Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(132)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/x509_util_nss_certs.cc

Issue 1720653002: Add new functions to handle UPN and email addresses (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix ios build breakage Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/x509_util_nss.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <cert.h> // Must be included before certdb.h 5 #include <cert.h> // Must be included before certdb.h
6 #include <certdb.h> 6 #include <certdb.h>
7 #include <cryptohi.h> 7 #include <cryptohi.h>
8 #include <nss.h> 8 #include <nss.h>
9 #include <pk11pub.h> 9 #include <pk11pub.h>
10 #include <prerror.h> 10 #include <prerror.h>
(...skipping 15 matching lines...) Expand all
26 #include "crypto/scoped_nss_types.h" 26 #include "crypto/scoped_nss_types.h"
27 #include "crypto/third_party/nss/chromium-nss.h" 27 #include "crypto/third_party/nss/chromium-nss.h"
28 #include "net/cert/x509_certificate.h" 28 #include "net/cert/x509_certificate.h"
29 #include "net/cert/x509_util.h" 29 #include "net/cert/x509_util.h"
30 #include "net/cert/x509_util_nss.h" 30 #include "net/cert/x509_util_nss.h"
31 31
32 namespace net { 32 namespace net {
33 33
34 namespace { 34 namespace {
35 35
36 // Microsoft User Principal Name: 1.3.6.1.4.1.311.20.2.3
37 const uint8_t kUpnOid[] = {0x2b, 0x6, 0x1, 0x4, 0x1,
38 0x82, 0x37, 0x14, 0x2, 0x3};
39
36 // Callback for CERT_DecodeCertPackage(), used in 40 // Callback for CERT_DecodeCertPackage(), used in
37 // CreateOSCertHandlesFromBytes(). 41 // CreateOSCertHandlesFromBytes().
38 SECStatus PR_CALLBACK 42 SECStatus PR_CALLBACK
39 CollectCertsCallback(void* arg, SECItem** certs, int num_certs) { 43 CollectCertsCallback(void* arg, SECItem** certs, int num_certs) {
40 X509Certificate::OSCertHandles* results = 44 X509Certificate::OSCertHandles* results =
41 reinterpret_cast<X509Certificate::OSCertHandles*>(arg); 45 reinterpret_cast<X509Certificate::OSCertHandles*>(arg);
42 46
43 for (int i = 0; i < num_certs; ++i) { 47 for (int i = 0; i < num_certs; ++i) {
44 X509Certificate::OSCertHandle handle = 48 X509Certificate::OSCertHandle handle =
45 X509Certificate::CreateOSCertHandleFromBytes( 49 X509Certificate::CreateOSCertHandleFromBytes(
(...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after
193 std::string(reinterpret_cast<char*>(name->name.other.data), 197 std::string(reinterpret_cast<char*>(name->name.other.data),
194 name->name.other.len)); 198 name->name.other.len));
195 } 199 }
196 name = CERT_GetNextGeneralName(name); 200 name = CERT_GetNextGeneralName(name);
197 if (name == alt_name_list) 201 if (name == alt_name_list)
198 break; 202 break;
199 } 203 }
200 PORT_FreeArena(arena, PR_FALSE); 204 PORT_FreeArena(arena, PR_FALSE);
201 } 205 }
202 206
207 void GetRFC822SubjectAltNames(CERTCertificate* cert_handle,
208 std::vector<std::string>* names) {
209 crypto::ScopedSECItem alt_name(SECITEM_AllocItem(NULL, NULL, 0));
210 DCHECK(alt_name.get());
211
212 names->clear();
213 SECStatus rv = CERT_FindCertExtension(
214 cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, alt_name.get());
215 if (rv != SECSuccess)
216 return;
217
218 crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
219 DCHECK(arena.get());
220
221 CERTGeneralName* alt_name_list;
222 alt_name_list = CERT_DecodeAltNameExtension(arena.get(), alt_name.get());
223
224 CERTGeneralName* name = alt_name_list;
225 while (name) {
226 if (name->type == certRFC822Name) {
227 names->push_back(
228 std::string(reinterpret_cast<char*>(name->name.other.data),
229 name->name.other.len));
230 }
231 name = CERT_GetNextGeneralName(name);
232 if (name == alt_name_list)
233 break;
234 }
235 }
236
237 void GetUPNSubjectAltNames(CERTCertificate* cert_handle,
238 std::vector<std::string>* names) {
239 crypto::ScopedSECItem alt_name(SECITEM_AllocItem(NULL, NULL, 0));
240 DCHECK(alt_name.get());
241
242 names->clear();
243 SECStatus rv = CERT_FindCertExtension(
244 cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, alt_name.get());
245 if (rv != SECSuccess)
246 return;
247
248 crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
249 DCHECK(arena.get());
250
251 CERTGeneralName* alt_name_list;
252 alt_name_list = CERT_DecodeAltNameExtension(arena.get(), alt_name.get());
253
254 CERTGeneralName* name = alt_name_list;
255 while (name) {
256 if (name->type == certOtherName) {
257 OtherName* on = &name->name.OthName;
258 if (on->oid.len == sizeof(kUpnOid) &&
259 memcmp(on->oid.data, kUpnOid, sizeof(kUpnOid)) == 0) {
260 SECItem decoded;
261 if (SEC_QuickDERDecodeItem(arena.get(), &decoded,
262 SEC_ASN1_GET(SEC_UTF8StringTemplate),
263 &name->name.OthName.name) == SECSuccess) {
264 names->push_back(
265 std::string(reinterpret_cast<char*>(decoded.data), decoded.len));
266 }
267 }
268 }
269 name = CERT_GetNextGeneralName(name);
270 if (name == alt_name_list)
271 break;
272 }
273 }
274
203 X509Certificate::OSCertHandles CreateOSCertHandlesFromBytes( 275 X509Certificate::OSCertHandles CreateOSCertHandlesFromBytes(
204 const char* data, 276 const char* data,
205 size_t length, 277 size_t length,
206 X509Certificate::Format format) { 278 X509Certificate::Format format) {
207 X509Certificate::OSCertHandles results; 279 X509Certificate::OSCertHandles results;
208 280
209 crypto::EnsureNSSInit(); 281 crypto::EnsureNSSInit();
210 282
211 if (!NSS_IsInitialized()) 283 if (!NSS_IsInitialized())
212 return results; 284 return results;
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after
337 base::SStringPrintf(&new_name, "%s #%d", nickname.c_str(), index++); 409 base::SStringPrintf(&new_name, "%s #%d", nickname.c_str(), index++);
338 temp_nickname = token_name + new_name; 410 temp_nickname = token_name + new_name;
339 } 411 }
340 412
341 return new_name; 413 return new_name;
342 } 414 }
343 415
344 } // namespace x509_util 416 } // namespace x509_util
345 417
346 } // namespace net 418 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/x509_util_nss.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698