Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(249)

Side by Side Diff: net/cert/x509_util_nss_certs.cc

Issue 1720653002: Add new functions to handle UPN and email addresses (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Don't squash 10 other commits into the same CL Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/x509_util.h ('K') | « net/cert/x509_util_nss.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <cert.h> // Must be included before certdb.h 5 #include <cert.h> // Must be included before certdb.h
6 #include <certdb.h> 6 #include <certdb.h>
7 #include <cryptohi.h> 7 #include <cryptohi.h>
8 #include <nss.h> 8 #include <nss.h>
9 #include <pk11pub.h> 9 #include <pk11pub.h>
10 #include <prerror.h> 10 #include <prerror.h>
(...skipping 182 matching lines...) Expand 10 before | Expand all | Expand 10 after
193 std::string(reinterpret_cast<char*>(name->name.other.data), 193 std::string(reinterpret_cast<char*>(name->name.other.data),
194 name->name.other.len)); 194 name->name.other.len));
195 } 195 }
196 name = CERT_GetNextGeneralName(name); 196 name = CERT_GetNextGeneralName(name);
197 if (name == alt_name_list) 197 if (name == alt_name_list)
198 break; 198 break;
199 } 199 }
200 PORT_FreeArena(arena, PR_FALSE); 200 PORT_FreeArena(arena, PR_FALSE);
201 } 201 }
202 202
203 void GetSubjectAltName(CERTCertificate* cert_handle,
204 X509Certificate::SubjectAltNameType type,
205 std::vector<std::string>* names) {
206 SECItem alt_name;
Ryan Sleevi 2016/02/27 00:38:45 alt_name should be zero-initialized SECItem alt_n
Kevin Cernekee 2016/02/27 19:06:24 Done.
207 SECStatus rv = CERT_FindCertExtension(
208 cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, &alt_name);
209 if (rv != SECSuccess)
210 return;
211
212 PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
Ryan Sleevi 2016/02/27 00:38:45 We have scopers for this.
Kevin Cernekee 2016/02/27 19:06:24 Done.
213 DCHECK(arena != NULL);
214
215 CERTGeneralName* alt_name_list;
216 alt_name_list = CERT_DecodeAltNameExtension(arena, &alt_name);
217 SECITEM_FreeItem(&alt_name, PR_FALSE);
Ryan Sleevi 2016/02/27 00:38:45 This early free-ing seems unnecessary (we also hav
Kevin Cernekee 2016/02/27 19:06:24 Done.
218
219 CERTGeneralName* name = alt_name_list;
220 while (name) {
221 if ((type == X509Certificate::SAN_RFC822_NAME &&
222 name->type == certRFC822Name) ||
223 (type == X509Certificate::SAN_DNS_NAME && name->type == certDNSName) ||
224 (type == X509Certificate::SAN_URI && name->type == certURI) ||
225 (type == X509Certificate::SAN_IP_ADDRESS &&
Ryan Sleevi 2016/02/27 00:38:45 Further concerns: Exposing IP addresses / RFC name
Ryan Sleevi 2016/02/27 00:38:45 Design concerns: This seems better accomplished as
Kevin Cernekee 2016/02/27 19:06:24 Done.
Kevin Cernekee 2016/02/27 19:06:24 What do you recommend?
226 name->type == certIPAddress)) {
227 names->push_back(
228 std::string(reinterpret_cast<char*>(name->name.other.data),
229 name->name.other.len));
230 } else if (type == X509Certificate::SAN_UPN &&
231 name->type == certOtherName) {
232 OtherName* on = &name->name.OthName;
233 if (on->oid.len == sizeof(kUpnOid) &&
234 !memcmp(on->oid.data, kUpnOid, sizeof(kUpnOid))) {
235 SECItem decoded;
236 if (SEC_ASN1DecodeItem(arena, &decoded,
237 SEC_ASN1_GET(SEC_UTF8StringTemplate),
238 &name->name.OthName.name) == SECSuccess) {
239 names->push_back(
240 std::string(reinterpret_cast<char*>(decoded.data), decoded.len));
241 }
242 }
243 }
244 name = CERT_GetNextGeneralName(name);
245 if (name == alt_name_list)
246 break;
247 }
248 PORT_FreeArena(arena, PR_FALSE);
249 }
250
203 X509Certificate::OSCertHandles CreateOSCertHandlesFromBytes( 251 X509Certificate::OSCertHandles CreateOSCertHandlesFromBytes(
204 const char* data, 252 const char* data,
205 size_t length, 253 size_t length,
206 X509Certificate::Format format) { 254 X509Certificate::Format format) {
207 X509Certificate::OSCertHandles results; 255 X509Certificate::OSCertHandles results;
208 256
209 crypto::EnsureNSSInit(); 257 crypto::EnsureNSSInit();
210 258
211 if (!NSS_IsInitialized()) 259 if (!NSS_IsInitialized())
212 return results; 260 return results;
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after
337 base::SStringPrintf(&new_name, "%s #%d", nickname.c_str(), index++); 385 base::SStringPrintf(&new_name, "%s #%d", nickname.c_str(), index++);
338 temp_nickname = token_name + new_name; 386 temp_nickname = token_name + new_name;
339 } 387 }
340 388
341 return new_name; 389 return new_name;
342 } 390 }
343 391
344 } // namespace x509_util 392 } // namespace x509_util
345 393
346 } // namespace net 394 } // namespace net
OLDNEW
« net/cert/x509_util.h ('K') | « net/cert/x509_util_nss.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698