OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include <openssl/asn1.h> | 7 #include <openssl/asn1.h> |
8 #include <openssl/crypto.h> | 8 #include <openssl/crypto.h> |
9 #include <openssl/obj_mac.h> | 9 #include <openssl/obj_mac.h> |
10 #include <openssl/pem.h> | 10 #include <openssl/pem.h> |
(...skipping 305 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
316 } | 316 } |
317 | 317 |
318 // static | 318 // static |
319 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { | 319 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { |
320 // Decrement the ref-count for the cert and, if all references are gone, | 320 // Decrement the ref-count for the cert and, if all references are gone, |
321 // free the memory and any application-specific data associated with the | 321 // free the memory and any application-specific data associated with the |
322 // certificate. | 322 // certificate. |
323 X509_free(cert_handle); | 323 X509_free(cert_handle); |
324 } | 324 } |
325 | 325 |
| 326 // static |
| 327 void X509Certificate::FreeOSCertListHandle( |
| 328 OSCertListHandle cert_list_handle) { |
| 329 sk_X509_pop_free(cert_list_handle, X509_free); |
| 330 } |
| 331 |
326 void X509Certificate::Initialize() { | 332 void X509Certificate::Initialize() { |
327 crypto::EnsureOpenSSLInit(); | 333 crypto::EnsureOpenSSLInit(); |
328 fingerprint_ = CalculateFingerprint(cert_handle_); | 334 fingerprint_ = CalculateFingerprint(cert_handle_); |
329 | 335 |
330 ASN1_INTEGER* num = X509_get_serialNumber(cert_handle_); | 336 ASN1_INTEGER* num = X509_get_serialNumber(cert_handle_); |
331 if (num) { | 337 if (num) { |
332 serial_number_ = std::string( | 338 serial_number_ = std::string( |
333 reinterpret_cast<char*>(num->data), | 339 reinterpret_cast<char*>(num->data), |
334 num->length); | 340 num->length); |
335 // Remove leading zeros. | 341 // Remove leading zeros. |
(...skipping 15 matching lines...) Expand all Loading... |
351 SHA1Fingerprint X509Certificate::CalculateFingerprint(OSCertHandle cert) { | 357 SHA1Fingerprint X509Certificate::CalculateFingerprint(OSCertHandle cert) { |
352 SHA1Fingerprint sha1; | 358 SHA1Fingerprint sha1; |
353 unsigned int sha1_size = static_cast<unsigned int>(sizeof(sha1.data)); | 359 unsigned int sha1_size = static_cast<unsigned int>(sizeof(sha1.data)); |
354 int ret = X509_digest(cert, EVP_sha1(), sha1.data, &sha1_size); | 360 int ret = X509_digest(cert, EVP_sha1(), sha1.data, &sha1_size); |
355 CHECK(ret); | 361 CHECK(ret); |
356 CHECK_EQ(sha1_size, sizeof(sha1.data)); | 362 CHECK_EQ(sha1_size, sizeof(sha1.data)); |
357 return sha1; | 363 return sha1; |
358 } | 364 } |
359 | 365 |
360 // static | 366 // static |
| 367 X509Certificate::OSCertListHandle |
| 368 X509Certificate::CreateOSCertListHandle() const { |
| 369 STACK_OF(X509)* cert_list_handle = sk_X509_new_null(); |
| 370 if (!cert_list_handle) |
| 371 return NULL; |
| 372 |
| 373 if (!sk_X509_push(cert_list_handle, DupOSCertHandle(cert_handle_))) { |
| 374 FreeOSCertListHandle(cert_list_handle); |
| 375 return NULL; |
| 376 } |
| 377 |
| 378 bool ok = true; |
| 379 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { |
| 380 if (!sk_X509_push(cert_list_handle, |
| 381 DupOSCertHandle(intermediate_ca_certs_[i]))) { |
| 382 ok = false; |
| 383 break; |
| 384 } |
| 385 } |
| 386 if (!ok) { |
| 387 FreeOSCertListHandle(cert_list_handle); |
| 388 return NULL; |
| 389 } |
| 390 |
| 391 return cert_list_handle; |
| 392 } |
| 393 |
| 394 // static |
361 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( | 395 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( |
362 const char* data, int length) { | 396 const char* data, int length) { |
363 if (length < 0) | 397 if (length < 0) |
364 return NULL; | 398 return NULL; |
365 crypto::EnsureOpenSSLInit(); | 399 crypto::EnsureOpenSSLInit(); |
366 const unsigned char* d2i_data = | 400 const unsigned char* d2i_data = |
367 reinterpret_cast<const unsigned char*>(data); | 401 reinterpret_cast<const unsigned char*>(data); |
368 // Don't cache this data via SetDERCache as this wire format may be not be | 402 // Don't cache this data via SetDERCache as this wire format may be not be |
369 // identical from the i2d_X509 roundtrip. | 403 // identical from the i2d_X509 roundtrip. |
370 X509* cert = d2i_X509(NULL, &d2i_data, length); | 404 X509* cert = d2i_X509(NULL, &d2i_data, length); |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
441 int X509Certificate::VerifyInternal(const std::string& hostname, | 475 int X509Certificate::VerifyInternal(const std::string& hostname, |
442 int flags, | 476 int flags, |
443 CertVerifyResult* verify_result) const { | 477 CertVerifyResult* verify_result) const { |
444 if (!VerifyNameMatch(hostname)) | 478 if (!VerifyNameMatch(hostname)) |
445 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; | 479 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; |
446 | 480 |
447 crypto::ScopedOpenSSL<X509_STORE_CTX, X509_STORE_CTX_free> ctx( | 481 crypto::ScopedOpenSSL<X509_STORE_CTX, X509_STORE_CTX_free> ctx( |
448 X509_STORE_CTX_new()); | 482 X509_STORE_CTX_new()); |
449 | 483 |
450 crypto::ScopedOpenSSL<STACK_OF(X509), sk_X509_free_fn> intermediates( | 484 crypto::ScopedOpenSSL<STACK_OF(X509), sk_X509_free_fn> intermediates( |
451 sk_X509_new_null()); | 485 CreateOSCertListHandle()); |
452 if (!intermediates.get()) | 486 if (!intermediates.get()) |
453 return ERR_OUT_OF_MEMORY; | 487 return ERR_OUT_OF_MEMORY; |
454 | 488 |
455 for (OSCertHandles::const_iterator it = intermediate_ca_certs_.begin(); | |
456 it != intermediate_ca_certs_.end(); ++it) { | |
457 if (!sk_X509_push(intermediates.get(), *it)) | |
458 return ERR_OUT_OF_MEMORY; | |
459 } | |
460 int rv = X509_STORE_CTX_init(ctx.get(), cert_store(), | 489 int rv = X509_STORE_CTX_init(ctx.get(), cert_store(), |
461 cert_handle_, intermediates.get()); | 490 cert_handle_, intermediates.get()); |
462 CHECK_EQ(1, rv); | 491 CHECK_EQ(1, rv); |
463 | 492 |
464 if (X509_verify_cert(ctx.get()) != 1) { | 493 if (X509_verify_cert(ctx.get()) != 1) { |
465 int x509_error = X509_STORE_CTX_get_error(ctx.get()); | 494 int x509_error = X509_STORE_CTX_get_error(ctx.get()); |
466 CertStatus cert_status = MapCertErrorToCertStatus(x509_error); | 495 CertStatus cert_status = MapCertErrorToCertStatus(x509_error); |
467 LOG(ERROR) << "X509 Verification error " | 496 LOG(ERROR) << "X509 Verification error " |
468 << X509_verify_cert_error_string(x509_error) | 497 << X509_verify_cert_error_string(x509_error) |
469 << " : " << x509_error | 498 << " : " << x509_error |
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
564 DERCache der_cache; | 593 DERCache der_cache; |
565 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache)) | 594 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache)) |
566 return false; | 595 return false; |
567 | 596 |
568 return pickle->WriteData( | 597 return pickle->WriteData( |
569 reinterpret_cast<const char*>(der_cache.data), | 598 reinterpret_cast<const char*>(der_cache.data), |
570 der_cache.data_length); | 599 der_cache.data_length); |
571 } | 600 } |
572 | 601 |
573 } // namespace net | 602 } // namespace net |
OLD | NEW |