OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 #include <map> | 10 #include <map> |
(...skipping 396 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
407 std::string decoded(pem_tok.data()); | 407 std::string decoded(pem_tok.data()); |
408 | 408 |
409 OSCertHandle handle = NULL; | 409 OSCertHandle handle = NULL; |
410 if (format & FORMAT_PEM_CERT_SEQUENCE) | 410 if (format & FORMAT_PEM_CERT_SEQUENCE) |
411 handle = CreateOSCertHandleFromBytes(decoded.c_str(), decoded.size()); | 411 handle = CreateOSCertHandleFromBytes(decoded.c_str(), decoded.size()); |
412 if (handle != NULL) { | 412 if (handle != NULL) { |
413 // Parsed a DER encoded certificate. All PEM blocks that follow must | 413 // Parsed a DER encoded certificate. All PEM blocks that follow must |
414 // also be DER encoded certificates wrapped inside of PEM blocks. | 414 // also be DER encoded certificates wrapped inside of PEM blocks. |
415 format = FORMAT_PEM_CERT_SEQUENCE; | 415 format = FORMAT_PEM_CERT_SEQUENCE; |
416 certificates.push_back(handle); | 416 certificates.push_back(handle); |
| 417 fprintf(stderr, "PEM: format %d\n", (int)format); |
417 continue; | 418 continue; |
418 } | 419 } |
419 | 420 |
420 // If the first block failed to parse as a DER certificate, and | 421 // If the first block failed to parse as a DER certificate, and |
421 // formats other than PEM are acceptable, check to see if the decoded | 422 // formats other than PEM are acceptable, check to see if the decoded |
422 // data is one of the accepted formats. | 423 // data is one of the accepted formats. |
423 if (format & ~FORMAT_PEM_CERT_SEQUENCE) { | 424 if (format & ~FORMAT_PEM_CERT_SEQUENCE) { |
424 for (size_t i = 0; certificates.empty() && | 425 for (size_t i = 0; certificates.empty() && |
425 i < arraysize(kFormatDecodePriority); ++i) { | 426 i < arraysize(kFormatDecodePriority); ++i) { |
426 if (format & kFormatDecodePriority[i]) { | 427 if (format & kFormatDecodePriority[i]) { |
427 certificates = CreateOSCertHandlesFromBytes(decoded.c_str(), | 428 certificates = CreateOSCertHandlesFromBytes(decoded.c_str(), |
428 decoded.size(), kFormatDecodePriority[i]); | 429 decoded.size(), kFormatDecodePriority[i]); |
| 430 if (!certificates.empty()) |
| 431 fprintf(stderr, "PEM: format %d\n", (int)kFormatDecodePriority[i]); |
429 } | 432 } |
430 } | 433 } |
431 } | 434 } |
432 | 435 |
433 // Stop parsing after the first block for any format but a sequence of | 436 // Stop parsing after the first block for any format but a sequence of |
434 // PEM-encoded DER certificates. The case of FORMAT_PEM_CERT_SEQUENCE | 437 // PEM-encoded DER certificates. The case of FORMAT_PEM_CERT_SEQUENCE |
435 // is handled above, and continues processing until a certificate fails | 438 // is handled above, and continues processing until a certificate fails |
436 // to parse. | 439 // to parse. |
437 break; | 440 break; |
438 } | 441 } |
439 | 442 |
440 // Try each of the formats, in order of parse preference, to see if |data| | 443 // Try each of the formats, in order of parse preference, to see if |data| |
441 // contains the binary representation of a Format, if it failed to parse | 444 // contains the binary representation of a Format, if it failed to parse |
442 // as a PEM certificate/chain. | 445 // as a PEM certificate/chain. |
443 for (size_t i = 0; certificates.empty() && | 446 for (size_t i = 0; certificates.empty() && |
444 i < arraysize(kFormatDecodePriority); ++i) { | 447 i < arraysize(kFormatDecodePriority); ++i) { |
445 if (format & kFormatDecodePriority[i]) | 448 if (format & kFormatDecodePriority[i]) { |
446 certificates = CreateOSCertHandlesFromBytes(data, length, | 449 certificates = CreateOSCertHandlesFromBytes(data, length, |
447 kFormatDecodePriority[i]); | 450 kFormatDecodePriority[i]); |
| 451 if (!certificates.empty()) |
| 452 fprintf(stderr, "Binary: format %d\n", (int)kFormatDecodePriority[i]); |
| 453 } |
448 } | 454 } |
449 | 455 |
450 CertificateList results; | 456 CertificateList results; |
451 // No certificates parsed. | 457 // No certificates parsed. |
452 if (certificates.empty()) | 458 if (certificates.empty()) |
453 return results; | 459 return results; |
454 | 460 |
455 for (OSCertHandles::iterator it = certificates.begin(); | 461 for (OSCertHandles::iterator it = certificates.begin(); |
456 it != certificates.end(); ++it) { | 462 it != certificates.end(); ++it) { |
457 X509Certificate* result = CreateFromHandle(*it, OSCertHandles()); | 463 X509Certificate* result = CreateFromHandle(*it, OSCertHandles()); |
458 results.push_back(scoped_refptr<X509Certificate>(result)); | 464 results.push_back(scoped_refptr<X509Certificate>(result)); |
459 FreeOSCertHandle(*it); | 465 FreeOSCertHandle(*it); |
| 466 fprintf(stderr, "Certificate: %s issued by %s\n", |
| 467 result->subject().common_name.c_str(), |
| 468 result->issuer().common_name.c_str()); |
460 } | 469 } |
461 | 470 |
462 return results; | 471 return results; |
463 } | 472 } |
464 | 473 |
465 void X509Certificate::Persist(Pickle* pickle) { | 474 void X509Certificate::Persist(Pickle* pickle) { |
466 DCHECK(cert_handle_); | 475 DCHECK(cert_handle_); |
467 // This would be an absolutely insane number of intermediates. | 476 // This would be an absolutely insane number of intermediates. |
468 if (intermediate_ca_certs_.size() > static_cast<size_t>(INT_MAX) - 1) { | 477 if (intermediate_ca_certs_.size() > static_cast<size_t>(INT_MAX) - 1) { |
469 NOTREACHED(); | 478 NOTREACHED(); |
(...skipping 222 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
692 RemoveFromCache(cert_handle_); | 701 RemoveFromCache(cert_handle_); |
693 FreeOSCertHandle(cert_handle_); | 702 FreeOSCertHandle(cert_handle_); |
694 } | 703 } |
695 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { | 704 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { |
696 RemoveFromCache(intermediate_ca_certs_[i]); | 705 RemoveFromCache(intermediate_ca_certs_[i]); |
697 FreeOSCertHandle(intermediate_ca_certs_[i]); | 706 FreeOSCertHandle(intermediate_ca_certs_[i]); |
698 } | 707 } |
699 } | 708 } |
700 | 709 |
701 } // namespace net | 710 } // namespace net |
OLD | NEW |