OLD | NEW |
| (Empty) |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/cert/x509_util_ios.h" | |
6 | |
7 #include <cert.h> | |
8 #include <CommonCrypto/CommonDigest.h> | |
9 #include <nss.h> | |
10 #include <prtypes.h> | |
11 | |
12 #include "base/mac/scoped_cftyperef.h" | |
13 #include "base/memory/ref_counted.h" | |
14 #include "crypto/nss_util.h" | |
15 #include "net/cert/x509_certificate.h" | |
16 #include "net/cert/x509_util_nss.h" | |
17 | |
18 using base::ScopedCFTypeRef; | |
19 | |
20 namespace net { | |
21 namespace x509_util_ios { | |
22 | |
23 namespace { | |
24 | |
25 // Creates an NSS certificate handle from |data|, which is |length| bytes in | |
26 // size. | |
27 CERTCertificate* CreateNSSCertHandleFromBytes(const char* data, | |
28 int length) { | |
29 if (length < 0) | |
30 return NULL; | |
31 | |
32 crypto::EnsureNSSInit(); | |
33 | |
34 if (!NSS_IsInitialized()) | |
35 return NULL; | |
36 | |
37 SECItem der_cert; | |
38 der_cert.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data)); | |
39 der_cert.len = length; | |
40 der_cert.type = siDERCertBuffer; | |
41 | |
42 // Parse into a certificate structure. | |
43 return CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &der_cert, NULL, | |
44 PR_FALSE, PR_TRUE); | |
45 } | |
46 | |
47 } // namespace | |
48 | |
49 CERTCertificate* CreateNSSCertHandleFromOSHandle( | |
50 SecCertificateRef cert_handle) { | |
51 ScopedCFTypeRef<CFDataRef> cert_data(SecCertificateCopyData(cert_handle)); | |
52 return CreateNSSCertHandleFromBytes( | |
53 reinterpret_cast<const char*>(CFDataGetBytePtr(cert_data)), | |
54 CFDataGetLength(cert_data)); | |
55 } | |
56 | |
57 SecCertificateRef CreateOSCertHandleFromNSSHandle( | |
58 CERTCertificate* nss_cert_handle) { | |
59 return X509Certificate::CreateOSCertHandleFromBytes( | |
60 reinterpret_cast<const char*>(nss_cert_handle->derCert.data), | |
61 nss_cert_handle->derCert.len); | |
62 } | |
63 | |
64 scoped_refptr<X509Certificate> CreateCertFromNSSHandles( | |
65 CERTCertificate* cert_handle, | |
66 const std::vector<CERTCertificate*>& intermediates) { | |
67 ScopedCFTypeRef<SecCertificateRef> os_server_cert( | |
68 CreateOSCertHandleFromNSSHandle(cert_handle)); | |
69 if (!os_server_cert) | |
70 return nullptr; | |
71 std::vector<SecCertificateRef> os_intermediates; | |
72 for (size_t i = 0; i < intermediates.size(); ++i) { | |
73 SecCertificateRef intermediate = | |
74 CreateOSCertHandleFromNSSHandle(intermediates[i]); | |
75 if (!intermediate) | |
76 break; | |
77 os_intermediates.push_back(intermediate); | |
78 } | |
79 | |
80 scoped_refptr<X509Certificate> cert = nullptr; | |
81 if (intermediates.size() == os_intermediates.size()) { | |
82 cert = X509Certificate::CreateFromHandle(os_server_cert, | |
83 os_intermediates); | |
84 } | |
85 | |
86 for (size_t i = 0; i < os_intermediates.size(); ++i) | |
87 CFRelease(os_intermediates[i]); | |
88 return cert; | |
89 } | |
90 | |
91 SHA1HashValue CalculateFingerprintNSS(CERTCertificate* cert) { | |
92 DCHECK(cert->derCert.data); | |
93 DCHECK_NE(0U, cert->derCert.len); | |
94 SHA1HashValue sha1; | |
95 memset(sha1.data, 0, sizeof(sha1.data)); | |
96 CC_SHA1(cert->derCert.data, cert->derCert.len, sha1.data); | |
97 return sha1; | |
98 } | |
99 | |
100 // NSSCertificate implementation. | |
101 | |
102 NSSCertificate::NSSCertificate(SecCertificateRef cert_handle) { | |
103 nss_cert_handle_ = CreateNSSCertHandleFromOSHandle(cert_handle); | |
104 DLOG_IF(ERROR, cert_handle && !nss_cert_handle_) | |
105 << "Could not convert SecCertificateRef to CERTCertificate*"; | |
106 } | |
107 | |
108 NSSCertificate::~NSSCertificate() { | |
109 CERT_DestroyCertificate(nss_cert_handle_); | |
110 } | |
111 | |
112 CERTCertificate* NSSCertificate::cert_handle() const { | |
113 return nss_cert_handle_; | |
114 } | |
115 | |
116 // NSSCertChain implementation | |
117 | |
118 NSSCertChain::NSSCertChain(X509Certificate* certificate) { | |
119 DCHECK(certificate); | |
120 certs_.push_back(CreateNSSCertHandleFromOSHandle( | |
121 certificate->os_cert_handle())); | |
122 const X509Certificate::OSCertHandles& cert_intermediates = | |
123 certificate->GetIntermediateCertificates(); | |
124 for (size_t i = 0; i < cert_intermediates.size(); ++i) | |
125 certs_.push_back(CreateNSSCertHandleFromOSHandle(cert_intermediates[i])); | |
126 } | |
127 | |
128 NSSCertChain::~NSSCertChain() { | |
129 for (size_t i = 0; i < certs_.size(); ++i) | |
130 CERT_DestroyCertificate(certs_[i]); | |
131 } | |
132 | |
133 CERTCertificate* NSSCertChain::cert_handle() const { | |
134 return certs_.empty() ? NULL : certs_.front(); | |
135 } | |
136 | |
137 const std::vector<CERTCertificate*>& NSSCertChain::cert_chain() const { | |
138 return certs_; | |
139 } | |
140 | |
141 } // namespace x509_util_ios | |
142 } // namespace net | |
OLD | NEW |