OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/x509_util.h" | 5 #include "net/cert/x509_util.h" |
6 #include "net/cert/x509_util_nss.h" | 6 #include "net/cert/x509_util_nss.h" |
7 | 7 |
8 #include <cert.h> // Must be included before certdb.h | 8 #include <cert.h> // Must be included before certdb.h |
9 #include <certdb.h> | 9 #include <certdb.h> |
10 #include <cryptohi.h> | 10 #include <cryptohi.h> |
11 #include <nss.h> | 11 #include <nss.h> |
12 #include <pk11pub.h> | 12 #include <pk11pub.h> |
13 #include <prerror.h> | 13 #include <prerror.h> |
14 #include <secder.h> | 14 #include <secder.h> |
15 #include <secmod.h> | 15 #include <secmod.h> |
16 #include <secport.h> | 16 #include <secport.h> |
17 | 17 |
18 #include "base/debug/leak_annotations.h" | 18 #include "base/debug/leak_annotations.h" |
19 #include "base/logging.h" | 19 #include "base/logging.h" |
20 #include "base/memory/scoped_ptr.h" | 20 #include "base/memory/scoped_ptr.h" |
21 #include "base/memory/singleton.h" | 21 #include "base/memory/singleton.h" |
22 #include "base/pickle.h" | 22 #include "base/pickle.h" |
23 #include "base/strings/stringprintf.h" | 23 #include "base/strings/stringprintf.h" |
24 #include "crypto/ec_private_key.h" | 24 #include "crypto/ec_private_key.h" |
25 #include "crypto/nss_util.h" | 25 #include "crypto/nss_util.h" |
26 #include "crypto/nss_util_internal.h" | 26 #include "crypto/nss_util_internal.h" |
27 #include "crypto/rsa_private_key.h" | |
27 #include "crypto/scoped_nss_types.h" | 28 #include "crypto/scoped_nss_types.h" |
28 #include "crypto/third_party/nss/chromium-nss.h" | 29 #include "crypto/third_party/nss/chromium-nss.h" |
29 #include "net/cert/x509_certificate.h" | 30 #include "net/cert/x509_certificate.h" |
30 | 31 |
31 namespace net { | 32 namespace net { |
32 | 33 |
33 namespace { | 34 namespace { |
34 | 35 |
35 class DomainBoundCertOIDWrapper { | 36 class DomainBoundCertOIDWrapper { |
36 public: | 37 public: |
(...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
175 DLOG(ERROR) << "DerSignData: " << PORT_GetError(); | 176 DLOG(ERROR) << "DerSignData: " << PORT_GetError(); |
176 return false; | 177 return false; |
177 } | 178 } |
178 | 179 |
179 // Save the signed result to the cert. | 180 // Save the signed result to the cert. |
180 cert->derCert = result; | 181 cert->derCert = result; |
181 | 182 |
182 return true; | 183 return true; |
183 } | 184 } |
184 | 185 |
186 CERTCertificate* CreateSelfSignedCertInternal( | |
187 SECKEYPublicKey* public_key, | |
188 SECKEYPrivateKey* private_key, | |
189 const std::string& subject, | |
190 uint32 serial_number, | |
191 base::Time not_valid_before, | |
192 base::Time not_valid_after) { | |
193 CERTCertificate* cert = CreateCertificate(public_key, | |
194 subject, | |
195 serial_number, | |
196 not_valid_before, | |
197 not_valid_after); | |
198 if (!cert) | |
199 return NULL; | |
200 | |
201 if (!SignCertificate(cert, private_key)) { | |
202 CERT_DestroyCertificate(cert); | |
203 return NULL; | |
204 } | |
205 | |
206 return cert; | |
207 } | |
208 | |
185 bool CreateDomainBoundCertInternal( | 209 bool CreateDomainBoundCertInternal( |
186 SECKEYPublicKey* public_key, | 210 SECKEYPublicKey* public_key, |
187 SECKEYPrivateKey* private_key, | 211 SECKEYPrivateKey* private_key, |
188 const std::string& domain, | 212 const std::string& domain, |
189 uint32 serial_number, | 213 uint32 serial_number, |
190 base::Time not_valid_before, | 214 base::Time not_valid_before, |
191 base::Time not_valid_after, | 215 base::Time not_valid_after, |
192 std::string* der_cert) { | 216 std::string* der_cert) { |
193 CERTCertificate* cert = CreateCertificate(public_key, | 217 CERTCertificate* cert = CreateCertificate(public_key, |
194 "CN=anonymous.invalid", | 218 "CN=anonymous.invalid", |
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
305 | 329 |
306 return name.release(); | 330 return name.release(); |
307 } | 331 } |
308 | 332 |
309 #endif // defined(USE_NSS) || defined(OS_IOS) | 333 #endif // defined(USE_NSS) || defined(OS_IOS) |
310 | 334 |
311 } // namespace | 335 } // namespace |
312 | 336 |
313 namespace x509_util { | 337 namespace x509_util { |
314 | 338 |
315 CERTCertificate* CreateSelfSignedCert( | 339 bool CreateSelfSignedCert(crypto::RSAPrivateKey* key, |
316 SECKEYPublicKey* public_key, | 340 const std::string& common_name, |
317 SECKEYPrivateKey* private_key, | 341 uint32 serial_number, |
318 const std::string& subject, | 342 base::Time not_valid_before, |
319 uint32 serial_number, | 343 base::Time not_valid_after, |
320 base::Time not_valid_before, | 344 std::string* der_encoded) { |
321 base::Time not_valid_after) { | 345 CERTCertificate* cert = CreateSelfSignedCertInternal( |
wtc
2013/06/20 21:35:56
I think we can just inline CreateSelfSignedCertInt
| |
322 CERTCertificate* cert = CreateCertificate(public_key, | 346 key->public_key(), |
323 subject, | 347 key->key(), |
324 serial_number, | 348 common_name, |
325 not_valid_before, | 349 serial_number, |
326 not_valid_after); | 350 not_valid_before, |
351 not_valid_after); | |
327 if (!cert) | 352 if (!cert) |
328 return NULL; | 353 return false; |
329 | 354 |
330 if (!SignCertificate(cert, private_key)) { | 355 der_encoded->assign(reinterpret_cast<char*>(cert->derCert.data), |
331 CERT_DestroyCertificate(cert); | 356 cert->derCert.len); |
332 return NULL; | 357 CERT_DestroyCertificate(cert); |
333 } | 358 return true; |
334 | |
335 return cert; | |
336 } | 359 } |
337 | 360 |
338 bool IsSupportedValidityRange(base::Time not_valid_before, | 361 bool IsSupportedValidityRange(base::Time not_valid_before, |
339 base::Time not_valid_after) { | 362 base::Time not_valid_after) { |
340 CERTValidity* validity = CERT_CreateValidity( | 363 CERTValidity* validity = CERT_CreateValidity( |
341 crypto::BaseTimeToPRTime(not_valid_before), | 364 crypto::BaseTimeToPRTime(not_valid_before), |
342 crypto::BaseTimeToPRTime(not_valid_after)); | 365 crypto::BaseTimeToPRTime(not_valid_after)); |
343 | 366 |
344 if (!validity) | 367 if (!validity) |
345 return false; | 368 return false; |
346 | 369 |
347 CERT_DestroyValidity(validity); | 370 CERT_DestroyValidity(validity); |
348 return true; | 371 return true; |
349 } | 372 } |
350 | 373 |
351 bool CreateDomainBoundCertEC( | 374 bool CreateDomainBoundCertEC( |
352 crypto::ECPrivateKey* key, | 375 crypto::ECPrivateKey* key, |
353 const std::string& domain, | 376 const std::string& domain, |
354 uint32 serial_number, | 377 uint32 serial_number, |
355 base::Time not_valid_before, | 378 base::Time not_valid_before, |
356 base::Time not_valid_after, | 379 base::Time not_valid_after, |
357 std::string* der_cert) { | 380 std::string* der_cert) { |
358 DCHECK(key); | 381 DCHECK(key); |
359 return CreateDomainBoundCertInternal(key->public_key(), | 382 return CreateDomainBoundCertInternal(key->public_key(), |
wtc
2013/06/20 21:35:56
CreateDomainBoundCertInternal is only used here. I
| |
360 key->key(), | 383 key->key(), |
361 domain, | 384 domain, |
362 serial_number, | 385 serial_number, |
363 not_valid_before, | 386 not_valid_before, |
364 not_valid_after, | 387 not_valid_after, |
365 der_cert); | 388 der_cert); |
366 } | 389 } |
367 | 390 |
368 #if defined(USE_NSS) || defined(OS_IOS) | 391 #if defined(USE_NSS) || defined(OS_IOS) |
369 void ParsePrincipal(CERTName* name, CertPrincipal* principal) { | 392 void ParsePrincipal(CERTName* name, CertPrincipal* principal) { |
(...skipping 256 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
626 } | 649 } |
627 | 650 |
628 return new_name; | 651 return new_name; |
629 } | 652 } |
630 | 653 |
631 #endif // defined(USE_NSS) || defined(OS_IOS) | 654 #endif // defined(USE_NSS) || defined(OS_IOS) |
632 | 655 |
633 } // namespace x509_util | 656 } // namespace x509_util |
634 | 657 |
635 } // namespace net | 658 } // namespace net |
OLD | NEW |