net/cert/x509_util_openssl.cc - Issue 1408433006: Support tls-server-end-point channel bindings for HTTP authentication.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/x509_util_openssl.cc

Issue 1408433006: Support tls-server-end-point channel bindings for HTTP authentication. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/x509_util_openssl.cc

diff --git a/net/cert/x509_util_openssl.cc b/net/cert/x509_util_openssl.cc

index 5b6779a76b19356857aaff4d1922f51206f05188..2e8ef2e6c7a95885a9ab299f39bff60ad68f19be 100644

--- a/net/cert/x509_util_openssl.cc

+++ b/net/cert/x509_util_openssl.cc

@@ -6,6 +6,7 @@

#include <limits.h>

#include <openssl/asn1.h>

+#include <openssl/digest.h>

#include <openssl/mem.h>

#include <algorithm>

@@ -19,7 +20,10 @@

#include "crypto/openssl_util.h"

#include "crypto/rsa_private_key.h"

#include "crypto/scoped_openssl_types.h"

+#include "net/cert/internal/parse_certificate.h"

+#include "net/cert/internal/signature_algorithm.h"

#include "net/cert/x509_cert_types.h"

+#include "net/cert/x509_certificate.h"

#include "net/cert/x509_util.h"

#include "net/ssl/scoped_openssl_types.h"

@@ -303,6 +307,57 @@ bool GetDER(X509* x509, base::StringPiece* der_cache) {

return true;

}

+bool GetTLSServerEndPointChannelBinding(const X509Certificate& certificate,

+ std::string* token) {

+ static const char kChannelBindingPrefix[] = "tls-server-end-point:";

+ std::string der_encoded_certificate;

+ if (!X509Certificate::GetDEREncoded(certificate.os_cert_handle(),

+ &der_encoded_certificate))

+ return false;

+ ParsedCertificate parsed_certificate;

+ if (!ParseCertificate(der::Input(base::StringPiece(der_encoded_certificate)),

+ &parsed_certificate))

+ return false;

+ scoped_ptr<SignatureAlgorithm> signature_algorithm =

+ SignatureAlgorithm::CreateFromDer(

+ parsed_certificate.signature_algorithm_tlv);

+ if (!signature_algorithm)

+ return false;

+ const EVP_MD* digest_evp_md = nullptr;

+ switch (signature_algorithm->digest()) {

+ case net::DigestAlgorithm::Sha1:

+ case net::DigestAlgorithm::Sha256:

+ digest_evp_md = EVP_sha256();

+ break;

+ case net::DigestAlgorithm::Sha384:

+ digest_evp_md = EVP_sha384();

+ break;

+ case net::DigestAlgorithm::Sha512:

+ digest_evp_md = EVP_sha512();

+ break;

+ }

+ if (!digest_evp_md)

+ return false;

+ std::vector<uint8_t> digest(EVP_MAX_MD_SIZE);

+ unsigned int out_size = digest.size();

+ if (!EVP_Digest(der_encoded_certificate.data(),

+ der_encoded_certificate.size(), digest.data(), &out_size,

+ digest_evp_md, nullptr))

+ return false;

+ digest.resize(out_size);

+ token->assign(kChannelBindingPrefix);

+ token->append(digest.begin(), digest.end());

+ return true;

} // namespace x509_util

} // namespace net

« no previous file with comments | « net/cert/x509_util_nss.cc ('k') | net/cert/x509_util_unittest.cc » ('j') | net/http/http_auth_handler_factory.h » ('J')