OLD | NEW |
1 // Copyright (c) 2016 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
6 | 6 |
7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
8 #include <Security/Security.h> | 8 #include <Security/Security.h> |
9 | 9 |
10 #include <openssl/x509.h> | 10 #include <openssl/x509.h> |
11 #include <openssl/x509v3.h> | 11 #include <openssl/x509v3.h> |
12 | 12 |
13 #include "base/mac/scoped_cftyperef.h" | 13 #include "base/mac/scoped_cftyperef.h" |
14 #include "base/pickle.h" | 14 #include "base/pickle.h" |
15 #include "base/strings/string_piece.h" | 15 #include "base/strings/string_piece.h" |
16 #include "base/strings/string_util.h" | 16 #include "base/strings/string_util.h" |
17 #include "crypto/openssl_util.h" | 17 #include "crypto/openssl_util.h" |
18 #include "crypto/scoped_openssl_types.h" | 18 #include "crypto/scoped_openssl_types.h" |
19 #include "net/base/ip_address_number.h" | 19 #include "net/base/ip_address.h" |
20 #include "net/cert/x509_util_openssl.h" | 20 #include "net/cert/x509_util_openssl.h" |
21 #include "net/ssl/openssl_ssl_util.h" | 21 #include "net/ssl/openssl_ssl_util.h" |
22 | 22 |
23 using base::ScopedCFTypeRef; | 23 using base::ScopedCFTypeRef; |
24 | 24 |
25 namespace net { | 25 namespace net { |
26 | 26 |
27 namespace { | 27 namespace { |
28 | 28 |
29 using ScopedGENERAL_NAMES = | 29 using ScopedGENERAL_NAMES = |
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
129 if (!dns_name) | 129 if (!dns_name) |
130 continue; | 130 continue; |
131 int dns_name_len = ASN1_STRING_length(name->d.dNSName); | 131 int dns_name_len = ASN1_STRING_length(name->d.dNSName); |
132 dns_names->push_back( | 132 dns_names->push_back( |
133 std::string(reinterpret_cast<const char*>(dns_name), dns_name_len)); | 133 std::string(reinterpret_cast<const char*>(dns_name), dns_name_len)); |
134 } else if (name->type == GEN_IPADD && ip_addresses) { | 134 } else if (name->type == GEN_IPADD && ip_addresses) { |
135 const unsigned char* ip_addr = name->d.iPAddress->data; | 135 const unsigned char* ip_addr = name->d.iPAddress->data; |
136 if (!ip_addr) | 136 if (!ip_addr) |
137 continue; | 137 continue; |
138 int ip_addr_len = name->d.iPAddress->length; | 138 int ip_addr_len = name->d.iPAddress->length; |
139 if (ip_addr_len != static_cast<int>(kIPv4AddressSize) && | 139 if (ip_addr_len != static_cast<int>(IPAddress::kIPv4AddressSize) && |
140 ip_addr_len != static_cast<int>(kIPv6AddressSize)) { | 140 ip_addr_len != static_cast<int>(IPAddress::kIPv6AddressSize)) { |
141 // http://www.ietf.org/rfc/rfc3280.txt requires subjectAltName iPAddress | 141 // http://www.ietf.org/rfc/rfc3280.txt requires subjectAltName iPAddress |
142 // to have 4 or 16 bytes, whereas in a name constraint it includes a | 142 // to have 4 or 16 bytes, whereas in a name constraint it includes a |
143 // net mask hence 8 or 32 bytes. Logging to help diagnose any mixup. | 143 // net mask hence 8 or 32 bytes. Logging to help diagnose any mixup. |
144 LOG(WARNING) << "Bad sized IP Address in cert: " << ip_addr_len; | 144 LOG(WARNING) << "Bad sized IP Address in cert: " << ip_addr_len; |
145 continue; | 145 continue; |
146 } | 146 } |
147 ip_addresses->push_back( | 147 ip_addresses->push_back( |
148 std::string(reinterpret_cast<const char*>(ip_addr), ip_addr_len)); | 148 std::string(reinterpret_cast<const char*>(ip_addr), ip_addr_len)); |
149 } | 149 } |
150 } | 150 } |
(...skipping 314 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
465 return false; | 465 return false; |
466 crypto::ScopedEVP_PKEY scoped_key(X509_get_pubkey(cert.get())); | 466 crypto::ScopedEVP_PKEY scoped_key(X509_get_pubkey(cert.get())); |
467 if (!scoped_key) | 467 if (!scoped_key) |
468 return false; | 468 return false; |
469 | 469 |
470 // NOTE: X509_verify() returns 1 in case of success, 0 or -1 on error. | 470 // NOTE: X509_verify() returns 1 in case of success, 0 or -1 on error. |
471 return X509_verify(cert.get(), scoped_key.get()) == 1; | 471 return X509_verify(cert.get(), scoped_key.get()) == 1; |
472 } | 472 } |
473 | 473 |
474 } // namespace net | 474 } // namespace net |
OLD | NEW |