| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <openssl/asn1.h> | 7 #include <openssl/asn1.h> |
| 8 #include <openssl/crypto.h> | 8 #include <openssl/crypto.h> |
| 9 #include <openssl/obj_mac.h> | 9 #include <openssl/obj_mac.h> |
| 10 #include <openssl/pem.h> | 10 #include <openssl/pem.h> |
| (...skipping 644 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 655 Pickle* pickle) { | 655 Pickle* pickle) { |
| 656 DERCache der_cache; | 656 DERCache der_cache; |
| 657 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache)) | 657 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache)) |
| 658 return false; | 658 return false; |
| 659 | 659 |
| 660 return pickle->WriteData( | 660 return pickle->WriteData( |
| 661 reinterpret_cast<const char*>(der_cache.data), | 661 reinterpret_cast<const char*>(der_cache.data), |
| 662 der_cache.data_length); | 662 der_cache.data_length); |
| 663 } | 663 } |
| 664 | 664 |
| 665 // static |
| 666 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle, |
| 667 size_t* size_bits, |
| 668 PublicKeyType* type) { |
| 669 EVP_PKEY* key = X509_get_pubkey(cert_handle); |
| 670 CHECK(key); |
| 671 *size_bits = EVP_PKEY_size(key) * 8; |
| 672 |
| 673 switch (key->type) { |
| 674 case EVP_PKEY_RSA: |
| 675 *type = kPublicKeyTypeRSA; |
| 676 break; |
| 677 case EVP_PKEY_DSA: |
| 678 *type = kPublicKeyTypeDSA; |
| 679 break; |
| 680 case EVP_PKEY_EC: |
| 681 *type = kPublicKeyTypeECDSA; |
| 682 break; |
| 683 case EVP_PKEY_DH: |
| 684 *type = kPublicKeyTypeDH; |
| 685 break; |
| 686 default: |
| 687 *type = kPublicKeyTypeUnknown; |
| 688 } |
| 689 } |
| 690 |
| 665 #if defined(OS_ANDROID) | 691 #if defined(OS_ANDROID) |
| 666 void X509Certificate::GetChainDEREncodedBytes( | 692 void X509Certificate::GetChainDEREncodedBytes( |
| 667 std::vector<std::string>* chain_bytes) const { | 693 std::vector<std::string>* chain_bytes) const { |
| 668 OSCertHandles cert_handles(intermediate_ca_certs_); | 694 OSCertHandles cert_handles(intermediate_ca_certs_); |
| 669 // Make sure the peer's own cert is the first in the chain, if it's not | 695 // Make sure the peer's own cert is the first in the chain, if it's not |
| 670 // already there. | 696 // already there. |
| 671 if (cert_handles.empty() || cert_handles[0] != cert_handle_) | 697 if (cert_handles.empty() || cert_handles[0] != cert_handle_) |
| 672 cert_handles.insert(cert_handles.begin(), cert_handle_); | 698 cert_handles.insert(cert_handles.begin(), cert_handle_); |
| 673 | 699 |
| 674 chain_bytes->reserve(cert_handles.size()); | 700 chain_bytes->reserve(cert_handles.size()); |
| 675 for (OSCertHandles::const_iterator it = cert_handles.begin(); | 701 for (OSCertHandles::const_iterator it = cert_handles.begin(); |
| 676 it != cert_handles.end(); ++it) { | 702 it != cert_handles.end(); ++it) { |
| 677 std::string cert_bytes; | 703 std::string cert_bytes; |
| 678 GetDEREncoded(*it, &cert_bytes); | 704 GetDEREncoded(*it, &cert_bytes); |
| 679 chain_bytes->push_back(cert_bytes); | 705 chain_bytes->push_back(cert_bytes); |
| 680 } | 706 } |
| 681 } | 707 } |
| 682 #endif | 708 #endif |
| 683 | 709 |
| 684 } // namespace net | 710 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8568040:
Refuse to accept certificate chains containing any RSA public key smaller (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/