| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/x509_util.h" | 5 #include "net/cert/x509_util.h" |
| 6 #include "net/cert/x509_util_nss.h" | 6 #include "net/cert/x509_util_nss.h" |
| 7 | 7 |
| 8 #include <cert.h> // Must be included before certdb.h | 8 #include <cert.h> // Must be included before certdb.h |
| 9 #include <certdb.h> | 9 #include <certdb.h> |
| 10 #include <cryptohi.h> | 10 #include <cryptohi.h> |
| (...skipping 273 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 284 crypto::BaseTimeToPRTime(not_valid_before), | 284 crypto::BaseTimeToPRTime(not_valid_before), |
| 285 crypto::BaseTimeToPRTime(not_valid_after)); | 285 crypto::BaseTimeToPRTime(not_valid_after)); |
| 286 | 286 |
| 287 if (!validity) | 287 if (!validity) |
| 288 return false; | 288 return false; |
| 289 | 289 |
| 290 CERT_DestroyValidity(validity); | 290 CERT_DestroyValidity(validity); |
| 291 return true; | 291 return true; |
| 292 } | 292 } |
| 293 | 293 |
| 294 bool CreateChannelIDEC(crypto::ECPrivateKey* key, | |
| 295 DigestAlgorithm alg, | |
| 296 const std::string& domain, | |
| 297 uint32 serial_number, | |
| 298 base::Time not_valid_before, | |
| 299 base::Time not_valid_after, | |
| 300 std::string* der_cert) { | |
| 301 DCHECK(key); | |
| 302 | |
| 303 CERTCertificate* cert = CreateCertificate(key->public_key(), | |
| 304 "CN=anonymous.invalid", | |
| 305 serial_number, | |
| 306 not_valid_before, | |
| 307 not_valid_after); | |
| 308 | |
| 309 if (!cert) | |
| 310 return false; | |
| 311 | |
| 312 // Create opaque handle used to add extensions later. | |
| 313 void* cert_handle; | |
| 314 if ((cert_handle = CERT_StartCertExtensions(cert)) == NULL) { | |
| 315 LOG(ERROR) << "Unable to get opaque handle for adding extensions"; | |
| 316 CERT_DestroyCertificate(cert); | |
| 317 return false; | |
| 318 } | |
| 319 | |
| 320 // Create SECItem for IA5String encoding. | |
| 321 SECItem domain_string_item = { | |
| 322 siAsciiString, | |
| 323 (unsigned char*)domain.data(), | |
| 324 static_cast<unsigned>(domain.size()) | |
| 325 }; | |
| 326 | |
| 327 // IA5Encode and arena allocate SECItem | |
| 328 SECItem* asn1_domain_string = SEC_ASN1EncodeItem( | |
| 329 cert->arena, NULL, &domain_string_item, | |
| 330 SEC_ASN1_GET(SEC_IA5StringTemplate)); | |
| 331 if (asn1_domain_string == NULL) { | |
| 332 LOG(ERROR) << "Unable to get ASN1 encoding for domain in domain_bound_cert" | |
| 333 " extension"; | |
| 334 CERT_DestroyCertificate(cert); | |
| 335 return false; | |
| 336 } | |
| 337 | |
| 338 // Add the extension to the opaque handle | |
| 339 if (CERT_AddExtension( | |
| 340 cert_handle, | |
| 341 ChannelIDOIDWrapper::GetInstance()->domain_bound_cert_oid_tag(), | |
| 342 asn1_domain_string, | |
| 343 PR_TRUE, | |
| 344 PR_TRUE) != SECSuccess){ | |
| 345 LOG(ERROR) << "Unable to add domain bound cert extension to opaque handle"; | |
| 346 CERT_DestroyCertificate(cert); | |
| 347 return false; | |
| 348 } | |
| 349 | |
| 350 // Copy extension into x509 cert | |
| 351 if (CERT_FinishExtensions(cert_handle) != SECSuccess){ | |
| 352 LOG(ERROR) << "Unable to copy extension to X509 cert"; | |
| 353 CERT_DestroyCertificate(cert); | |
| 354 return false; | |
| 355 } | |
| 356 | |
| 357 if (!SignCertificate(cert, key->key(), ToSECOid(alg))) { | |
| 358 CERT_DestroyCertificate(cert); | |
| 359 return false; | |
| 360 } | |
| 361 | |
| 362 DCHECK(cert->derCert.len); | |
| 363 // XXX copied from X509Certificate::GetDEREncoded | |
| 364 der_cert->clear(); | |
| 365 der_cert->append(reinterpret_cast<char*>(cert->derCert.data), | |
| 366 cert->derCert.len); | |
| 367 CERT_DestroyCertificate(cert); | |
| 368 return true; | |
| 369 } | |
| 370 | |
| 371 #if defined(USE_NSS) || defined(OS_IOS) | 294 #if defined(USE_NSS) || defined(OS_IOS) |
| 372 void ParsePrincipal(CERTName* name, CertPrincipal* principal) { | 295 void ParsePrincipal(CERTName* name, CertPrincipal* principal) { |
| 373 // Starting in NSS 3.15, CERTGetNameFunc takes a const CERTName* argument. | 296 // Starting in NSS 3.15, CERTGetNameFunc takes a const CERTName* argument. |
| 374 #if NSS_VMINOR >= 15 | 297 #if NSS_VMINOR >= 15 |
| 375 typedef char* (*CERTGetNameFunc)(const CERTName* name); | 298 typedef char* (*CERTGetNameFunc)(const CERTName* name); |
| 376 #else | 299 #else |
| 377 typedef char* (*CERTGetNameFunc)(CERTName* name); | 300 typedef char* (*CERTGetNameFunc)(CERTName* name); |
| 378 #endif | 301 #endif |
| 379 | 302 |
| 380 // TODO(jcampan): add business_category and serial_number. | 303 // TODO(jcampan): add business_category and serial_number. |
| (...skipping 248 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 629 } | 552 } |
| 630 | 553 |
| 631 return new_name; | 554 return new_name; |
| 632 } | 555 } |
| 633 | 556 |
| 634 #endif // defined(USE_NSS) || defined(OS_IOS) | 557 #endif // defined(USE_NSS) || defined(OS_IOS) |
| 635 | 558 |
| 636 } // namespace x509_util | 559 } // namespace x509_util |
| 637 | 560 |
| 638 } // namespace net | 561 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1076063002:
Remove certificates from Channel ID (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master