OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include <cert.h> | 7 #include <cert.h> |
8 #include <cryptohi.h> | 8 #include <cryptohi.h> |
9 #include <keyhi.h> | 9 #include <keyhi.h> |
10 #include <nss.h> | 10 #include <nss.h> |
11 #include <pk11pub.h> | 11 #include <pk11pub.h> |
12 #include <prtime.h> | 12 #include <prtime.h> |
13 #include <seccomon.h> | |
13 #include <secder.h> | 14 #include <secder.h> |
14 #include <sechash.h> | 15 #include <sechash.h> |
15 | 16 |
16 #include "base/logging.h" | 17 #include "base/logging.h" |
17 #include "base/memory/scoped_ptr.h" | 18 #include "base/memory/scoped_ptr.h" |
18 #include "base/pickle.h" | 19 #include "base/pickle.h" |
19 #include "base/time.h" | 20 #include "base/time.h" |
20 #include "crypto/nss_util.h" | 21 #include "crypto/nss_util.h" |
21 #include "crypto/rsa_private_key.h" | 22 #include "crypto/rsa_private_key.h" |
23 #include "crypto/scoped_nss_types.h" | |
22 #include "net/base/x509_util_nss.h" | 24 #include "net/base/x509_util_nss.h" |
23 | 25 |
24 namespace net { | 26 namespace net { |
25 | 27 |
26 void X509Certificate::Initialize() { | 28 void X509Certificate::Initialize() { |
27 x509_util::ParsePrincipal(&cert_handle_->subject, &subject_); | 29 x509_util::ParsePrincipal(&cert_handle_->subject, &subject_); |
28 x509_util::ParsePrincipal(&cert_handle_->issuer, &issuer_); | 30 x509_util::ParsePrincipal(&cert_handle_->issuer, &issuer_); |
29 | 31 |
30 x509_util::ParseDate(&cert_handle_->validity.notBefore, &valid_start_); | 32 x509_util::ParseDate(&cert_handle_->validity.notBefore, &valid_start_); |
31 x509_util::ParseDate(&cert_handle_->validity.notAfter, &valid_expiry_); | 33 x509_util::ParseDate(&cert_handle_->validity.notAfter, &valid_expiry_); |
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
147 void X509Certificate::GetSubjectAltName( | 149 void X509Certificate::GetSubjectAltName( |
148 std::vector<std::string>* dns_names, | 150 std::vector<std::string>* dns_names, |
149 std::vector<std::string>* ip_addrs) const { | 151 std::vector<std::string>* ip_addrs) const { |
150 x509_util::GetSubjectAltName(cert_handle_, dns_names, ip_addrs); | 152 x509_util::GetSubjectAltName(cert_handle_, dns_names, ip_addrs); |
151 } | 153 } |
152 | 154 |
153 bool X509Certificate::VerifyNameMatch(const std::string& hostname) const { | 155 bool X509Certificate::VerifyNameMatch(const std::string& hostname) const { |
154 return CERT_VerifyCertName(cert_handle_, hostname.c_str()) == SECSuccess; | 156 return CERT_VerifyCertName(cert_handle_, hostname.c_str()) == SECSuccess; |
155 } | 157 } |
156 | 158 |
159 bool X509Certificate::IsIssuedByEncoded( | |
160 const std::vector<std::string>& valid_issuers) { | |
161 // Get certificate chain as scoped list of CERTCertificate objects. | |
162 std::vector<CERTCertificate*> cert_chain; | |
163 cert_chain.push_back(cert_handle_); | |
164 for (size_t n = 0; n < intermediate_ca_certs_.size(); ++n) { | |
165 cert_chain.push_back(intermediate_ca_certs_[n]); | |
166 } | |
167 // Convert encoded issuers to scoped CERTName* list. | |
168 std::vector<CERTName*> issuers; | |
169 crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); | |
170 if (!x509_util::GetIssuersFromEncodedList( | |
171 valid_issuers, arena.get(), &issuers)) | |
Ryan Sleevi
2012/12/21 22:09:50
nit: Both indent and bracing are incorrect here
digit1
2013/01/07 13:58:40
Done.
| |
172 return false; | |
173 | |
174 // Do the comparison. | |
175 return x509_util::IsCertificateIssuedBy(cert_chain, issuers); | |
176 } | |
177 | |
157 // static | 178 // static |
158 bool X509Certificate::GetDEREncoded(X509Certificate::OSCertHandle cert_handle, | 179 bool X509Certificate::GetDEREncoded(X509Certificate::OSCertHandle cert_handle, |
159 std::string* encoded) { | 180 std::string* encoded) { |
160 if (!cert_handle->derCert.len) | 181 if (!cert_handle->derCert.len) |
161 return false; | 182 return false; |
162 encoded->assign(reinterpret_cast<char*>(cert_handle->derCert.data), | 183 encoded->assign(reinterpret_cast<char*>(cert_handle->derCert.data), |
163 cert_handle->derCert.len); | 184 cert_handle->derCert.len); |
164 return true; | 185 return true; |
165 } | 186 } |
166 | 187 |
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
276 } | 297 } |
277 | 298 |
278 // static | 299 // static |
279 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle, | 300 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle, |
280 size_t* size_bits, | 301 size_t* size_bits, |
281 PublicKeyType* type) { | 302 PublicKeyType* type) { |
282 x509_util::GetPublicKeyInfo(cert_handle, size_bits, type); | 303 x509_util::GetPublicKeyInfo(cert_handle, size_bits, type); |
283 } | 304 } |
284 | 305 |
285 } // namespace net | 306 } // namespace net |
OLD | NEW |