net/cert/x509_certificate.cc - Issue 16946002: Resolve certificate references in ONC by PEM.

Side by Side Diff: net/cert/x509_certificate.cc

Issue 16946002: Resolve certificate references in ONC by PEM. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: removed automation part. Created 7 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/x509_certificate.h"	5 #include "net/cert/x509_certificate.h"

6	6

7 #include <stdlib.h>	7 #include <stdlib.h>

8	8

9 #include <algorithm>	9 #include <algorithm>

10 #include <map>	10 #include <map>

(...skipping 198 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
209 size_t pos = src.find(c);	209 size_t pos = src.find(c);

210 if (pos == base::StringPiece::npos) {	210 if (pos == base::StringPiece::npos) {

211 *left = src;	211 *left = src;

212 right->clear();	212 right->clear();

213 } else {	213 } else {

214 *left = src.substr(0, pos);	214 *left = src.substr(0, pos);

215 *right = src.substr(pos);	215 *right = src.substr(pos);

216 }	216 }

217 }	217 }

218	218

	219 // Returns the PEM encoded data from an OSCertHandle. If the return value is

	220 // true, then the PEM encoded certificate is written to \|pem_encoded\|.

	221 bool GetPEMEncoded(X509Certificate::OSCertHandle cert_handle,

	222 std::string* pem_encoded) {

	223 std::string der_encoded;

	224 if (!X509Certificate::GetDEREncoded(cert_handle, &der_encoded) \|\|

	225 der_encoded.empty()) {

	226 return false;

	227 }

	228 std::string b64_encoded;

	229 if (!base::Base64Encode(der_encoded, &b64_encoded) \|\| b64_encoded.empty())

	230 return false;

	231 *pem_encoded = "-----BEGIN CERTIFICATE-----\n";

	232

	233 // Divide the Base-64 encoded data into 64-character chunks, as per

	234 // 4.3.2.4 of RFC 1421.

	235 static const size_t kChunkSize = 64;

	236 size_t chunks = (b64_encoded.size() + (kChunkSize - 1)) / kChunkSize;

	237 for (size_t i = 0, chunk_offset = 0; i < chunks;

	238 ++i, chunk_offset += kChunkSize) {

	239 pem_encoded->append(b64_encoded, chunk_offset, kChunkSize);

	240 pem_encoded->append("\n");

	241 }

	242 pem_encoded->append("-----END CERTIFICATE-----\n");

	243 return true;

	244 }

	245

219 } // namespace	246 } // namespace

220	247

221 bool X509Certificate::LessThan::operator()(X509Certificate* lhs,	248 bool X509Certificate::LessThan::operator()(X509Certificate* lhs,

222 X509Certificate* rhs) const {	249 X509Certificate* rhs) const {

223 if (lhs == rhs)	250 if (lhs == rhs)

224 return false;	251 return false;

225	252

226 int rv = memcmp(lhs->fingerprint_.data, rhs->fingerprint_.data,	253 int rv = memcmp(lhs->fingerprint_.data, rhs->fingerprint_.data,

227 sizeof(lhs->fingerprint_.data));	254 sizeof(lhs->fingerprint_.data));

228 if (rv != 0)	255 if (rv != 0)

(...skipping 418 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
647 }	674 }

648 return false;	675 return false;

649 }	676 }

650	677

651 bool X509Certificate::VerifyNameMatch(const std::string& hostname) const {	678 bool X509Certificate::VerifyNameMatch(const std::string& hostname) const {

652 std::vector<std::string> dns_names, ip_addrs;	679 std::vector<std::string> dns_names, ip_addrs;

653 GetSubjectAltName(&dns_names, &ip_addrs);	680 GetSubjectAltName(&dns_names, &ip_addrs);

654 return VerifyHostname(hostname, subject_.common_name, dns_names, ip_addrs);	681 return VerifyHostname(hostname, subject_.common_name, dns_names, ip_addrs);

655 }	682 }

656	683

657 // static	684 bool X509Certificate::GetPEMEncoded(std::string* pem_encoded) const {

658 bool X509Certificate::GetPEMEncoded(OSCertHandle cert_handle,	685 return net::GetPEMEncoded(os_cert_handle(), pem_encoded);
	Mattias Nissler (ping if slow) 2013/06/14 12:56:44 net qualifier not needed? net qualifier not needed? pneubeck (no reviews) 2013/06/21 12:53:56 Otherwise, GCC doesn't resolve to the function in Show quoted text On 2013/06/14 12:56:44, Mattias Nissler wrote: > net qualifier not needed? Otherwise, GCC doesn't resolve to the function in the anonymous namespace.
659 std::string* pem_encoded) {

660 std::string der_encoded;

661 if (!GetDEREncoded(cert_handle, &der_encoded) \|\| der_encoded.empty())

662 return false;

663 std::string b64_encoded;

664 if (!base::Base64Encode(der_encoded, &b64_encoded) \|\| b64_encoded.empty())

665 return false;

666 *pem_encoded = "-----BEGIN CERTIFICATE-----\n";

667

668 // Divide the Base-64 encoded data into 64-character chunks, as per

669 // 4.3.2.4 of RFC 1421.

670 static const size_t kChunkSize = 64;

671 size_t chunks = (b64_encoded.size() + (kChunkSize - 1)) / kChunkSize;

672 for (size_t i = 0, chunk_offset = 0; i < chunks;

673 ++i, chunk_offset += kChunkSize) {

674 pem_encoded->append(b64_encoded, chunk_offset, kChunkSize);

675 pem_encoded->append("\n");

676 }

677 pem_encoded->append("-----END CERTIFICATE-----\n");

678 return true;

679 }	686 }

680	687

681 bool X509Certificate::GetPEMEncodedChain(	688 bool X509Certificate::GetPEMEncodedChain(

682 std::vector<std::string>* pem_encoded) const {	689 std::vector<std::string>* pem_encoded) const {

683 std::vector<std::string> encoded_chain;	690 std::vector<std::string> encoded_chain;

684 std::string pem_data;	691 std::string pem_data;

685 if (!GetPEMEncoded(os_cert_handle(), &pem_data))	692 if (!GetPEMEncoded(&pem_data))

686 return false;	693 return false;

687 encoded_chain.push_back(pem_data);	694 encoded_chain.push_back(pem_data);

688 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {	695 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {

689 if (!GetPEMEncoded(intermediate_ca_certs_[i], &pem_data))	696 if (!net::GetPEMEncoded(intermediate_ca_certs_[i], &pem_data))
	Mattias Nissler (ping if slow) 2013/06/14 12:56:44 no need for the net qualifier? no need for the net qualifier? pneubeck (no reviews) 2013/06/21 12:53:56 ditto. Show quoted text On 2013/06/14 12:56:44, Mattias Nissler wrote: > no need for the net qualifier? ditto.
690 return false;	697 return false;

691 encoded_chain.push_back(pem_data);	698 encoded_chain.push_back(pem_data);

692 }	699 }

693 pem_encoded->swap(encoded_chain);	700 pem_encoded->swap(encoded_chain);

694 return true;	701 return true;

695 }	702 }

696	703

697 X509Certificate::X509Certificate(OSCertHandle cert_handle,	704 X509Certificate::X509Certificate(OSCertHandle cert_handle,

698 const OSCertHandles& intermediates)	705 const OSCertHandles& intermediates)

699 : cert_handle_(DupOSCertHandle(cert_handle)) {	706 : cert_handle_(DupOSCertHandle(cert_handle)) {

(...skipping 16 matching lines...) Expand all Loading...
716 RemoveFromCache(cert_handle_);	723 RemoveFromCache(cert_handle_);

717 FreeOSCertHandle(cert_handle_);	724 FreeOSCertHandle(cert_handle_);

718 }	725 }

719 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {	726 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {

720 RemoveFromCache(intermediate_ca_certs_[i]);	727 RemoveFromCache(intermediate_ca_certs_[i]);

721 FreeOSCertHandle(intermediate_ca_certs_[i]);	728 FreeOSCertHandle(intermediate_ca_certs_[i]);

722 }	729 }

723 }	730 }

724	731

725 } // namespace net	732 } // namespace net

OLD	NEW

« net/cert/x509_certificate.h ('K') | « net/cert/x509_certificate.h ('k') | no next file » | no next file with comments »