OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
8 #include <CoreServices/CoreServices.h> | 8 #include <CoreServices/CoreServices.h> |
9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
10 #include <time.h> | 10 #include <time.h> |
(...skipping 737 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
748 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { | 748 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { |
749 dns_names->clear(); | 749 dns_names->clear(); |
750 | 750 |
751 GetCertGeneralNamesForOID(cert_handle_, CSSMOID_SubjectAltName, GNT_DNSName, | 751 GetCertGeneralNamesForOID(cert_handle_, CSSMOID_SubjectAltName, GNT_DNSName, |
752 dns_names); | 752 dns_names); |
753 | 753 |
754 if (dns_names->empty()) | 754 if (dns_names->empty()) |
755 dns_names->push_back(subject_.common_name); | 755 dns_names->push_back(subject_.common_name); |
756 } | 756 } |
757 | 757 |
758 X509Certificate::OSCertListHandle | |
759 X509Certificate::CreateOSCertListHandle() const { | |
760 CFMutableArrayRef cert_list = | |
761 CFArrayCreateMutable(kCFAllocatorDefault, 0, | |
762 &kCFTypeArrayCallBacks); | |
763 if (!cert_list) | |
764 return NULL; | |
765 | |
766 CFArrayAppendValue(cert_list, cert_handle_); | |
767 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { | |
768 CFArrayAppendValue(cert_list, intermediate_ca_certs_[i]); | |
769 } | |
wtc
2011/10/04 00:26:34
Remove curly braces.
A comment like lines 783-786
| |
770 | |
771 return cert_list; | |
772 } | |
773 | |
758 int X509Certificate::VerifyInternal(const std::string& hostname, | 774 int X509Certificate::VerifyInternal(const std::string& hostname, |
759 int flags, | 775 int flags, |
760 CertVerifyResult* verify_result) const { | 776 CertVerifyResult* verify_result) const { |
761 ScopedCFTypeRef<CFArrayRef> trust_policies; | 777 ScopedCFTypeRef<CFArrayRef> trust_policies; |
762 OSStatus status = CreateTrustPolicies(hostname, flags, &trust_policies); | 778 OSStatus status = CreateTrustPolicies(hostname, flags, &trust_policies); |
763 if (status) | 779 if (status) |
764 return NetErrorFromOSStatus(status); | 780 return NetErrorFromOSStatus(status); |
765 | 781 |
766 // Create and configure a SecTrustRef, which takes our certificate(s) | 782 // Create and configure a SecTrustRef, which takes our certificate(s) |
767 // and our SSL SecPolicyRef. SecTrustCreateWithCertificates() takes an | 783 // and our SSL SecPolicyRef. SecTrustCreateWithCertificates() takes an |
768 // array of certificates, the first of which is the certificate we're | 784 // array of certificates, the first of which is the certificate we're |
769 // verifying, and the subsequent (optional) certificates are used for | 785 // verifying, and the subsequent (optional) certificates are used for |
770 // chain building. | 786 // chain building. |
771 CFMutableArrayRef cert_array = CFArrayCreateMutable(kCFAllocatorDefault, 0, | 787 ScopedCFTypeRef<CFArrayRef> cert_array(CreateOSCertListHandle()); |
772 &kCFTypeArrayCallBacks); | |
773 if (!cert_array) | |
774 return ERR_OUT_OF_MEMORY; | |
775 ScopedCFTypeRef<CFArrayRef> scoped_cert_array(cert_array); | |
776 CFArrayAppendValue(cert_array, cert_handle_); | |
777 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) | |
778 CFArrayAppendValue(cert_array, intermediate_ca_certs_[i]); | |
779 | 788 |
780 // From here on, only one thread can be active at a time. We have had a number | 789 // From here on, only one thread can be active at a time. We have had a number |
781 // of sporadic crashes in the SecTrustEvaluate call below, way down inside | 790 // of sporadic crashes in the SecTrustEvaluate call below, way down inside |
782 // Apple's cert code, which we suspect are caused by a thread-safety issue. | 791 // Apple's cert code, which we suspect are caused by a thread-safety issue. |
783 // So as a speculative fix allow only one thread to use SecTrust on this cert. | 792 // So as a speculative fix allow only one thread to use SecTrust on this cert. |
784 base::AutoLock lock(verification_lock_); | 793 base::AutoLock lock(verification_lock_); |
785 | 794 |
786 SecTrustRef trust_ref = NULL; | 795 SecTrustRef trust_ref = NULL; |
787 status = SecTrustCreateWithCertificates(cert_array, trust_policies, | 796 status = SecTrustCreateWithCertificates(cert_array, trust_policies, |
788 &trust_ref); | 797 &trust_ref); |
(...skipping 278 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1067 return NULL; | 1076 return NULL; |
1068 return reinterpret_cast<OSCertHandle>(const_cast<void*>(CFRetain(handle))); | 1077 return reinterpret_cast<OSCertHandle>(const_cast<void*>(CFRetain(handle))); |
1069 } | 1078 } |
1070 | 1079 |
1071 // static | 1080 // static |
1072 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { | 1081 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { |
1073 CFRelease(cert_handle); | 1082 CFRelease(cert_handle); |
1074 } | 1083 } |
1075 | 1084 |
1076 // static | 1085 // static |
1086 void X509Certificate::FreeOSCertListHandle(OSCertListHandle identity) { | |
wtc
2011/10/04 00:26:34
identity => cert_list_handle
| |
1087 CFRelease(identity); | |
1088 } | |
1089 | |
1090 // static | |
1077 SHA1Fingerprint X509Certificate::CalculateFingerprint( | 1091 SHA1Fingerprint X509Certificate::CalculateFingerprint( |
1078 OSCertHandle cert) { | 1092 OSCertHandle cert) { |
1079 SHA1Fingerprint sha1; | 1093 SHA1Fingerprint sha1; |
1080 memset(sha1.data, 0, sizeof(sha1.data)); | 1094 memset(sha1.data, 0, sizeof(sha1.data)); |
1081 | 1095 |
1082 CSSM_DATA cert_data; | 1096 CSSM_DATA cert_data; |
1083 OSStatus status = SecCertificateGetData(cert, &cert_data); | 1097 OSStatus status = SecCertificateGetData(cert, &cert_data); |
1084 if (status) | 1098 if (status) |
1085 return sha1; | 1099 return sha1; |
1086 | 1100 |
(...skipping 292 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1379 CSSM_DATA cert_data; | 1393 CSSM_DATA cert_data; |
1380 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); | 1394 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); |
1381 if (status) | 1395 if (status) |
1382 return false; | 1396 return false; |
1383 | 1397 |
1384 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), | 1398 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), |
1385 cert_data.Length); | 1399 cert_data.Length); |
1386 } | 1400 } |
1387 | 1401 |
1388 } // namespace net | 1402 } // namespace net |
OLD | NEW |