OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_util.h" | 5 #include "net/base/x509_util.h" |
6 #include "net/base/x509_util_nss.h" | 6 #include "net/base/x509_util_nss.h" |
7 | 7 |
8 #include <cert.h> | 8 #include <cert.h> |
9 #include <cryptohi.h> | 9 #include <cryptohi.h> |
10 #include <nss.h> | 10 #include <nss.h> |
(...skipping 255 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
266 for (int i = 0; i < num_certs; ++i) { | 266 for (int i = 0; i < num_certs; ++i) { |
267 X509Certificate::OSCertHandle handle = | 267 X509Certificate::OSCertHandle handle = |
268 X509Certificate::CreateOSCertHandleFromBytes( | 268 X509Certificate::CreateOSCertHandleFromBytes( |
269 reinterpret_cast<char*>(certs[i]->data), certs[i]->len); | 269 reinterpret_cast<char*>(certs[i]->data), certs[i]->len); |
270 if (handle) | 270 if (handle) |
271 results->push_back(handle); | 271 results->push_back(handle); |
272 } | 272 } |
273 | 273 |
274 return SECSuccess; | 274 return SECSuccess; |
275 } | 275 } |
276 | |
277 typedef scoped_ptr_malloc<CERTName, | |
278 crypto::NSSDestroyer<CERTName, CERT_DestroyName> > ScopedCERTName; | |
Ryan Sleevi
2012/12/21 22:09:50
style nit: This indenting is wrong
typedef scoped
digit1
2013/01/07 13:58:40
Done.
| |
279 | |
280 // Create a new CERTName object from its encoded representation. | |
281 // |arena| is the allocation pool to use. | |
282 // |data| points to a DER-encoded X.509 DistinguishedName. | |
283 // Return a new CERTName pointer on success, or NULL. | |
284 CERTName* CreateCertNameFromEncoded(PLArenaPool* arena, | |
285 const base::StringPiece& data) { | |
286 if (!arena) | |
287 return NULL; | |
288 | |
289 ScopedCERTName name(PORT_ArenaZNew(arena, CERTName)); | |
290 if (!name.get()) | |
291 return NULL; | |
292 | |
293 SECItem item; | |
294 item.len = static_cast<unsigned int>(data.length()); | |
295 item.data = reinterpret_cast<unsigned char*>( | |
296 const_cast<char*>(data.data())); | |
297 | |
298 SECStatus rv = SEC_ASN1DecodeItem(arena, name.get(), | |
299 SEC_ASN1_GET(CERT_NameTemplate), &item); | |
Ryan Sleevi
2012/12/21 22:09:50
style: This indent is incorrect (minimally, should
digit1
2013/01/07 13:58:40
Done.
| |
300 if (rv != SECSuccess) | |
301 return NULL; | |
302 | |
303 return name.release(); | |
304 } | |
305 | |
276 #endif // defined(USE_NSS) || defined(OS_IOS) | 306 #endif // defined(USE_NSS) || defined(OS_IOS) |
277 | 307 |
278 } // namespace | 308 } // namespace |
279 | 309 |
280 namespace x509_util { | 310 namespace x509_util { |
281 | 311 |
282 CERTCertificate* CreateSelfSignedCert( | 312 CERTCertificate* CreateSelfSignedCert( |
283 SECKEYPublicKey* public_key, | 313 SECKEYPublicKey* public_key, |
284 SECKEYPrivateKey* private_key, | 314 SECKEYPrivateKey* private_key, |
285 const std::string& subject, | 315 const std::string& subject, |
(...skipping 234 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
520 break; | 550 break; |
521 case ecKey: | 551 case ecKey: |
522 *type = X509Certificate::kPublicKeyTypeECDSA; | 552 *type = X509Certificate::kPublicKeyTypeECDSA; |
523 break; | 553 break; |
524 default: | 554 default: |
525 *type = X509Certificate::kPublicKeyTypeUnknown; | 555 *type = X509Certificate::kPublicKeyTypeUnknown; |
526 *size_bits = 0; | 556 *size_bits = 0; |
527 break; | 557 break; |
528 } | 558 } |
529 } | 559 } |
560 | |
561 bool GetIssuersFromEncodedList( | |
562 const std::vector<std::string>& encoded_issuers, | |
563 PLArenaPool* arena, | |
564 std::vector<CERTName*>* out) { | |
565 | |
566 out->clear(); | |
567 for (size_t n = 0; n < encoded_issuers.size(); ++n) { | |
568 CERTName* name = CreateCertNameFromEncoded(arena, encoded_issuers[n]); | |
569 if (name == NULL) | |
570 return false; | |
571 | |
572 out->push_back(name); | |
573 } | |
Ryan Sleevi
2012/12/21 22:09:50
RAII-safe alternative:
std::vector<CERTName*> res
digit1
2013/01/07 13:58:40
Done.
| |
574 return true; | |
575 } | |
576 | |
577 | |
578 bool IsCertificateIssuedBy(const std::vector<CERTCertificate*>& cert_chain, | |
579 const std::vector<CERTName*>& valid_issuers) { | |
580 for (size_t n = 0; n < cert_chain.size(); ++n) { | |
581 CERTName* cert_issuer = &cert_chain[n]->issuer; | |
582 for (size_t i = 0; i < valid_issuers.size(); ++i) { | |
583 if (CERT_CompareName(valid_issuers[i], cert_issuer)) | |
584 return true; | |
585 } | |
586 } | |
587 return false; | |
588 } | |
589 | |
530 #endif // defined(USE_NSS) || defined(OS_IOS) | 590 #endif // defined(USE_NSS) || defined(OS_IOS) |
531 | 591 |
532 } // namespace x509_util | 592 } // namespace x509_util |
533 | 593 |
534 } // namespace net | 594 } // namespace net |
OLD | NEW |