| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
| 8 #include <CoreServices/CoreServices.h> | 8 #include <CoreServices/CoreServices.h> |
| 9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
| 10 #include <time.h> | 10 #include <time.h> |
| (...skipping 522 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 533 status = SecCertificateGetIssuer(cert_handle_, &name); | 533 status = SecCertificateGetIssuer(cert_handle_, &name); |
| 534 if (!status) | 534 if (!status) |
| 535 issuer_.Parse(name); | 535 issuer_.Parse(name); |
| 536 | 536 |
| 537 GetCertDateForOID(cert_handle_, CSSMOID_X509V1ValidityNotBefore, | 537 GetCertDateForOID(cert_handle_, CSSMOID_X509V1ValidityNotBefore, |
| 538 &valid_start_); | 538 &valid_start_); |
| 539 GetCertDateForOID(cert_handle_, CSSMOID_X509V1ValidityNotAfter, | 539 GetCertDateForOID(cert_handle_, CSSMOID_X509V1ValidityNotAfter, |
| 540 &valid_expiry_); | 540 &valid_expiry_); |
| 541 | 541 |
| 542 fingerprint_ = CalculateFingerprint(cert_handle_); | 542 fingerprint_ = CalculateFingerprint(cert_handle_); |
| 543 chain_fingerprint_ = CalculateChainFingerprint(); |
| 543 serial_number_ = GetCertSerialNumber(cert_handle_); | 544 serial_number_ = GetCertSerialNumber(cert_handle_); |
| 544 } | 545 } |
| 545 | 546 |
| 546 // IsIssuedByKnownRoot returns true if the given chain is rooted at a root CA | 547 // IsIssuedByKnownRoot returns true if the given chain is rooted at a root CA |
| 547 // that we recognise as a standard root. | 548 // that we recognise as a standard root. |
| 548 // static | 549 // static |
| 549 bool X509Certificate::IsIssuedByKnownRoot(CFArrayRef chain) { | 550 bool X509Certificate::IsIssuedByKnownRoot(CFArrayRef chain) { |
| 550 int n = CFArrayGetCount(chain); | 551 int n = CFArrayGetCount(chain); |
| 551 if (n < 1) | 552 if (n < 1) |
| 552 return false; | 553 return false; |
| (...skipping 509 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1062 return sha1; | 1063 return sha1; |
| 1063 | 1064 |
| 1064 DCHECK(cert_data.Data); | 1065 DCHECK(cert_data.Data); |
| 1065 DCHECK_NE(cert_data.Length, 0U); | 1066 DCHECK_NE(cert_data.Length, 0U); |
| 1066 | 1067 |
| 1067 CC_SHA1(cert_data.Data, cert_data.Length, sha1.data); | 1068 CC_SHA1(cert_data.Data, cert_data.Length, sha1.data); |
| 1068 | 1069 |
| 1069 return sha1; | 1070 return sha1; |
| 1070 } | 1071 } |
| 1071 | 1072 |
| 1073 SHA1Fingerprint X509Certificate::CalculateChainFingerprint() const { |
| 1074 SHA1Fingerprint sha1; |
| 1075 memset(sha1.data, 0, sizeof(sha1.data)); |
| 1076 |
| 1077 // The CC_SHA(3cc) man page says all CC_SHA1_xxx routines return 1, so |
| 1078 // we don't check their return values. |
| 1079 CC_SHA1_CTX sha1_ctx; |
| 1080 CC_SHA1_Init(&sha1_ctx); |
| 1081 CSSM_DATA cert_data; |
| 1082 OSStatus status = SecCertificateGetData(cert_handle_, &cert_data); |
| 1083 if (status) |
| 1084 return sha1; |
| 1085 CC_SHA1_Update(&sha1_ctx, cert_data.Data, cert_data.Length); |
| 1086 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { |
| 1087 status = SecCertificateGetData(intermediate_ca_certs_[i], &cert_data); |
| 1088 if (status) |
| 1089 return sha1; |
| 1090 CC_SHA1_Update(&sha1_ctx, cert_data.Data, cert_data.Length); |
| 1091 } |
| 1092 CC_SHA1_Final(sha1.data, &sha1_ctx); |
| 1093 |
| 1094 return sha1; |
| 1095 } |
| 1096 |
| 1072 bool X509Certificate::SupportsSSLClientAuth() const { | 1097 bool X509Certificate::SupportsSSLClientAuth() const { |
| 1073 CSSMFields fields; | 1098 CSSMFields fields; |
| 1074 if (GetCertFields(cert_handle_, &fields) != noErr) | 1099 if (GetCertFields(cert_handle_, &fields) != noErr) |
| 1075 return false; | 1100 return false; |
| 1076 | 1101 |
| 1077 // Gather the extensions we care about. We do not support | 1102 // Gather the extensions we care about. We do not support |
| 1078 // CSSMOID_NetscapeCertType on OS X. | 1103 // CSSMOID_NetscapeCertType on OS X. |
| 1079 const CE_ExtendedKeyUsage* ext_key_usage = NULL; | 1104 const CE_ExtendedKeyUsage* ext_key_usage = NULL; |
| 1080 const CE_KeyUsage* key_usage = NULL; | 1105 const CE_KeyUsage* key_usage = NULL; |
| 1081 for (unsigned f = 0; f < fields.num_of_fields; ++f) { | 1106 for (unsigned f = 0; f < fields.num_of_fields; ++f) { |
| (...skipping 258 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1340 CSSM_DATA cert_data; | 1365 CSSM_DATA cert_data; |
| 1341 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); | 1366 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); |
| 1342 if (status) | 1367 if (status) |
| 1343 return false; | 1368 return false; |
| 1344 | 1369 |
| 1345 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), | 1370 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), |
| 1346 cert_data.Length); | 1371 cert_data.Length); |
| 1347 } | 1372 } |
| 1348 | 1373 |
| 1349 } // namespace net | 1374 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8400075:
Fix the "certificate is not yet valid" error for server certificates (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/