OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include "base/lazy_instance.h" | 7 #include "base/lazy_instance.h" |
8 #include "base/logging.h" | 8 #include "base/logging.h" |
9 #include "base/pickle.h" | 9 #include "base/pickle.h" |
10 #include "base/sha1.h" | 10 #include "base/sha1.h" |
(...skipping 278 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
289 } | 289 } |
290 } | 290 } |
291 return false; | 291 return false; |
292 } | 292 } |
293 | 293 |
294 // Saves some information about the certificate chain chain_context in | 294 // Saves some information about the certificate chain chain_context in |
295 // *verify_result. The caller MUST initialize *verify_result before calling | 295 // *verify_result. The caller MUST initialize *verify_result before calling |
296 // this function. | 296 // this function. |
297 void GetCertChainInfo(PCCERT_CHAIN_CONTEXT chain_context, | 297 void GetCertChainInfo(PCCERT_CHAIN_CONTEXT chain_context, |
298 CertVerifyResult* verify_result) { | 298 CertVerifyResult* verify_result) { |
| 299 if (chain_context->cChain == 0) |
| 300 return; |
| 301 |
299 PCERT_SIMPLE_CHAIN first_chain = chain_context->rgpChain[0]; | 302 PCERT_SIMPLE_CHAIN first_chain = chain_context->rgpChain[0]; |
300 int num_elements = first_chain->cElement; | 303 int num_elements = first_chain->cElement; |
301 PCERT_CHAIN_ELEMENT* element = first_chain->rgpElement; | 304 PCERT_CHAIN_ELEMENT* element = first_chain->rgpElement; |
302 | 305 |
| 306 PCCERT_CONTEXT verified_cert = NULL; |
| 307 std::vector<PCCERT_CONTEXT> verified_chain; |
| 308 |
303 // Each chain starts with the end entity certificate (i = 0) and ends with | 309 // Each chain starts with the end entity certificate (i = 0) and ends with |
304 // the root CA certificate (i = num_elements - 1). Do not inspect the | 310 // the root CA certificate (i = num_elements - 1). Do not inspect the |
305 // signature algorithm of the root CA certificate because the signature on | 311 // signature algorithm of the root CA certificate because the signature on |
306 // the trust anchor is not important. | 312 // the trust anchor is not important. |
307 for (int i = 0; i < num_elements - 1; ++i) { | 313 for (int i = 0; i < num_elements - 1; ++i) { |
308 PCCERT_CONTEXT cert = element[i]->pCertContext; | 314 PCCERT_CONTEXT cert = element[i]->pCertContext; |
| 315 if (i == 0) { |
| 316 verified_cert = cert; |
| 317 } else { |
| 318 verified_chain.push_back(cert); |
| 319 } |
| 320 |
309 const char* algorithm = cert->pCertInfo->SignatureAlgorithm.pszObjId; | 321 const char* algorithm = cert->pCertInfo->SignatureAlgorithm.pszObjId; |
310 if (strcmp(algorithm, szOID_RSA_MD5RSA) == 0) { | 322 if (strcmp(algorithm, szOID_RSA_MD5RSA) == 0) { |
311 // md5WithRSAEncryption: 1.2.840.113549.1.1.4 | 323 // md5WithRSAEncryption: 1.2.840.113549.1.1.4 |
312 verify_result->has_md5 = true; | 324 verify_result->has_md5 = true; |
313 if (i != 0) | 325 if (i != 0) |
314 verify_result->has_md5_ca = true; | 326 verify_result->has_md5_ca = true; |
315 } else if (strcmp(algorithm, szOID_RSA_MD2RSA) == 0) { | 327 } else if (strcmp(algorithm, szOID_RSA_MD2RSA) == 0) { |
316 // md2WithRSAEncryption: 1.2.840.113549.1.1.2 | 328 // md2WithRSAEncryption: 1.2.840.113549.1.1.2 |
317 verify_result->has_md2 = true; | 329 verify_result->has_md2 = true; |
318 if (i != 0) | 330 if (i != 0) |
319 verify_result->has_md2_ca = true; | 331 verify_result->has_md2_ca = true; |
320 } else if (strcmp(algorithm, szOID_RSA_MD4RSA) == 0) { | 332 } else if (strcmp(algorithm, szOID_RSA_MD4RSA) == 0) { |
321 // md4WithRSAEncryption: 1.2.840.113549.1.1.3 | 333 // md4WithRSAEncryption: 1.2.840.113549.1.1.3 |
322 verify_result->has_md4 = true; | 334 verify_result->has_md4 = true; |
323 } | 335 } |
324 } | 336 } |
| 337 |
| 338 if (verified_cert) { |
| 339 // Add the root certificate, if present, as it was not added above. |
| 340 if (num_elements > 1) |
| 341 verified_chain.push_back(element[num_elements - 1]->pCertContext); |
| 342 verify_result->verified_cert = |
| 343 X509Certificate::CreateFromHandle(verified_cert, verified_chain); |
| 344 } |
325 } | 345 } |
326 | 346 |
327 // Decodes the cert's certificatePolicies extension into a CERT_POLICIES_INFO | 347 // Decodes the cert's certificatePolicies extension into a CERT_POLICIES_INFO |
328 // structure and stores it in *output. | 348 // structure and stores it in *output. |
329 void GetCertPoliciesInfo(PCCERT_CONTEXT cert, | 349 void GetCertPoliciesInfo(PCCERT_CONTEXT cert, |
330 scoped_ptr_malloc<CERT_POLICIES_INFO>* output) { | 350 scoped_ptr_malloc<CERT_POLICIES_INFO>* output) { |
331 PCERT_EXTENSION extension = CertFindExtension(szOID_CERT_POLICIES, | 351 PCERT_EXTENSION extension = CertFindExtension(szOID_CERT_POLICIES, |
332 cert->pCertInfo->cExtension, | 352 cert->pCertInfo->cExtension, |
333 cert->pCertInfo->rgExtension); | 353 cert->pCertInfo->rgExtension); |
334 if (!extension) | 354 if (!extension) |
(...skipping 700 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1035 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0], | 1055 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0], |
1036 &length)) { | 1056 &length)) { |
1037 return false; | 1057 return false; |
1038 } | 1058 } |
1039 | 1059 |
1040 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]), | 1060 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]), |
1041 length); | 1061 length); |
1042 } | 1062 } |
1043 | 1063 |
1044 } // namespace net | 1064 } // namespace net |
OLD | NEW |