OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chromeos/network/client_cert_util.h" | 5 #include "chromeos/network/client_cert_util.h" |
6 | 6 |
7 #include <cert.h> | 7 #include <cert.h> |
8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
9 | 9 |
10 #include <list> | 10 #include <list> |
11 #include <string> | 11 #include <string> |
12 #include <vector> | 12 #include <vector> |
13 | 13 |
14 #include "base/values.h" | 14 #include "base/values.h" |
15 #include "chromeos/network/certificate_pattern.h" | 15 #include "chromeos/network/certificate_pattern.h" |
16 #include "net/base/net_errors.h" | 16 #include "net/base/net_errors.h" |
17 #include "net/cert/cert_database.h" | 17 #include "net/cert/cert_database.h" |
18 #include "net/cert/nss_cert_database.h" | 18 #include "net/cert/nss_cert_database.h" |
| 19 #include "net/cert/scoped_nss_types.h" |
19 #include "net/cert/x509_cert_types.h" | 20 #include "net/cert/x509_cert_types.h" |
20 #include "net/cert/x509_certificate.h" | 21 #include "net/cert/x509_certificate.h" |
21 #include "third_party/cros_system_api/dbus/service_constants.h" | 22 #include "third_party/cros_system_api/dbus/service_constants.h" |
22 | 23 |
23 namespace chromeos { | 24 namespace chromeos { |
24 | 25 |
25 namespace client_cert { | 26 namespace client_cert { |
26 | 27 |
27 namespace { | 28 namespace { |
28 | 29 |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
64 // Functor to filter out certs that don't have an issuer in the associated | 65 // Functor to filter out certs that don't have an issuer in the associated |
65 // IssuerCAPEMs list. | 66 // IssuerCAPEMs list. |
66 class IssuerCaFilter { | 67 class IssuerCaFilter { |
67 public: | 68 public: |
68 explicit IssuerCaFilter(const std::vector<std::string>& issuer_ca_pems) | 69 explicit IssuerCaFilter(const std::vector<std::string>& issuer_ca_pems) |
69 : issuer_ca_pems_(issuer_ca_pems) {} | 70 : issuer_ca_pems_(issuer_ca_pems) {} |
70 bool operator()(const scoped_refptr<net::X509Certificate>& cert) const { | 71 bool operator()(const scoped_refptr<net::X509Certificate>& cert) const { |
71 // Find the certificate issuer for each certificate. | 72 // Find the certificate issuer for each certificate. |
72 // TODO(gspencer): this functionality should be available from | 73 // TODO(gspencer): this functionality should be available from |
73 // X509Certificate or NSSCertDatabase. | 74 // X509Certificate or NSSCertDatabase. |
74 CERTCertificate* issuer_cert = CERT_FindCertIssuer( | 75 net::ScopedCERTCertificate issuer_cert(CERT_FindCertIssuer( |
75 cert.get()->os_cert_handle(), PR_Now(), certUsageAnyCA); | 76 cert.get()->os_cert_handle(), PR_Now(), certUsageAnyCA)); |
76 | 77 |
77 if (!issuer_cert) | 78 if (!issuer_cert) |
78 return true; | 79 return true; |
79 | 80 |
80 std::string pem_encoded; | 81 std::string pem_encoded; |
81 if (!net::X509Certificate::GetPEMEncoded(issuer_cert, &pem_encoded)) { | 82 if (!net::X509Certificate::GetPEMEncoded(issuer_cert.get(), |
| 83 &pem_encoded)) { |
82 LOG(ERROR) << "Couldn't PEM-encode certificate."; | 84 LOG(ERROR) << "Couldn't PEM-encode certificate."; |
83 return true; | 85 return true; |
84 } | 86 } |
85 | 87 |
86 return (std::find(issuer_ca_pems_.begin(), issuer_ca_pems_.end(), | 88 return (std::find(issuer_ca_pems_.begin(), issuer_ca_pems_.end(), |
87 pem_encoded) == | 89 pem_encoded) == |
88 issuer_ca_pems_.end()); | 90 issuer_ca_pems_.end()); |
89 } | 91 } |
90 private: | 92 private: |
91 const std::vector<std::string>& issuer_ca_pems_; | 93 const std::vector<std::string>& issuer_ca_pems_; |
(...skipping 178 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
270 return !cert_id.empty() && !key_id.empty() && !identity.empty(); | 272 return !cert_id.empty() && !key_id.empty() && !identity.empty(); |
271 } | 273 } |
272 } | 274 } |
273 NOTREACHED(); | 275 NOTREACHED(); |
274 return false; | 276 return false; |
275 } | 277 } |
276 | 278 |
277 } // namespace client_cert | 279 } // namespace client_cert |
278 | 280 |
279 } // namespace chromeos | 281 } // namespace chromeos |
OLD | NEW |