Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <cert.h> // Must be included before certdb.h | 5 #include <cert.h> // Must be included before certdb.h |
| 6 #include <certdb.h> | 6 #include <certdb.h> |
| 7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
| 8 #include <nss.h> | 8 #include <nss.h> |
| 9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
| 10 #include <prerror.h> | 10 #include <prerror.h> |
| (...skipping 15 matching lines...) Expand all Loading... | |
| 26 #include "crypto/scoped_nss_types.h" | 26 #include "crypto/scoped_nss_types.h" |
| 27 #include "crypto/third_party/nss/chromium-nss.h" | 27 #include "crypto/third_party/nss/chromium-nss.h" |
| 28 #include "net/cert/x509_certificate.h" | 28 #include "net/cert/x509_certificate.h" |
| 29 #include "net/cert/x509_util.h" | 29 #include "net/cert/x509_util.h" |
| 30 #include "net/cert/x509_util_nss.h" | 30 #include "net/cert/x509_util_nss.h" |
| 31 | 31 |
| 32 namespace net { | 32 namespace net { |
| 33 | 33 |
| 34 namespace { | 34 namespace { |
| 35 | 35 |
| 36 // Microsoft User Principal Name: 1.3.6.1.4.1.311.20.2.3 | |
| 37 const uint8_t kUpnOid[] = {0x2b, 0x6, 0x1, 0x4, 0x1, | |
| 38 0x82, 0x37, 0x14, 0x2, 0x3}; | |
| 39 | |
| 36 // Callback for CERT_DecodeCertPackage(), used in | 40 // Callback for CERT_DecodeCertPackage(), used in |
| 37 // CreateOSCertHandlesFromBytes(). | 41 // CreateOSCertHandlesFromBytes(). |
| 38 SECStatus PR_CALLBACK | 42 SECStatus PR_CALLBACK |
| 39 CollectCertsCallback(void* arg, SECItem** certs, int num_certs) { | 43 CollectCertsCallback(void* arg, SECItem** certs, int num_certs) { |
| 40 X509Certificate::OSCertHandles* results = | 44 X509Certificate::OSCertHandles* results = |
| 41 reinterpret_cast<X509Certificate::OSCertHandles*>(arg); | 45 reinterpret_cast<X509Certificate::OSCertHandles*>(arg); |
| 42 | 46 |
| 43 for (int i = 0; i < num_certs; ++i) { | 47 for (int i = 0; i < num_certs; ++i) { |
| 44 X509Certificate::OSCertHandle handle = | 48 X509Certificate::OSCertHandle handle = |
| 45 X509Certificate::CreateOSCertHandleFromBytes( | 49 X509Certificate::CreateOSCertHandleFromBytes( |
| (...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 193 std::string(reinterpret_cast<char*>(name->name.other.data), | 197 std::string(reinterpret_cast<char*>(name->name.other.data), |
| 194 name->name.other.len)); | 198 name->name.other.len)); |
| 195 } | 199 } |
| 196 name = CERT_GetNextGeneralName(name); | 200 name = CERT_GetNextGeneralName(name); |
| 197 if (name == alt_name_list) | 201 if (name == alt_name_list) |
| 198 break; | 202 break; |
| 199 } | 203 } |
| 200 PORT_FreeArena(arena, PR_FALSE); | 204 PORT_FreeArena(arena, PR_FALSE); |
| 201 } | 205 } |
| 202 | 206 |
| 207 CERTGeneralNameTypeEnum SANTypeToGeneralNameType(SubjectAltNameType type) { | |
| 208 switch (type) { | |
| 209 case SAN_RFC822_NAME: | |
| 210 return certRFC822Name; | |
| 211 case SAN_DNS_NAME: | |
| 212 return certDNSName; | |
| 213 case SAN_URI: | |
| 214 return certURI; | |
| 215 case SAN_IP_ADDRESS: | |
| 216 return certIPAddress; | |
| 217 case SAN_UPN: | |
| 218 return certOtherName; | |
| 219 } | |
| 220 NOTREACHED(); | |
| 221 return certOtherName; | |
| 222 } | |
| 223 | |
| 224 void GetSubjectAltNameByType(CERTCertificate* cert_handle, | |
| 225 SubjectAltNameType type, | |
| 226 std::vector<std::string>* names) { | |
| 227 crypto::ScopedSECItem alt_name(SECITEM_AllocItem(NULL, NULL, 0)); | |
| 228 DCHECK(alt_name.get()); | |
| 229 | |
| 230 SECStatus rv = CERT_FindCertExtension( | |
| 231 cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, alt_name.get()); | |
| 232 if (rv != SECSuccess) | |
| 233 return; | |
| 234 | |
| 235 crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); | |
| 236 DCHECK(arena.get()); | |
| 237 | |
| 238 CERTGeneralName* alt_name_list; | |
| 239 alt_name_list = CERT_DecodeAltNameExtension(arena.get(), alt_name.get()); | |
| 240 | |
| 241 CERTGeneralName* name = alt_name_list; | |
| 242 while (name) { | |
| 243 if (name->type == SANTypeToGeneralNameType(type)) { | |
| 244 switch (type) { | |
| 245 case SAN_RFC822_NAME: | |
| 246 case SAN_DNS_NAME: | |
| 247 case SAN_URI: | |
| 248 case SAN_IP_ADDRESS: | |
| 249 names->push_back( | |
| 250 std::string(reinterpret_cast<char*>(name->name.other.data), | |
| 251 name->name.other.len)); | |
| 252 break; | |
| 253 case SAN_UPN: | |
| 254 OtherName* on = &name->name.OthName; | |
| 255 if (on->oid.len == sizeof(kUpnOid) && | |
| 256 !memcmp(on->oid.data, kUpnOid, sizeof(kUpnOid))) { | |
|
Ryan Sleevi
2016/03/01 00:28:29
The use of ! for values that return <0,0,>0 has be
Kevin Cernekee
2016/03/01 19:28:01
Done.
| |
| 257 SECItem decoded; | |
| 258 if (SEC_ASN1DecodeItem(arena.get(), &decoded, | |
|
Ryan Sleevi
2016/03/01 00:28:28
SECURITY: DO *not* use this function in any way wh
Kevin Cernekee
2016/03/01 19:28:01
Done.
| |
| 259 SEC_ASN1_GET(SEC_UTF8StringTemplate), | |
| 260 &name->name.OthName.name) == SECSuccess) { | |
| 261 names->push_back(std::string( | |
| 262 reinterpret_cast<char*>(decoded.data), decoded.len)); | |
| 263 } | |
| 264 } | |
| 265 break; | |
| 266 } | |
| 267 } | |
| 268 name = CERT_GetNextGeneralName(name); | |
| 269 if (name == alt_name_list) | |
| 270 break; | |
| 271 } | |
| 272 } | |
| 273 | |
| 203 X509Certificate::OSCertHandles CreateOSCertHandlesFromBytes( | 274 X509Certificate::OSCertHandles CreateOSCertHandlesFromBytes( |
| 204 const char* data, | 275 const char* data, |
| 205 size_t length, | 276 size_t length, |
| 206 X509Certificate::Format format) { | 277 X509Certificate::Format format) { |
| 207 X509Certificate::OSCertHandles results; | 278 X509Certificate::OSCertHandles results; |
| 208 | 279 |
| 209 crypto::EnsureNSSInit(); | 280 crypto::EnsureNSSInit(); |
| 210 | 281 |
| 211 if (!NSS_IsInitialized()) | 282 if (!NSS_IsInitialized()) |
| 212 return results; | 283 return results; |
| (...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 337 base::SStringPrintf(&new_name, "%s #%d", nickname.c_str(), index++); | 408 base::SStringPrintf(&new_name, "%s #%d", nickname.c_str(), index++); |
| 338 temp_nickname = token_name + new_name; | 409 temp_nickname = token_name + new_name; |
| 339 } | 410 } |
| 340 | 411 |
| 341 return new_name; | 412 return new_name; |
| 342 } | 413 } |
| 343 | 414 |
| 344 } // namespace x509_util | 415 } // namespace x509_util |
| 345 | 416 |
| 346 } // namespace net | 417 } // namespace net |
| OLD | NEW |