OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
8 #include <CoreServices/CoreServices.h> | 8 #include <CoreServices/CoreServices.h> |
9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
10 #include <time.h> | 10 #include <time.h> |
(...skipping 737 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
748 name_data.Length)); | 748 name_data.Length)); |
749 } else if (ip_addrs && name_struct.nameType == GNT_IPAddress) { | 749 } else if (ip_addrs && name_struct.nameType == GNT_IPAddress) { |
750 ip_addrs->push_back(std::string( | 750 ip_addrs->push_back(std::string( |
751 reinterpret_cast<const char*>(name_data.Data), | 751 reinterpret_cast<const char*>(name_data.Data), |
752 name_data.Length)); | 752 name_data.Length)); |
753 } | 753 } |
754 } | 754 } |
755 } | 755 } |
756 } | 756 } |
757 | 757 |
| 758 X509Certificate::OSCertListHandle |
| 759 X509Certificate::CreateOSCertListHandle() const { |
| 760 CFMutableArrayRef cert_list = |
| 761 CFArrayCreateMutable(kCFAllocatorDefault, 0, |
| 762 &kCFTypeArrayCallBacks); |
| 763 if (!cert_list) |
| 764 return NULL; |
| 765 |
| 766 CFArrayAppendValue(cert_list, cert_handle_); |
| 767 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) |
| 768 CFArrayAppendValue(cert_list, intermediate_ca_certs_[i]); |
| 769 |
| 770 return cert_list; |
| 771 } |
| 772 |
758 int X509Certificate::VerifyInternal(const std::string& hostname, | 773 int X509Certificate::VerifyInternal(const std::string& hostname, |
759 int flags, | 774 int flags, |
760 CertVerifyResult* verify_result) const { | 775 CertVerifyResult* verify_result) const { |
761 ScopedCFTypeRef<CFArrayRef> trust_policies; | 776 ScopedCFTypeRef<CFArrayRef> trust_policies; |
762 OSStatus status = CreateTrustPolicies(hostname, flags, &trust_policies); | 777 OSStatus status = CreateTrustPolicies(hostname, flags, &trust_policies); |
763 if (status) | 778 if (status) |
764 return NetErrorFromOSStatus(status); | 779 return NetErrorFromOSStatus(status); |
765 | 780 |
766 // Create and configure a SecTrustRef, which takes our certificate(s) | 781 // Create and configure a SecTrustRef, which takes our certificate(s) |
767 // and our SSL SecPolicyRef. SecTrustCreateWithCertificates() takes an | 782 // and our SSL SecPolicyRef. SecTrustCreateWithCertificates() takes an |
768 // array of certificates, the first of which is the certificate we're | 783 // array of certificates, the first of which is the certificate we're |
769 // verifying, and the subsequent (optional) certificates are used for | 784 // verifying, and the subsequent (optional) certificates are used for |
770 // chain building. | 785 // chain building. |
771 CFMutableArrayRef cert_array = CFArrayCreateMutable(kCFAllocatorDefault, 0, | 786 ScopedCFTypeRef<CFArrayRef> cert_array(CreateOSCertListHandle()); |
772 &kCFTypeArrayCallBacks); | |
773 if (!cert_array) | |
774 return ERR_OUT_OF_MEMORY; | |
775 ScopedCFTypeRef<CFArrayRef> scoped_cert_array(cert_array); | |
776 CFArrayAppendValue(cert_array, cert_handle_); | |
777 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) | |
778 CFArrayAppendValue(cert_array, intermediate_ca_certs_[i]); | |
779 | 787 |
780 // From here on, only one thread can be active at a time. We have had a number | 788 // From here on, only one thread can be active at a time. We have had a number |
781 // of sporadic crashes in the SecTrustEvaluate call below, way down inside | 789 // of sporadic crashes in the SecTrustEvaluate call below, way down inside |
782 // Apple's cert code, which we suspect are caused by a thread-safety issue. | 790 // Apple's cert code, which we suspect are caused by a thread-safety issue. |
783 // So as a speculative fix allow only one thread to use SecTrust on this cert. | 791 // So as a speculative fix allow only one thread to use SecTrust on this cert. |
784 base::AutoLock lock(verification_lock_); | 792 base::AutoLock lock(verification_lock_); |
785 | 793 |
786 SecTrustRef trust_ref = NULL; | 794 SecTrustRef trust_ref = NULL; |
787 status = SecTrustCreateWithCertificates(cert_array, trust_policies, | 795 status = SecTrustCreateWithCertificates(cert_array, trust_policies, |
788 &trust_ref); | 796 &trust_ref); |
(...skipping 273 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1062 return NULL; | 1070 return NULL; |
1063 return reinterpret_cast<OSCertHandle>(const_cast<void*>(CFRetain(handle))); | 1071 return reinterpret_cast<OSCertHandle>(const_cast<void*>(CFRetain(handle))); |
1064 } | 1072 } |
1065 | 1073 |
1066 // static | 1074 // static |
1067 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { | 1075 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { |
1068 CFRelease(cert_handle); | 1076 CFRelease(cert_handle); |
1069 } | 1077 } |
1070 | 1078 |
1071 // static | 1079 // static |
| 1080 void X509Certificate::FreeOSCertListHandle( |
| 1081 OSCertListHandle cert_list_handle) { |
| 1082 CFRelease(cert_list_handle); |
| 1083 } |
| 1084 |
| 1085 // static |
1072 SHA1Fingerprint X509Certificate::CalculateFingerprint( | 1086 SHA1Fingerprint X509Certificate::CalculateFingerprint( |
1073 OSCertHandle cert) { | 1087 OSCertHandle cert) { |
1074 SHA1Fingerprint sha1; | 1088 SHA1Fingerprint sha1; |
1075 memset(sha1.data, 0, sizeof(sha1.data)); | 1089 memset(sha1.data, 0, sizeof(sha1.data)); |
1076 | 1090 |
1077 CSSM_DATA cert_data; | 1091 CSSM_DATA cert_data; |
1078 OSStatus status = SecCertificateGetData(cert, &cert_data); | 1092 OSStatus status = SecCertificateGetData(cert, &cert_data); |
1079 if (status) | 1093 if (status) |
1080 return sha1; | 1094 return sha1; |
1081 | 1095 |
(...skipping 276 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1358 CSSM_DATA cert_data; | 1372 CSSM_DATA cert_data; |
1359 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); | 1373 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); |
1360 if (status) | 1374 if (status) |
1361 return false; | 1375 return false; |
1362 | 1376 |
1363 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), | 1377 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), |
1364 cert_data.Length); | 1378 cert_data.Length); |
1365 } | 1379 } |
1366 | 1380 |
1367 } // namespace net | 1381 } // namespace net |
OLD | NEW |