 // system trusted anchors. |
| 68 scoped_refptr<X509Certificate> test_certificate_; | 71 scoped_refptr<X509Certificate> test_certificate_; |
| 69 | 72 |
| 70 // The trusted cache may be accessed from multiple threads. | 73 // The trusted cache may be accessed from multiple threads. |
| 71 mutable Lock lock_; | 74 mutable Lock lock_; |
| 72 | 75 |
| 73 DISALLOW_COPY_AND_ASSIGN(MacTrustedCertificates); | 76 DISALLOW_COPY_AND_ASSIGN(MacTrustedCertificates); |
| 74 }; | 77 }; |
| 75 | 78 |
| 76 void SetMacTestCertificate(X509Certificate* cert) { | 79 base::LazyInstance<MacTrustedCertificates, |
| 77 Singleton<MacTrustedCertificates>::get()->SetTestCertificate(cert); | 80 base::LeakyLazyInstanceTraits<MacTrustedCertificates> > |
| 78 } | 81 g_mac_trusted_certificates(base::LINKER_INITIALIZED); |
| 79 | |
| 80 namespace { | |
| 81 | 82 |
| 82 typedef OSStatus (*SecTrustCopyExtendedResultFuncPtr)(SecTrustRef, | 83 typedef OSStatus (*SecTrustCopyExtendedResultFuncPtr)(SecTrustRef, |
| 83 CFDictionaryRef*); | 84 CFDictionaryRef*); |
| 84 | 85 |
| 85 int NetErrorFromOSStatus(OSStatus status) { | 86 int NetErrorFromOSStatus(OSStatus status) { |
| 86 switch (status) { | 87 switch (status) { |
| 87 case noErr: | 88 case noErr: |
| 88 return OK; | 89 return OK; |
| 89 case errSecNotAvailable: | 90 case errSecNotAvailable: |
| 90 case errSecNoCertificateModule: | 91 case errSecNoCertificateModule: |
| (...skipping 345 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 436 if (IsValidOSCertHandle(cert)) { | 437 if (IsValidOSCertHandle(cert)) { |
| 437 CFRetain(cert); | 438 CFRetain(cert); |
| 438 output->push_back(cert); | 439 output->push_back(cert); |
| 439 } | 440 } |
| 440 } | 441 } |
| 441 } | 442 } |
| 442 } | 443 } |
| 443 | 444 |
| 444 } // namespace | 445 } // namespace |
| 445 | 446 |
| 447 void SetMacTestCertificate(X509Certificate* cert) { |
| 448 g_mac_trusted_certificates.Get().SetTestCertificate(cert); |
| 449 } |
| 450 |
| 446 void X509Certificate::Initialize() { | 451 void X509Certificate::Initialize() { |
| 447 const CSSM_X509_NAME* name; | 452 const CSSM_X509_NAME* name; |
| 448 OSStatus status = SecCertificateGetSubject(cert_handle_, &name); | 453 OSStatus status = SecCertificateGetSubject(cert_handle_, &name); |
| 449 if (!status) { | 454 if (!status) { |
| 450 subject_.Parse(name); | 455 subject_.Parse(name); |
| 451 } | 456 } |
| 452 status = SecCertificateGetIssuer(cert_handle_, &name); | 457 status = SecCertificateGetIssuer(cert_handle_, &name); |
| 453 if (!status) { | 458 if (!status) { |
| 454 issuer_.Parse(name); | 459 issuer_.Parse(name); |
| 455 } | 460 } |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 538 | 543 |
| 539 SecTrustRef trust_ref = NULL; | 544 SecTrustRef trust_ref = NULL; |
| 540 status = SecTrustCreateWithCertificates(cert_array, ssl_policy, &trust_ref); | 545 status = SecTrustCreateWithCertificates(cert_array, ssl_policy, &trust_ref); |
| 541 if (status) | 546 if (status) |
| 542 return NetErrorFromOSStatus(status); | 547 return NetErrorFromOSStatus(status); |
| 543 ScopedCFTypeRef<SecTrustRef> scoped_trust_ref(trust_ref); | 548 ScopedCFTypeRef<SecTrustRef> scoped_trust_ref(trust_ref); |
| 544 | 549 |
| 545 // Set the trusted anchor certificates for the SecTrustRef by merging the | 550 // Set the trusted anchor certificates for the SecTrustRef by merging the |
| 546 // system trust anchors and the test root certificate. | 551 // system trust anchors and the test root certificate. |
| 547 CFArrayRef anchor_array = | 552 CFArrayRef anchor_array = |
| 548 Singleton<MacTrustedCertificates>::get()->CopyTrustedCertificateArray(); | 553 g_mac_trusted_certificates.Get().CopyTrustedCertificateArray(); |
| 549 ScopedCFTypeRef<CFArrayRef> scoped_anchor_array(anchor_array); | 554 ScopedCFTypeRef<CFArrayRef> scoped_anchor_array(anchor_array); |
| 550 if (anchor_array) { | 555 if (anchor_array) { |
| 551 status = SecTrustSetAnchorCertificates(trust_ref, anchor_array); | 556 status = SecTrustSetAnchorCertificates(trust_ref, anchor_array); |
| 552 if (status) | 557 if (status) |
| 553 return NetErrorFromOSStatus(status); | 558 return NetErrorFromOSStatus(status); |
| 554 } | 559 } |
| 555 | 560 |
| 556 if (flags & VERIFY_REV_CHECKING_ENABLED) { | 561 if (flags & VERIFY_REV_CHECKING_ENABLED) { |
| 557 // When called with VERIFY_REV_CHECKING_ENABLED, we ask SecTrustEvaluate() | 562 // When called with VERIFY_REV_CHECKING_ENABLED, we ask SecTrustEvaluate() |
| 558 // to apply OCSP and CRL checking, but we're still subject to the global | 563 // to apply OCSP and CRL checking, but we're still subject to the global |
| (...skipping 445 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1004 } | 1009 } |
| 1005 CFRelease(cert_chain); | 1010 CFRelease(cert_chain); |
| 1006 } | 1011 } |
| 1007 exit: | 1012 exit: |
| 1008 if (result) | 1013 if (result) |
| 1009 LOG(ERROR) << "CreateIdentityCertificateChain error " << result; | 1014 LOG(ERROR) << "CreateIdentityCertificateChain error " << result; |
| 1010 return chain.release(); | 1015 return chain.release(); |
| 1011 } | 1016 } |
| 1012 | 1017 |
| 1013 } // namespace net | 1018 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 5242002:
Reland 66791 (change was innocent)... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/