| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <cryptohi.h> | 8 #include <cryptohi.h> |
| 9 #include <keyhi.h> |
| 9 #include <nss.h> | 10 #include <nss.h> |
| 10 #include <pk11pub.h> | 11 #include <pk11pub.h> |
| 11 #include <prerror.h> | 12 #include <prerror.h> |
| 12 #include <prtime.h> | 13 #include <prtime.h> |
| 13 #include <secder.h> | 14 #include <secder.h> |
| 14 #include <secerr.h> | 15 #include <secerr.h> |
| 15 #include <sechash.h> | 16 #include <sechash.h> |
| 16 #include <sslerr.h> | 17 #include <sslerr.h> |
| 17 | 18 |
| 18 #include "base/logging.h" | 19 #include "base/logging.h" |
| (...skipping 659 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 678 | 679 |
| 679 fingerprint_ = CalculateFingerprint(cert_handle_); | 680 fingerprint_ = CalculateFingerprint(cert_handle_); |
| 680 ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_); | 681 ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_); |
| 681 | 682 |
| 682 serial_number_ = std::string( | 683 serial_number_ = std::string( |
| 683 reinterpret_cast<char*>(cert_handle_->serialNumber.data), | 684 reinterpret_cast<char*>(cert_handle_->serialNumber.data), |
| 684 cert_handle_->serialNumber.len); | 685 cert_handle_->serialNumber.len); |
| 685 } | 686 } |
| 686 | 687 |
| 687 // static | 688 // static |
| 689 X509Certificate* X509Certificate::CreateFromBytesWithNickname( |
| 690 const char* data, |
| 691 int length, |
| 692 const char* nickname) { |
| 693 OSCertHandle cert_handle = CreateOSCertHandleFromBytesWithNickname(data, |
| 694 length, |
| 695 nickname); |
| 696 if (!cert_handle) |
| 697 return NULL; |
| 698 |
| 699 X509Certificate* cert = CreateFromHandle(cert_handle, OSCertHandles()); |
| 700 FreeOSCertHandle(cert_handle); |
| 701 |
| 702 if (nickname) |
| 703 cert->default_nickname_ = nickname; |
| 704 |
| 705 return cert; |
| 706 } |
| 707 |
| 708 std::string X509Certificate::GetDefaultNickname(CertType type) const { |
| 709 if (!default_nickname_.empty()) |
| 710 return default_nickname_; |
| 711 |
| 712 std::string result; |
| 713 if (type == USER_CERT) { |
| 714 // Find the private key for this certificate and see if it has a |
| 715 // nickname. If there is a private key, and it has a nickname, then |
| 716 // we return that nickname. |
| 717 SECKEYPrivateKey* private_key = PK11_FindPrivateKeyFromCert( |
| 718 cert_handle_->slot, |
| 719 cert_handle_, |
| 720 NULL); // wincx |
| 721 if (private_key) { |
| 722 char* private_key_nickname = PK11_GetPrivateKeyNickname(private_key); |
| 723 if (private_key_nickname) { |
| 724 result = private_key_nickname; |
| 725 PORT_Free(private_key_nickname); |
| 726 SECKEY_DestroyPrivateKey(private_key); |
| 727 return result; |
| 728 } |
| 729 SECKEY_DestroyPrivateKey(private_key); |
| 730 } |
| 731 } |
| 732 |
| 733 switch (type) { |
| 734 case CA_CERT: { |
| 735 char* nickname = CERT_MakeCANickname(cert_handle_); |
| 736 result = nickname; |
| 737 PORT_Free(nickname); |
| 738 break; |
| 739 } |
| 740 case USER_CERT: { |
| 741 // Create a nickname for a user certificate. |
| 742 // We use the scheme used by Firefox: |
| 743 // --> <subject's common name>'s <issuer's common name> ID. |
| 744 // TODO(gspencer): internationalize this: it's wrong to |
| 745 // hard code English. |
| 746 |
| 747 std::string username, ca_name; |
| 748 char* temp_username = CERT_GetCommonName( |
| 749 &cert_handle_->subject); |
| 750 char* temp_ca_name = CERT_GetCommonName(&cert_handle_->issuer); |
| 751 if (temp_username) { |
| 752 username = temp_username; |
| 753 PORT_Free(temp_username); |
| 754 } |
| 755 if (temp_ca_name) { |
| 756 ca_name = temp_ca_name; |
| 757 PORT_Free(temp_ca_name); |
| 758 } |
| 759 result = username + "'s " + ca_name + " ID"; |
| 760 break; |
| 761 } |
| 762 case SERVER_CERT: |
| 763 result = subject_.GetDisplayName(); |
| 764 break; |
| 765 case UNKNOWN_CERT: |
| 766 default: |
| 767 break; |
| 768 } |
| 769 return result; |
| 770 } |
| 771 |
| 772 // static |
| 688 X509Certificate* X509Certificate::CreateSelfSigned( | 773 X509Certificate* X509Certificate::CreateSelfSigned( |
| 689 crypto::RSAPrivateKey* key, | 774 crypto::RSAPrivateKey* key, |
| 690 const std::string& subject, | 775 const std::string& subject, |
| 691 uint32 serial_number, | 776 uint32 serial_number, |
| 692 base::TimeDelta valid_duration) { | 777 base::TimeDelta valid_duration) { |
| 693 DCHECK(key); | 778 DCHECK(key); |
| 694 | 779 |
| 695 CERTCertificate* cert = x509_util::CreateSelfSignedCert(key->public_key(), | 780 CERTCertificate* cert = x509_util::CreateSelfSignedCert(key->public_key(), |
| 696 key->key(), | 781 key->key(), |
| 697 subject, | 782 subject, |
| (...skipping 217 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 915 DCHECK(a && b); | 1000 DCHECK(a && b); |
| 916 if (a == b) | 1001 if (a == b) |
| 917 return true; | 1002 return true; |
| 918 return a->derCert.len == b->derCert.len && | 1003 return a->derCert.len == b->derCert.len && |
| 919 memcmp(a->derCert.data, b->derCert.data, a->derCert.len) == 0; | 1004 memcmp(a->derCert.data, b->derCert.data, a->derCert.len) == 0; |
| 920 } | 1005 } |
| 921 | 1006 |
| 922 // static | 1007 // static |
| 923 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( | 1008 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( |
| 924 const char* data, int length) { | 1009 const char* data, int length) { |
| 1010 return CreateOSCertHandleFromBytesWithNickname(data, length, NULL); |
| 1011 } |
| 1012 |
| 1013 // static |
| 1014 X509Certificate::OSCertHandle |
| 1015 X509Certificate::CreateOSCertHandleFromBytesWithNickname( |
| 1016 const char* data, |
| 1017 int length, |
| 1018 const char* nickname) { |
| 925 if (length < 0) | 1019 if (length < 0) |
| 926 return NULL; | 1020 return NULL; |
| 927 | 1021 |
| 928 crypto::EnsureNSSInit(); | 1022 crypto::EnsureNSSInit(); |
| 929 | 1023 |
| 930 if (!NSS_IsInitialized()) | 1024 if (!NSS_IsInitialized()) |
| 931 return NULL; | 1025 return NULL; |
| 932 | 1026 |
| 933 SECItem der_cert; | 1027 SECItem der_cert; |
| 934 der_cert.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data)); | 1028 der_cert.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data)); |
| 935 der_cert.len = length; | 1029 der_cert.len = length; |
| 936 der_cert.type = siDERCertBuffer; | 1030 der_cert.type = siDERCertBuffer; |
| 937 | 1031 |
| 938 // Parse into a certificate structure. | 1032 // Parse into a certificate structure. |
| 939 return CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &der_cert, NULL, | 1033 return CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &der_cert, |
| 1034 const_cast<char*>(nickname), |
| 940 PR_FALSE, PR_TRUE); | 1035 PR_FALSE, PR_TRUE); |
| 941 } | 1036 } |
| 942 | 1037 |
| 943 // static | 1038 // static |
| 944 X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes( | 1039 X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes( |
| 945 const char* data, int length, Format format) { | 1040 const char* data, |
| 1041 int length, |
| 1042 Format format) { |
| 946 OSCertHandles results; | 1043 OSCertHandles results; |
| 947 if (length < 0) | 1044 if (length < 0) |
| 948 return results; | 1045 return results; |
| 949 | 1046 |
| 950 crypto::EnsureNSSInit(); | 1047 crypto::EnsureNSSInit(); |
| 951 | 1048 |
| 952 if (!NSS_IsInitialized()) | 1049 if (!NSS_IsInitialized()) |
| 953 return results; | 1050 return results; |
| 954 | 1051 |
| 955 switch (format) { | 1052 switch (format) { |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1039 | 1136 |
| 1040 // static | 1137 // static |
| 1041 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, | 1138 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, |
| 1042 Pickle* pickle) { | 1139 Pickle* pickle) { |
| 1043 return pickle->WriteData( | 1140 return pickle->WriteData( |
| 1044 reinterpret_cast<const char*>(cert_handle->derCert.data), | 1141 reinterpret_cast<const char*>(cert_handle->derCert.data), |
| 1045 cert_handle->derCert.len); | 1142 cert_handle->derCert.len); |
| 1046 } | 1143 } |
| 1047 | 1144 |
| 1048 } // namespace net | 1145 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8566056:
This applies GUIDs to certificate and key nicknames when (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src