| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <iostream> | 5 #include <iostream> |
| 6 | 6 |
| 7 #include "base/at_exit.h" | 7 #include "base/at_exit.h" |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/message_loop/message_loop.h" | 10 #include "base/message_loop/message_loop.h" |
| 11 #include "base/time/time.h" | 11 #include "base/time/time.h" |
| 12 #include "net/tools/cert_verify_tool/cert_verify_tool_util.h" | 12 #include "net/tools/cert_verify_tool/cert_verify_tool_util.h" |
| 13 #include "net/tools/cert_verify_tool/verify_using_cert_verify_proc.h" | 13 #include "net/tools/cert_verify_tool/verify_using_cert_verify_proc.h" |
| 14 #include "net/tools/cert_verify_tool/verify_using_path_builder.h" |
| 14 | 15 |
| 15 namespace { | 16 namespace { |
| 16 | 17 |
| 17 void PrintUsage(const char* argv0) { | 18 void PrintUsage(const char* argv0) { |
| 18 std::cerr << "Usage: " << argv0 << " [flags] <target/chain>\n"; | 19 std::cerr << "Usage: " << argv0 << " [flags] <target/chain>\n"; |
| 19 std::cerr << " <target/chain> should be a file containing a single DER cert " | 20 std::cerr << " <target/chain> should be a file containing a single DER cert " |
| 20 "or a PEM certificate chain (target first).\n"; | 21 "or a PEM certificate chain (target first).\n"; |
| 21 std::cerr << "Flags:\n"; | 22 std::cerr << "Flags:\n"; |
| 22 std::cerr << " --hostname=<hostname>\n"; | 23 std::cerr << " --hostname=<hostname>\n"; |
| 23 std::cerr << " --roots=<certs path>\n"; | 24 std::cerr << " --roots=<certs path>\n"; |
| 24 std::cerr << " --intermediates=<certs path>\n"; | 25 std::cerr << " --intermediates=<certs path>\n"; |
| 25 std::cerr << " <certs path> should be a file containing a single DER cert or " | 26 std::cerr << " <certs path> should be a file containing a single DER cert or " |
| 26 "one or more PEM CERTIFICATE blocks.\n"; | 27 "one or more PEM CERTIFICATE blocks.\n"; |
| 28 std::cerr << " --time=<time>\n"; |
| 29 std::cerr << " Use <time> instead of the current system time. <time> is " |
| 30 "interpreted in local time if a timezone is not specified.\n"; |
| 31 std::cerr << " Many common formats are supported, such as:\n"; |
| 32 std::cerr << " 1994-11-15 12:45:26 GMT\n"; |
| 33 std::cerr << " Tue, 15 Nov 1994 12:45:26 GMT\n"; |
| 34 std::cerr << " Nov 15 12:45:26 1994 GMT\n"; |
| 27 std::cerr << " --dump=<file prefix>\n"; | 35 std::cerr << " --dump=<file prefix>\n"; |
| 28 std::cerr << " Dumps the verified chain to PEM files starting with <file " | 36 std::cerr << " Dumps the verified chain to PEM files starting with <file " |
| 29 "prefix>.\n"; | 37 "prefix>.\n"; |
| 30 // TODO(mattm): allow <certs path> to be a directory containing DER/PEM files? | 38 // TODO(mattm): allow <certs path> to be a directory containing DER/PEM files? |
| 31 // TODO(mattm): allow target to specify an HTTPS URL to check the cert of? | 39 // TODO(mattm): allow target to specify an HTTPS URL to check the cert of? |
| 32 // TODO(mattm): allow target to be a verify_certificate_chain_unittest PEM | 40 // TODO(mattm): allow target to be a verify_certificate_chain_unittest PEM |
| 33 // file? | 41 // file? |
| 34 } | 42 } |
| 35 | 43 |
| 36 } // namespace | 44 } // namespace |
| (...skipping 15 matching lines...) Expand all Loading... |
| 52 PrintUsage(argv[0]); | 60 PrintUsage(argv[0]); |
| 53 return 1; | 61 return 1; |
| 54 } | 62 } |
| 55 | 63 |
| 56 std::string hostname = command_line.GetSwitchValueASCII("hostname"); | 64 std::string hostname = command_line.GetSwitchValueASCII("hostname"); |
| 57 if (hostname.empty()) { | 65 if (hostname.empty()) { |
| 58 std::cerr << "ERROR: --hostname is required\n"; | 66 std::cerr << "ERROR: --hostname is required\n"; |
| 59 return 1; | 67 return 1; |
| 60 } | 68 } |
| 61 | 69 |
| 70 base::Time verify_time; |
| 71 std::string time_flag = command_line.GetSwitchValueASCII("time"); |
| 72 if (!time_flag.empty()) { |
| 73 if (!base::Time::FromString(time_flag.c_str(), &verify_time)) { |
| 74 std::cerr << "Error parsing --time flag\n"; |
| 75 return 1; |
| 76 } |
| 77 } else { |
| 78 verify_time = base::Time::Now(); |
| 79 } |
| 80 |
| 62 base::FilePath roots_path = command_line.GetSwitchValuePath("roots"); | 81 base::FilePath roots_path = command_line.GetSwitchValuePath("roots"); |
| 63 base::FilePath intermediates_path = | 82 base::FilePath intermediates_path = |
| 64 command_line.GetSwitchValuePath("intermediates"); | 83 command_line.GetSwitchValuePath("intermediates"); |
| 65 base::FilePath target_path = base::FilePath(args[0]); | 84 base::FilePath target_path = base::FilePath(args[0]); |
| 66 | 85 |
| 67 base::FilePath dump_prefix_path = command_line.GetSwitchValuePath("dump"); | 86 base::FilePath dump_prefix_path = command_line.GetSwitchValuePath("dump"); |
| 68 | 87 |
| 69 std::vector<CertInput> root_der_certs; | 88 std::vector<CertInput> root_der_certs; |
| 70 std::vector<CertInput> intermediate_der_certs; | 89 std::vector<CertInput> intermediate_der_certs; |
| 71 CertInput target_der_cert; | 90 CertInput target_der_cert; |
| 72 | 91 |
| 73 if (!roots_path.empty()) | 92 if (!roots_path.empty()) |
| 74 ReadCertificatesFromFile(roots_path, &root_der_certs); | 93 ReadCertificatesFromFile(roots_path, &root_der_certs); |
| 75 if (!intermediates_path.empty()) | 94 if (!intermediates_path.empty()) |
| 76 ReadCertificatesFromFile(intermediates_path, &intermediate_der_certs); | 95 ReadCertificatesFromFile(intermediates_path, &intermediate_der_certs); |
| 77 ReadChainFromFile(target_path, &target_der_cert, &intermediate_der_certs); | 96 ReadChainFromFile(target_path, &target_der_cert, &intermediate_der_certs); |
| 78 | 97 |
| 79 if (target_der_cert.der_cert.empty()) { | 98 if (target_der_cert.der_cert.empty()) { |
| 80 std::cerr << "ERROR: no target cert\n"; | 99 std::cerr << "ERROR: no target cert\n"; |
| 81 return 1; | 100 return 1; |
| 82 } | 101 } |
| 83 | 102 |
| 84 std::cout << "CertVerifyProc:\n"; | 103 std::cout << "CertVerifyProc:\n"; |
| 85 bool verify_ok = VerifyUsingCertVerifyProc(target_der_cert, hostname, | 104 bool cert_verify_proc_ok = true; |
| 86 intermediate_der_certs, | 105 if (!time_flag.empty()) { |
| 87 root_der_certs, dump_prefix_path); | 106 std::cerr << "ERROR: --time is not supported with CertVerifyProc, " |
| 107 "skipping.\n"; |
| 108 } else { |
| 109 cert_verify_proc_ok = VerifyUsingCertVerifyProc( |
| 110 target_der_cert, hostname, intermediate_der_certs, root_der_certs, |
| 111 dump_prefix_path); |
| 112 } |
| 88 | 113 |
| 89 return verify_ok ? 0 : 1; | 114 std::cout << "\nCertPathBuilder:\n"; |
| 115 bool path_builder_ok = |
| 116 VerifyUsingPathBuilder(target_der_cert, intermediate_der_certs, |
| 117 root_der_certs, verify_time, dump_prefix_path); |
| 118 |
| 119 return (cert_verify_proc_ok && path_builder_ok) ? 0 : 1; |
| 90 } | 120 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2130453003:
cert_verify_tool: Verify using the new pathbuilder too. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert-parsing-path-building