OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include <cert.h> | 7 #include <cert.h> |
8 #include <cryptohi.h> | 8 #include <cryptohi.h> |
9 #include <keyhi.h> | 9 #include <keyhi.h> |
10 #include <nss.h> | 10 #include <nss.h> |
(...skipping 746 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
757 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { | 757 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { |
758 dns_names->clear(); | 758 dns_names->clear(); |
759 | 759 |
760 // Compare with CERT_VerifyCertName(). | 760 // Compare with CERT_VerifyCertName(). |
761 GetCertSubjectAltNamesOfType(cert_handle_, certDNSName, dns_names); | 761 GetCertSubjectAltNamesOfType(cert_handle_, certDNSName, dns_names); |
762 | 762 |
763 if (dns_names->empty()) | 763 if (dns_names->empty()) |
764 dns_names->push_back(subject_.common_name); | 764 dns_names->push_back(subject_.common_name); |
765 } | 765 } |
766 | 766 |
767 X509Certificate::OSCertListHandle | |
768 X509Certificate::CreateOSCertListHandle() const { | |
769 return CERT_DupCertificate(cert_handle_); | |
770 } | |
wtc
2011/10/04 00:26:34
Change VerifyInternal to use CreateOSCertListHandl
Ryan Sleevi
2011/10/04 03:38:07
I don't think this is desirable for NSS, since the
wtc
2011/10/04 18:00:51
The reason I suggested having VerifyInternal use
C
| |
771 | |
767 int X509Certificate::VerifyInternal(const std::string& hostname, | 772 int X509Certificate::VerifyInternal(const std::string& hostname, |
768 int flags, | 773 int flags, |
769 CertVerifyResult* verify_result) const { | 774 CertVerifyResult* verify_result) const { |
770 // Make sure that the hostname matches with the common name of the cert. | 775 // Make sure that the hostname matches with the common name of the cert. |
771 SECStatus status = CERT_VerifyCertName(cert_handle_, hostname.c_str()); | 776 SECStatus status = CERT_VerifyCertName(cert_handle_, hostname.c_str()); |
772 if (status != SECSuccess) | 777 if (status != SECSuccess) |
773 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; | 778 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; |
774 | 779 |
775 // Make sure that the cert is valid now. | 780 // Make sure that the cert is valid now. |
776 SECCertTimeValidity validity = CERT_CheckCertValidTimes( | 781 SECCertTimeValidity validity = CERT_CheckCertValidTimes( |
(...skipping 189 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
966 OSCertHandle cert_handle) { | 971 OSCertHandle cert_handle) { |
967 return CERT_DupCertificate(cert_handle); | 972 return CERT_DupCertificate(cert_handle); |
968 } | 973 } |
969 | 974 |
970 // static | 975 // static |
971 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { | 976 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { |
972 CERT_DestroyCertificate(cert_handle); | 977 CERT_DestroyCertificate(cert_handle); |
973 } | 978 } |
974 | 979 |
975 // static | 980 // static |
981 void X509Certificate::FreeOSCertListHandle(OSCertListHandle cert_list) { | |
wtc
2011/10/04 00:26:34
cert_list => cert_list_handle
| |
982 CERT_DestroyCertificate(cert_list); | |
983 } | |
984 | |
985 // static | |
976 SHA1Fingerprint X509Certificate::CalculateFingerprint( | 986 SHA1Fingerprint X509Certificate::CalculateFingerprint( |
977 OSCertHandle cert) { | 987 OSCertHandle cert) { |
978 SHA1Fingerprint sha1; | 988 SHA1Fingerprint sha1; |
979 memset(sha1.data, 0, sizeof(sha1.data)); | 989 memset(sha1.data, 0, sizeof(sha1.data)); |
980 | 990 |
981 DCHECK(NULL != cert->derCert.data); | 991 DCHECK(NULL != cert->derCert.data); |
982 DCHECK_NE(0U, cert->derCert.len); | 992 DCHECK_NE(0U, cert->derCert.len); |
983 | 993 |
984 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data, | 994 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data, |
985 cert->derCert.data, cert->derCert.len); | 995 cert->derCert.data, cert->derCert.len); |
(...skipping 16 matching lines...) Expand all Loading... | |
1002 | 1012 |
1003 // static | 1013 // static |
1004 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, | 1014 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, |
1005 Pickle* pickle) { | 1015 Pickle* pickle) { |
1006 return pickle->WriteData( | 1016 return pickle->WriteData( |
1007 reinterpret_cast<const char*>(cert_handle->derCert.data), | 1017 reinterpret_cast<const char*>(cert_handle->derCert.data), |
1008 cert_handle->derCert.len); | 1018 cert_handle->derCert.len); |
1009 } | 1019 } |
1010 | 1020 |
1011 } // namespace net | 1021 } // namespace net |
OLD | NEW |