OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <iostream> | 5 #include <iostream> |
6 | 6 |
7 #include "base/at_exit.h" | 7 #include "base/at_exit.h" |
8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/message_loop/message_loop.h" | 10 #include "base/message_loop/message_loop.h" |
11 #include "base/time/time.h" | 11 #include "base/time/time.h" |
12 #include "net/tools/cert_verify_tool/cert_verify_tool_util.h" | 12 #include "net/tools/cert_verify_tool/cert_verify_tool_util.h" |
13 #include "net/tools/cert_verify_tool/verify_using_cert_verify_proc.h" | 13 #include "net/tools/cert_verify_tool/verify_using_cert_verify_proc.h" |
| 14 #include "net/tools/cert_verify_tool/verify_using_path_builder.h" |
14 | 15 |
15 namespace { | 16 namespace { |
16 | 17 |
17 void PrintUsage(const char* argv0) { | 18 void PrintUsage(const char* argv0) { |
18 std::cerr << "Usage: " << argv0 << " [flags] <target/chain>\n"; | 19 std::cerr << "Usage: " << argv0 << " [flags] <target/chain>\n"; |
19 std::cerr << " <target/chain> should be a file containing a single DER cert " | 20 std::cerr << " <target/chain> should be a file containing a single DER cert " |
20 "or a PEM certificate chain (target first).\n"; | 21 "or a PEM certificate chain (target first).\n"; |
21 std::cerr << "Flags:\n"; | 22 std::cerr << "Flags:\n"; |
22 std::cerr << " --hostname=<hostname>\n"; | 23 std::cerr << " --hostname=<hostname>\n"; |
23 std::cerr << " --roots=<certs path>\n"; | 24 std::cerr << " --roots=<certs path>\n"; |
24 std::cerr << " --intermediates=<certs path>\n"; | 25 std::cerr << " --intermediates=<certs path>\n"; |
25 std::cerr << " <certs path> should be a file containing a single DER cert or " | 26 std::cerr << " <certs path> should be a file containing a single DER cert or " |
26 "one or more PEM CERTIFICATE blocks.\n"; | 27 "one or more PEM CERTIFICATE blocks.\n"; |
| 28 std::cerr << " --time=<time>\n"; |
| 29 std::cerr << " Use <time> instead of the current system time. <time> is " |
| 30 "interpreted in local time if a timezone is not specified.\n"; |
| 31 std::cerr << " Many common formats are supported, such as:\n"; |
| 32 std::cerr << " 1994-11-15 12:45:26 GMT\n"; |
| 33 std::cerr << " Tue, 15 Nov 1994 12:45:26 GMT\n"; |
| 34 std::cerr << " Nov 15 12:45:26 1994 GMT\n"; |
27 std::cerr << " --dump=<file prefix>\n"; | 35 std::cerr << " --dump=<file prefix>\n"; |
28 std::cerr << " Dumps the verified chain to PEM files starting with <file " | 36 std::cerr << " Dumps the verified chain to PEM files starting with <file " |
29 "prefix>.\n"; | 37 "prefix>.\n"; |
30 // TODO(mattm): allow <certs path> to be a directory containing DER/PEM files? | 38 // TODO(mattm): allow <certs path> to be a directory containing DER/PEM files? |
31 // TODO(mattm): allow target to specify an HTTPS URL to check the cert of? | 39 // TODO(mattm): allow target to specify an HTTPS URL to check the cert of? |
32 // TODO(mattm): allow target to be a verify_certificate_chain_unittest PEM | 40 // TODO(mattm): allow target to be a verify_certificate_chain_unittest PEM |
33 // file? | 41 // file? |
34 } | 42 } |
35 | 43 |
36 } // namespace | 44 } // namespace |
(...skipping 15 matching lines...) Expand all Loading... |
52 PrintUsage(argv[0]); | 60 PrintUsage(argv[0]); |
53 return 1; | 61 return 1; |
54 } | 62 } |
55 | 63 |
56 std::string hostname = command_line.GetSwitchValueASCII("hostname"); | 64 std::string hostname = command_line.GetSwitchValueASCII("hostname"); |
57 if (hostname.empty()) { | 65 if (hostname.empty()) { |
58 std::cerr << "ERROR: --hostname is required\n"; | 66 std::cerr << "ERROR: --hostname is required\n"; |
59 return 1; | 67 return 1; |
60 } | 68 } |
61 | 69 |
| 70 base::Time verify_time; |
| 71 std::string time_flag = command_line.GetSwitchValueASCII("time"); |
| 72 if (!time_flag.empty()) { |
| 73 if (!base::Time::FromString(time_flag.c_str(), &verify_time)) { |
| 74 std::cerr << "Error parsing --time flag\n"; |
| 75 return 1; |
| 76 } |
| 77 } else { |
| 78 verify_time = base::Time::Now(); |
| 79 } |
| 80 |
62 base::FilePath roots_path = command_line.GetSwitchValuePath("roots"); | 81 base::FilePath roots_path = command_line.GetSwitchValuePath("roots"); |
63 base::FilePath intermediates_path = | 82 base::FilePath intermediates_path = |
64 command_line.GetSwitchValuePath("intermediates"); | 83 command_line.GetSwitchValuePath("intermediates"); |
65 base::FilePath target_path = base::FilePath(args[0]); | 84 base::FilePath target_path = base::FilePath(args[0]); |
66 | 85 |
67 base::FilePath dump_prefix_path = command_line.GetSwitchValuePath("dump"); | 86 base::FilePath dump_prefix_path = command_line.GetSwitchValuePath("dump"); |
68 | 87 |
69 std::vector<CertInput> root_der_certs; | 88 std::vector<CertInput> root_der_certs; |
70 std::vector<CertInput> intermediate_der_certs; | 89 std::vector<CertInput> intermediate_der_certs; |
71 CertInput target_der_cert; | 90 CertInput target_der_cert; |
72 | 91 |
73 if (!roots_path.empty()) | 92 if (!roots_path.empty()) |
74 ReadCertificatesFromFile(roots_path, &root_der_certs); | 93 ReadCertificatesFromFile(roots_path, &root_der_certs); |
75 if (!intermediates_path.empty()) | 94 if (!intermediates_path.empty()) |
76 ReadCertificatesFromFile(intermediates_path, &intermediate_der_certs); | 95 ReadCertificatesFromFile(intermediates_path, &intermediate_der_certs); |
77 ReadChainFromFile(target_path, &target_der_cert, &intermediate_der_certs); | 96 ReadChainFromFile(target_path, &target_der_cert, &intermediate_der_certs); |
78 | 97 |
79 if (target_der_cert.der_cert.empty()) { | 98 if (target_der_cert.der_cert.empty()) { |
80 std::cerr << "ERROR: no target cert\n"; | 99 std::cerr << "ERROR: no target cert\n"; |
81 return 1; | 100 return 1; |
82 } | 101 } |
83 | 102 |
84 std::cout << "CertVerifyProc:\n"; | 103 std::cout << "CertVerifyProc:\n"; |
85 bool verify_ok = VerifyUsingCertVerifyProc(target_der_cert, hostname, | 104 bool cert_verify_proc_ok = true; |
86 intermediate_der_certs, | 105 if (!time_flag.empty()) { |
87 root_der_certs, dump_prefix_path); | 106 std::cerr << "ERROR: --time is not supported with CertVerifyProc, " |
| 107 "skipping.\n"; |
| 108 } else { |
| 109 cert_verify_proc_ok = VerifyUsingCertVerifyProc( |
| 110 target_der_cert, hostname, intermediate_der_certs, root_der_certs, |
| 111 dump_prefix_path); |
| 112 } |
88 | 113 |
89 return verify_ok ? 0 : 1; | 114 std::cout << "\nCertPathBuilder:\n"; |
| 115 bool path_builder_ok = |
| 116 VerifyUsingPathBuilder(target_der_cert, intermediate_der_certs, |
| 117 root_der_certs, verify_time, dump_prefix_path); |
| 118 |
| 119 return (cert_verify_proc_ok && path_builder_ok) ? 0 : 1; |
90 } | 120 } |
OLD | NEW |