Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(955)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_win.cc

Issue 8400075: Fix the "certificate is not yet valid" error for server certificates (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Use NSS BLAPI. Add comments. Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/x509_certificate_unittest.cc ('k') | net/data/ssl/certificates/README » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #define PRArenaPool PLArenaPool // Required by <blapi.h>.
8 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS.
9
7 #include "base/lazy_instance.h" 10 #include "base/lazy_instance.h"
8 #include "base/logging.h" 11 #include "base/logging.h"
9 #include "base/pickle.h" 12 #include "base/pickle.h"
10 #include "base/sha1.h" 13 #include "base/sha1.h"
11 #include "base/string_tokenizer.h" 14 #include "base/string_tokenizer.h"
12 #include "base/string_util.h" 15 #include "base/string_util.h"
13 #include "base/utf_string_conversions.h" 16 #include "base/utf_string_conversions.h"
14 #include "crypto/rsa_private_key.h" 17 #include "crypto/rsa_private_key.h"
15 #include "crypto/scoped_capi_types.h" 18 #include "crypto/scoped_capi_types.h"
16 #include "net/base/asn1_util.h" 19 #include "net/base/asn1_util.h"
(...skipping 517 matching lines...) Expand 10 before | Expand all | Expand 10 after
534 &cert_handle_->pCertInfo->Issuer, 537 &cert_handle_->pCertInfo->Issuer,
535 CERT_X500_NAME_STR | CERT_NAME_STR_CRLF_FLAG, 538 CERT_X500_NAME_STR | CERT_NAME_STR_CRLF_FLAG,
536 WriteInto(&issuer_info, name_size), name_size); 539 WriteInto(&issuer_info, name_size), name_size);
537 ParsePrincipal(WideToUTF8(subject_info), &subject_); 540 ParsePrincipal(WideToUTF8(subject_info), &subject_);
538 ParsePrincipal(WideToUTF8(issuer_info), &issuer_); 541 ParsePrincipal(WideToUTF8(issuer_info), &issuer_);
539 542
540 valid_start_ = Time::FromFileTime(cert_handle_->pCertInfo->NotBefore); 543 valid_start_ = Time::FromFileTime(cert_handle_->pCertInfo->NotBefore);
541 valid_expiry_ = Time::FromFileTime(cert_handle_->pCertInfo->NotAfter); 544 valid_expiry_ = Time::FromFileTime(cert_handle_->pCertInfo->NotAfter);
542 545
543 fingerprint_ = CalculateFingerprint(cert_handle_); 546 fingerprint_ = CalculateFingerprint(cert_handle_);
547 chain_fingerprint_ = CalculateChainFingerprint();
544 548
545 const CRYPT_INTEGER_BLOB* serial = &cert_handle_->pCertInfo->SerialNumber; 549 const CRYPT_INTEGER_BLOB* serial = &cert_handle_->pCertInfo->SerialNumber;
546 scoped_array<uint8> serial_bytes(new uint8[serial->cbData]); 550 scoped_array<uint8> serial_bytes(new uint8[serial->cbData]);
547 for (unsigned i = 0; i < serial->cbData; i++) 551 for (unsigned i = 0; i < serial->cbData; i++)
548 serial_bytes[i] = serial->pbData[serial->cbData - i - 1]; 552 serial_bytes[i] = serial->pbData[serial->cbData - i - 1];
549 serial_number_ = std::string( 553 serial_number_ = std::string(
550 reinterpret_cast<char*>(serial_bytes.get()), serial->cbData); 554 reinterpret_cast<char*>(serial_bytes.get()), serial->cbData);
551 // Remove leading zeros. 555 // Remove leading zeros.
552 while (serial_number_.size() > 1 && serial_number_[0] == 0) 556 while (serial_number_.size() > 1 && serial_number_[0] == 0)
553 serial_number_ = serial_number_.substr(1, serial_number_.size() - 1); 557 serial_number_ = serial_number_.substr(1, serial_number_.size() - 1);
(...skipping 457 matching lines...) Expand 10 before | Expand all | Expand 10 after
1011 SHA1Fingerprint sha1; 1015 SHA1Fingerprint sha1;
1012 DWORD sha1_size = sizeof(sha1.data); 1016 DWORD sha1_size = sizeof(sha1.data);
1013 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded, 1017 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded,
1014 cert->cbCertEncoded, sha1.data, &sha1_size); 1018 cert->cbCertEncoded, sha1.data, &sha1_size);
1015 DCHECK(rv && sha1_size == sizeof(sha1.data)); 1019 DCHECK(rv && sha1_size == sizeof(sha1.data));
1016 if (!rv) 1020 if (!rv)
1017 memset(sha1.data, 0, sizeof(sha1.data)); 1021 memset(sha1.data, 0, sizeof(sha1.data));
1018 return sha1; 1022 return sha1;
1019 } 1023 }
1020 1024
1025 // TODO(wtc): This function is implemented with NSS low-level hash
1026 // functions to ensure it is fast. Reimplement this function with
1027 // CryptoAPI. May need to cache the HCRYPTPROV to reduce the overhead.
1028 SHA1Fingerprint X509Certificate::CalculateChainFingerprint() const {
1029 SHA1Fingerprint sha1;
1030 memset(sha1.data, 0, sizeof(sha1.data));
1031
1032 SHA1Context* sha1_ctx = SHA1_NewContext();
1033 if (!sha1_ctx)
1034 return sha1;
1035 SHA1_Begin(sha1_ctx);
1036 SHA1_Update(sha1_ctx, cert_handle_->pbCertEncoded,
1037 cert_handle_->cbCertEncoded);
1038 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {
1039 PCCERT_CONTEXT ca_cert = intermediate_ca_certs_[i];
1040 SHA1_Update(sha1_ctx, ca_cert->pbCertEncoded, ca_cert->cbCertEncoded);
1041 }
1042 unsigned int result_len;
1043 SHA1_End(sha1_ctx, sha1.data, &result_len, SHA1_LENGTH);
1044 SHA1_DestroyContext(sha1_ctx, PR_TRUE);
1045
1046 return sha1;
1047 }
1048
1021 // static 1049 // static
1022 X509Certificate::OSCertHandle 1050 X509Certificate::OSCertHandle
1023 X509Certificate::ReadOSCertHandleFromPickle(const Pickle& pickle, 1051 X509Certificate::ReadOSCertHandleFromPickle(const Pickle& pickle,
1024 void** pickle_iter) { 1052 void** pickle_iter) {
1025 const char* data; 1053 const char* data;
1026 int length; 1054 int length;
1027 if (!pickle.ReadData(pickle_iter, &data, &length)) 1055 if (!pickle.ReadData(pickle_iter, &data, &length))
1028 return NULL; 1056 return NULL;
1029 1057
1030 OSCertHandle cert_handle = NULL; 1058 OSCertHandle cert_handle = NULL;
(...skipping 21 matching lines...) Expand all
1052 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0], 1080 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0],
1053 &length)) { 1081 &length)) {
1054 return false; 1082 return false;
1055 } 1083 }
1056 1084
1057 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]), 1085 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]),
1058 length); 1086 length);
1059 } 1087 }
1060 1088
1061 } // namespace net 1089 } // namespace net
OLDNEW
« no previous file with comments | « net/base/x509_certificate_unittest.cc ('k') | net/data/ssl/certificates/README » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698