OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/common/net/x509_certificate_model.h" | 5 #include "chrome/common/net/x509_certificate_model.h" |
6 | 6 |
7 #include <cert.h> | 7 #include <cert.h> |
8 #include <cms.h> | 8 #include <cms.h> |
9 #include <hasht.h> | 9 #include <hasht.h> |
10 #include <keyhi.h> // SECKEY_DestroyPrivateKey | 10 #include <keyhi.h> // SECKEY_DestroyPrivateKey |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
93 ScopedNSSCMSSignedData; | 93 ScopedNSSCMSSignedData; |
94 | 94 |
95 } // namespace | 95 } // namespace |
96 | 96 |
97 namespace x509_certificate_model { | 97 namespace x509_certificate_model { |
98 | 98 |
99 using net::X509Certificate; | 99 using net::X509Certificate; |
100 using std::string; | 100 using std::string; |
101 | 101 |
102 string GetCertNameOrNickname(X509Certificate::OSCertHandle cert_handle) { | 102 string GetCertNameOrNickname(X509Certificate::OSCertHandle cert_handle) { |
103 string name = ProcessIDN(Stringize(CERT_GetCommonName(&cert_handle->subject), | 103 string name = ProcessIDN( |
104 "")); | 104 Stringize(CERT_GetCommonName(&cert_handle->subject), std::string())); |
105 if (!name.empty()) | 105 if (!name.empty()) |
106 return name; | 106 return name; |
107 return GetNickname(cert_handle); | 107 return GetNickname(cert_handle); |
108 } | 108 } |
109 | 109 |
110 string GetNickname(X509Certificate::OSCertHandle cert_handle) { | 110 string GetNickname(X509Certificate::OSCertHandle cert_handle) { |
111 string name; | 111 string name; |
112 if (cert_handle->nickname) { | 112 if (cert_handle->nickname) { |
113 name = cert_handle->nickname; | 113 name = cert_handle->nickname; |
114 // Hack copied from mozilla: Cut off text before first :, which seems to | 114 // Hack copied from mozilla: Cut off text before first :, which seems to |
(...skipping 10 matching lines...) Expand all Loading... |
125 } | 125 } |
126 | 126 |
127 string GetVersion(X509Certificate::OSCertHandle cert_handle) { | 127 string GetVersion(X509Certificate::OSCertHandle cert_handle) { |
128 // If the version field is omitted from the certificate, the default | 128 // If the version field is omitted from the certificate, the default |
129 // value is v1(0). | 129 // value is v1(0). |
130 unsigned long version = 0; | 130 unsigned long version = 0; |
131 if (cert_handle->version.len == 0 || | 131 if (cert_handle->version.len == 0 || |
132 SEC_ASN1DecodeInteger(&cert_handle->version, &version) == SECSuccess) { | 132 SEC_ASN1DecodeInteger(&cert_handle->version, &version) == SECSuccess) { |
133 return base::UintToString(version + 1); | 133 return base::UintToString(version + 1); |
134 } | 134 } |
135 return ""; | 135 return std::string(); |
136 } | 136 } |
137 | 137 |
138 net::CertType GetType(X509Certificate::OSCertHandle cert_handle) { | 138 net::CertType GetType(X509Certificate::OSCertHandle cert_handle) { |
139 return psm::GetCertType(cert_handle); | 139 return psm::GetCertType(cert_handle); |
140 } | 140 } |
141 | 141 |
142 string GetEmailAddress(X509Certificate::OSCertHandle cert_handle) { | 142 string GetEmailAddress(X509Certificate::OSCertHandle cert_handle) { |
143 if (cert_handle->emailAddr) | 143 if (cert_handle->emailAddr) |
144 return cert_handle->emailAddr; | 144 return cert_handle->emailAddr; |
145 return ""; | 145 return std::string(); |
146 } | 146 } |
147 | 147 |
148 void GetUsageStrings(X509Certificate::OSCertHandle cert_handle, | 148 void GetUsageStrings(X509Certificate::OSCertHandle cert_handle, |
149 std::vector<string>* usages) { | 149 std::vector<string>* usages) { |
150 psm::GetCertUsageStrings(cert_handle, usages); | 150 psm::GetCertUsageStrings(cert_handle, usages); |
151 } | 151 } |
152 | 152 |
153 string GetKeyUsageString(X509Certificate::OSCertHandle cert_handle) { | 153 string GetKeyUsageString(X509Certificate::OSCertHandle cert_handle) { |
154 SECItem key_usage; | 154 SECItem key_usage; |
155 key_usage.data = NULL; | 155 key_usage.data = NULL; |
(...skipping 183 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
339 DCHECK(arena.get()); | 339 DCHECK(arena.get()); |
340 | 340 |
341 ScopedNSSCMSMessage message(NSS_CMSMessage_Create(arena.get())); | 341 ScopedNSSCMSMessage message(NSS_CMSMessage_Create(arena.get())); |
342 DCHECK(message.get()); | 342 DCHECK(message.get()); |
343 | 343 |
344 // First, create SignedData with the certificate only (no chain). | 344 // First, create SignedData with the certificate only (no chain). |
345 ScopedNSSCMSSignedData signed_data(NSS_CMSSignedData_CreateCertsOnly( | 345 ScopedNSSCMSSignedData signed_data(NSS_CMSSignedData_CreateCertsOnly( |
346 message.get(), cert_chain[start], PR_FALSE)); | 346 message.get(), cert_chain[start], PR_FALSE)); |
347 if (!signed_data.get()) { | 347 if (!signed_data.get()) { |
348 DLOG(ERROR) << "NSS_CMSSignedData_Create failed"; | 348 DLOG(ERROR) << "NSS_CMSSignedData_Create failed"; |
349 return ""; | 349 return std::string(); |
350 } | 350 } |
351 // Add the rest of the chain (if any). | 351 // Add the rest of the chain (if any). |
352 for (size_t i = start + 1; i < end; ++i) { | 352 for (size_t i = start + 1; i < end; ++i) { |
353 if (NSS_CMSSignedData_AddCertificate(signed_data.get(), cert_chain[i]) != | 353 if (NSS_CMSSignedData_AddCertificate(signed_data.get(), cert_chain[i]) != |
354 SECSuccess) { | 354 SECSuccess) { |
355 DLOG(ERROR) << "NSS_CMSSignedData_AddCertificate failed on " << i; | 355 DLOG(ERROR) << "NSS_CMSSignedData_AddCertificate failed on " << i; |
356 return ""; | 356 return std::string(); |
357 } | 357 } |
358 } | 358 } |
359 | 359 |
360 NSSCMSContentInfo *cinfo = NSS_CMSMessage_GetContentInfo(message.get()); | 360 NSSCMSContentInfo *cinfo = NSS_CMSMessage_GetContentInfo(message.get()); |
361 if (NSS_CMSContentInfo_SetContent_SignedData( | 361 if (NSS_CMSContentInfo_SetContent_SignedData( |
362 message.get(), cinfo, signed_data.get()) == SECSuccess) { | 362 message.get(), cinfo, signed_data.get()) == SECSuccess) { |
363 ignore_result(signed_data.release()); | 363 ignore_result(signed_data.release()); |
364 } else { | 364 } else { |
365 DLOG(ERROR) << "NSS_CMSMessage_GetContentInfo failed"; | 365 DLOG(ERROR) << "NSS_CMSMessage_GetContentInfo failed"; |
366 return ""; | 366 return std::string(); |
367 } | 367 } |
368 | 368 |
369 SECItem cert_p7 = { siBuffer, NULL, 0 }; | 369 SECItem cert_p7 = { siBuffer, NULL, 0 }; |
370 NSSCMSEncoderContext *ecx = NSS_CMSEncoder_Start(message.get(), NULL, NULL, | 370 NSSCMSEncoderContext *ecx = NSS_CMSEncoder_Start(message.get(), NULL, NULL, |
371 &cert_p7, arena.get(), NULL, | 371 &cert_p7, arena.get(), NULL, |
372 NULL, NULL, NULL, NULL, | 372 NULL, NULL, NULL, NULL, |
373 NULL); | 373 NULL); |
374 if (!ecx) { | 374 if (!ecx) { |
375 DLOG(ERROR) << "NSS_CMSEncoder_Start failed"; | 375 DLOG(ERROR) << "NSS_CMSEncoder_Start failed"; |
376 return ""; | 376 return std::string(); |
377 } | 377 } |
378 | 378 |
379 if (NSS_CMSEncoder_Finish(ecx) != SECSuccess) { | 379 if (NSS_CMSEncoder_Finish(ecx) != SECSuccess) { |
380 DLOG(ERROR) << "NSS_CMSEncoder_Finish failed"; | 380 DLOG(ERROR) << "NSS_CMSEncoder_Finish failed"; |
381 return ""; | 381 return std::string(); |
382 } | 382 } |
383 | 383 |
384 return string(reinterpret_cast<const char*>(cert_p7.data), cert_p7.len); | 384 return string(reinterpret_cast<const char*>(cert_p7.data), cert_p7.len); |
385 } | 385 } |
386 | 386 |
387 string ProcessSecAlgorithmSignature(X509Certificate::OSCertHandle cert_handle) { | 387 string ProcessSecAlgorithmSignature(X509Certificate::OSCertHandle cert_handle) { |
388 return ProcessSecAlgorithmInternal(&cert_handle->signature); | 388 return ProcessSecAlgorithmInternal(&cert_handle->signature); |
389 } | 389 } |
390 | 390 |
391 string ProcessSecAlgorithmSubjectPublicKey( | 391 string ProcessSecAlgorithmSubjectPublicKey( |
(...skipping 15 matching lines...) Expand all Loading... |
407 string ProcessRawBitsSignatureWrap(X509Certificate::OSCertHandle cert_handle) { | 407 string ProcessRawBitsSignatureWrap(X509Certificate::OSCertHandle cert_handle) { |
408 return ProcessRawBits(cert_handle->signatureWrap.signature.data, | 408 return ProcessRawBits(cert_handle->signatureWrap.signature.data, |
409 cert_handle->signatureWrap.signature.len); | 409 cert_handle->signatureWrap.signature.len); |
410 } | 410 } |
411 | 411 |
412 void RegisterDynamicOids() { | 412 void RegisterDynamicOids() { |
413 psm::RegisterDynamicOids(); | 413 psm::RegisterDynamicOids(); |
414 } | 414 } |
415 | 415 |
416 } // namespace x509_certificate_model | 416 } // namespace x509_certificate_model |
OLD | NEW |