| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/x509_util.h" | 5 #include "net/cert/x509_util.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 | 8 |
| 9 #include "base/time/time.h" | 9 #include "base/time/time.h" |
| 10 #include "crypto/ec_private_key.h" | 10 #include "crypto/ec_private_key.h" |
| 11 #include "crypto/rsa_private_key.h" | 11 #include "crypto/rsa_private_key.h" |
| 12 #include "net/base/hash_value.h" | 12 #include "net/base/hash_value.h" |
| 13 #include "net/cert/internal/name_constraints.h" |
| 13 #include "net/cert/internal/parse_certificate.h" | 14 #include "net/cert/internal/parse_certificate.h" |
| 15 #include "net/cert/internal/parse_name.h" |
| 14 #include "net/cert/internal/signature_algorithm.h" | 16 #include "net/cert/internal/signature_algorithm.h" |
| 15 #include "net/cert/x509_certificate.h" | 17 #include "net/cert/x509_certificate.h" |
| 18 #include "net/der/input.h" |
| 19 #include "net/der/parse_values.h" |
| 16 | 20 |
| 17 namespace net { | 21 namespace net { |
| 18 | 22 |
| 23 namespace { |
| 24 |
| 25 bool GetCommonName(const der::Input& tlv, std::string* common_name) { |
| 26 RDNSequence rdn_sequence; |
| 27 if (!ParseName(tlv, &rdn_sequence)) |
| 28 return false; |
| 29 |
| 30 for (const auto& rdn : rdn_sequence) { |
| 31 for (const auto& atv : rdn) { |
| 32 if (atv.type == TypeCommonNameOid()) { |
| 33 return atv.ValueAsStringUnsafe(common_name); |
| 34 } |
| 35 } |
| 36 } |
| 37 return true; |
| 38 } |
| 39 |
| 40 bool DecodeTime(const der::GeneralizedTime& generalized_time, |
| 41 base::Time* time) { |
| 42 base::Time::Exploded exploded = {0}; |
| 43 exploded.year = generalized_time.year; |
| 44 exploded.month = generalized_time.month; |
| 45 exploded.day_of_month = generalized_time.day; |
| 46 exploded.hour = generalized_time.hours; |
| 47 exploded.minute = generalized_time.minutes; |
| 48 exploded.second = generalized_time.seconds; |
| 49 return base::Time::FromUTCExploded(exploded, time); |
| 50 } |
| 51 |
| 52 } // namespace |
| 53 |
| 19 namespace x509_util { | 54 namespace x509_util { |
| 20 | 55 |
| 21 // RSA keys created by CreateKeyAndSelfSignedCert will be of this length. | 56 // RSA keys created by CreateKeyAndSelfSignedCert will be of this length. |
| 22 static const uint16_t kRSAKeyLength = 1024; | 57 static const uint16_t kRSAKeyLength = 1024; |
| 23 | 58 |
| 24 // Certificates made by CreateKeyAndSelfSignedCert and | 59 // Certificates made by CreateKeyAndSelfSignedCert and |
| 25 // CreateKeyAndChannelIDEC will be signed using this digest algorithm. | 60 // CreateKeyAndChannelIDEC will be signed using this digest algorithm. |
| 26 static const DigestAlgorithm kSignatureDigestAlgorithm = DIGEST_SHA256; | 61 static const DigestAlgorithm kSignatureDigestAlgorithm = DIGEST_SHA256; |
| 27 | 62 |
| 28 ClientCertSorter::ClientCertSorter() : now_(base::Time::Now()) {} | 63 ClientCertSorter::ClientCertSorter() : now_(base::Time::Now()) {} |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 75 serial_number, | 110 serial_number, |
| 76 not_valid_before, | 111 not_valid_before, |
| 77 not_valid_after, | 112 not_valid_after, |
| 78 der_cert); | 113 der_cert); |
| 79 if (success) | 114 if (success) |
| 80 key->reset(new_key.release()); | 115 key->reset(new_key.release()); |
| 81 | 116 |
| 82 return success; | 117 return success; |
| 83 } | 118 } |
| 84 | 119 |
| 120 bool ParseCertificateSandboxed(const base::StringPiece& certificate, |
| 121 std::string* subject, |
| 122 std::string* issuer, |
| 123 base::Time* not_before, |
| 124 base::Time* not_after, |
| 125 std::vector<std::string>* dns_names, |
| 126 std::vector<std::string>* ip_addresses) { |
| 127 der::Input cert_data(certificate); |
| 128 der::Input tbs_cert, signature_alg; |
| 129 der::BitString signature_value; |
| 130 if (!ParseCertificate(cert_data, &tbs_cert, &signature_alg, &signature_value)) |
| 131 return false; |
| 132 |
| 133 ParsedTbsCertificate parsed_tbs_cert; |
| 134 if (!ParseTbsCertificate(tbs_cert, ParseCertificateOptions(), |
| 135 &parsed_tbs_cert)) |
| 136 return false; |
| 137 |
| 138 if (!GetCommonName(parsed_tbs_cert.subject_tlv, subject)) |
| 139 return false; |
| 140 |
| 141 if (!GetCommonName(parsed_tbs_cert.issuer_tlv, issuer)) |
| 142 return false; |
| 143 |
| 144 if (!DecodeTime(parsed_tbs_cert.validity_not_before, not_before)) |
| 145 return false; |
| 146 |
| 147 if (!DecodeTime(parsed_tbs_cert.validity_not_after, not_after)) |
| 148 return false; |
| 149 |
| 150 if (!parsed_tbs_cert.has_extensions) |
| 151 return true; |
| 152 |
| 153 std::map<der::Input, ParsedExtension> extensions; |
| 154 if (!ParseExtensions(parsed_tbs_cert.extensions_tlv, &extensions)) |
| 155 return false; |
| 156 |
| 157 std::vector<std::string> san; |
| 158 auto iter = extensions.find(SubjectAltNameOid()); |
| 159 if (iter != extensions.end()) { |
| 160 std::unique_ptr<GeneralNames> subject_alt_names = |
| 161 GeneralNames::CreateFromDer(iter->second.value); |
| 162 if (subject_alt_names) { |
| 163 *dns_names = subject_alt_names->dns_names; |
| 164 for (const auto& ip : subject_alt_names->ip_addresses) |
| 165 ip_addresses->push_back(ip.ToString()); |
| 166 } |
| 167 } |
| 168 |
| 169 return true; |
| 170 } |
| 171 |
| 85 } // namespace x509_util | 172 } // namespace x509_util |
| 86 | 173 |
| 87 } // namespace net | 174 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2296953004:
Send certificates to devtools when it's open instead of using certId (Closed)
