OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/x509_util.h" | 5 #include "net/cert/x509_util.h" |
6 #include "net/cert/x509_util_nss.h" | 6 #include "net/cert/x509_util_nss.h" |
7 | 7 |
8 #include <cert.h> // Must be included before certdb.h | 8 #include <cert.h> // Must be included before certdb.h |
9 #include <certdb.h> | 9 #include <certdb.h> |
10 #include <cryptohi.h> | 10 #include <cryptohi.h> |
(...skipping 273 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
284 crypto::BaseTimeToPRTime(not_valid_before), | 284 crypto::BaseTimeToPRTime(not_valid_before), |
285 crypto::BaseTimeToPRTime(not_valid_after)); | 285 crypto::BaseTimeToPRTime(not_valid_after)); |
286 | 286 |
287 if (!validity) | 287 if (!validity) |
288 return false; | 288 return false; |
289 | 289 |
290 CERT_DestroyValidity(validity); | 290 CERT_DestroyValidity(validity); |
291 return true; | 291 return true; |
292 } | 292 } |
293 | 293 |
294 bool CreateChannelIDEC(crypto::ECPrivateKey* key, | |
295 DigestAlgorithm alg, | |
296 const std::string& domain, | |
297 uint32 serial_number, | |
298 base::Time not_valid_before, | |
299 base::Time not_valid_after, | |
300 std::string* der_cert) { | |
301 DCHECK(key); | |
302 | |
303 CERTCertificate* cert = CreateCertificate(key->public_key(), | |
304 "CN=anonymous.invalid", | |
305 serial_number, | |
306 not_valid_before, | |
307 not_valid_after); | |
308 | |
309 if (!cert) | |
310 return false; | |
311 | |
312 // Create opaque handle used to add extensions later. | |
313 void* cert_handle; | |
314 if ((cert_handle = CERT_StartCertExtensions(cert)) == NULL) { | |
315 LOG(ERROR) << "Unable to get opaque handle for adding extensions"; | |
316 CERT_DestroyCertificate(cert); | |
317 return false; | |
318 } | |
319 | |
320 // Create SECItem for IA5String encoding. | |
321 SECItem domain_string_item = { | |
322 siAsciiString, | |
323 (unsigned char*)domain.data(), | |
324 static_cast<unsigned>(domain.size()) | |
325 }; | |
326 | |
327 // IA5Encode and arena allocate SECItem | |
328 SECItem* asn1_domain_string = SEC_ASN1EncodeItem( | |
329 cert->arena, NULL, &domain_string_item, | |
330 SEC_ASN1_GET(SEC_IA5StringTemplate)); | |
331 if (asn1_domain_string == NULL) { | |
332 LOG(ERROR) << "Unable to get ASN1 encoding for domain in domain_bound_cert" | |
333 " extension"; | |
334 CERT_DestroyCertificate(cert); | |
335 return false; | |
336 } | |
337 | |
338 // Add the extension to the opaque handle | |
339 if (CERT_AddExtension( | |
340 cert_handle, | |
341 ChannelIDOIDWrapper::GetInstance()->domain_bound_cert_oid_tag(), | |
342 asn1_domain_string, | |
343 PR_TRUE, | |
344 PR_TRUE) != SECSuccess){ | |
345 LOG(ERROR) << "Unable to add domain bound cert extension to opaque handle"; | |
346 CERT_DestroyCertificate(cert); | |
347 return false; | |
348 } | |
349 | |
350 // Copy extension into x509 cert | |
351 if (CERT_FinishExtensions(cert_handle) != SECSuccess){ | |
352 LOG(ERROR) << "Unable to copy extension to X509 cert"; | |
353 CERT_DestroyCertificate(cert); | |
354 return false; | |
355 } | |
356 | |
357 if (!SignCertificate(cert, key->key(), ToSECOid(alg))) { | |
358 CERT_DestroyCertificate(cert); | |
359 return false; | |
360 } | |
361 | |
362 DCHECK(cert->derCert.len); | |
363 // XXX copied from X509Certificate::GetDEREncoded | |
364 der_cert->clear(); | |
365 der_cert->append(reinterpret_cast<char*>(cert->derCert.data), | |
366 cert->derCert.len); | |
367 CERT_DestroyCertificate(cert); | |
368 return true; | |
369 } | |
370 | |
371 #if defined(USE_NSS) || defined(OS_IOS) | 294 #if defined(USE_NSS) || defined(OS_IOS) |
372 void ParsePrincipal(CERTName* name, CertPrincipal* principal) { | 295 void ParsePrincipal(CERTName* name, CertPrincipal* principal) { |
373 // Starting in NSS 3.15, CERTGetNameFunc takes a const CERTName* argument. | 296 // Starting in NSS 3.15, CERTGetNameFunc takes a const CERTName* argument. |
374 #if NSS_VMINOR >= 15 | 297 #if NSS_VMINOR >= 15 |
375 typedef char* (*CERTGetNameFunc)(const CERTName* name); | 298 typedef char* (*CERTGetNameFunc)(const CERTName* name); |
376 #else | 299 #else |
377 typedef char* (*CERTGetNameFunc)(CERTName* name); | 300 typedef char* (*CERTGetNameFunc)(CERTName* name); |
378 #endif | 301 #endif |
379 | 302 |
380 // TODO(jcampan): add business_category and serial_number. | 303 // TODO(jcampan): add business_category and serial_number. |
(...skipping 248 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
629 } | 552 } |
630 | 553 |
631 return new_name; | 554 return new_name; |
632 } | 555 } |
633 | 556 |
634 #endif // defined(USE_NSS) || defined(OS_IOS) | 557 #endif // defined(USE_NSS) || defined(OS_IOS) |
635 | 558 |
636 } // namespace x509_util | 559 } // namespace x509_util |
637 | 560 |
638 } // namespace net | 561 } // namespace net |
OLD | NEW |