| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/tools/cert_verify_tool/verify_using_path_builder.h" | 5 #include "net/tools/cert_verify_tool/verify_using_path_builder.h" |
| 6 | 6 |
| 7 #include <iostream> | 7 #include <iostream> |
| 8 | 8 |
| 9 #include "base/memory/ptr_util.h" | 9 #include "base/memory/ptr_util.h" |
| 10 #include "base/strings/string_number_conversions.h" | 10 #include "base/strings/string_number_conversions.h" |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 117 if (!net::ParseNameValue(trust_anchor->normalized_subject(), &parsed_subject)) | 117 if (!net::ParseNameValue(trust_anchor->normalized_subject(), &parsed_subject)) |
| 118 return std::string(); | 118 return std::string(); |
| 119 return SubjectToString(parsed_subject); | 119 return SubjectToString(parsed_subject); |
| 120 } | 120 } |
| 121 | 121 |
| 122 void PrintCertErrors(const net::CertErrors& errors) { | 122 void PrintCertErrors(const net::CertErrors& errors) { |
| 123 // TODO(crbug.com/634443): Include more detailed error information. Also this | 123 // TODO(crbug.com/634443): Include more detailed error information. Also this |
| 124 // should likely be extracted to a common location and used by unit-tests and | 124 // should likely be extracted to a common location and used by unit-tests and |
| 125 // other debugging needs. | 125 // other debugging needs. |
| 126 for (const auto& error : errors.errors()) { | 126 for (const auto& error : errors.errors()) { |
| 127 std::cout << " " << error.type; | 127 std::cout << " " << error.type << "\n"; |
| 128 } | 128 } |
| 129 } | 129 } |
| 130 | 130 |
| 131 // Dumps a ResultPath to std::cout. | 131 // Dumps a ResultPath to std::cout. |
| 132 void PrintResultPath(const net::CertPathBuilder::ResultPath* result_path, | 132 void PrintResultPath(const net::CertPathBuilder::ResultPath* result_path, |
| 133 size_t index, | 133 size_t index, |
| 134 bool is_best) { | 134 bool is_best) { |
| 135 std::cout << "path " << index << " " | 135 std::cout << "path " << index << " " |
| 136 << (result_path->valid ? "valid" : "invalid") | 136 << (result_path->valid ? "valid" : "invalid") |
| 137 << (is_best ? " (best)" : "") << "\n"; | 137 << (is_best ? " (best)" : "") << "\n"; |
| (...skipping 10 matching lines...) Expand all Loading... |
| 148 std::string trust_anchor_cert_fingerprint = "<no cert>"; | 148 std::string trust_anchor_cert_fingerprint = "<no cert>"; |
| 149 if (trust_anchor->cert()) { | 149 if (trust_anchor->cert()) { |
| 150 trust_anchor_cert_fingerprint = | 150 trust_anchor_cert_fingerprint = |
| 151 FingerPrintParsedCertificate(trust_anchor->cert().get()); | 151 FingerPrintParsedCertificate(trust_anchor->cert().get()); |
| 152 } | 152 } |
| 153 std::cout << " " << trust_anchor_cert_fingerprint << " " | 153 std::cout << " " << trust_anchor_cert_fingerprint << " " |
| 154 << SubjectFromTrustAnchor(trust_anchor.get()) << "\n"; | 154 << SubjectFromTrustAnchor(trust_anchor.get()) << "\n"; |
| 155 } | 155 } |
| 156 | 156 |
| 157 // Print the errors. | 157 // Print the errors. |
| 158 if (result_path->errors.errors().empty()) { | 158 if (!result_path->errors.errors().empty()) { |
| 159 std::cout << "Errors:\n"; | 159 std::cout << "Errors:\n"; |
| 160 PrintCertErrors(result_path->errors); | 160 PrintCertErrors(result_path->errors); |
| 161 } | 161 } |
| 162 } | 162 } |
| 163 | 163 |
| 164 } // namespace | 164 } // namespace |
| 165 | 165 |
| 166 // Verifies |target_der_cert| using CertPathBuilder. | 166 // Verifies |target_der_cert| using CertPathBuilder. |
| 167 bool VerifyUsingPathBuilder( | 167 bool VerifyUsingPathBuilder( |
| 168 const CertInput& target_der_cert, | 168 const CertInput& target_der_cert, |
| 169 const std::vector<CertInput>& intermediate_der_certs, | 169 const std::vector<CertInput>& intermediate_der_certs, |
| 170 const std::vector<CertInput>& root_der_certs, | 170 const std::vector<CertInput>& root_der_certs, |
| 171 const base::Time at_time, | 171 const base::Time at_time, |
| 172 const base::FilePath& dump_prefix_path) { | 172 const base::FilePath& dump_prefix_path) { |
| 173 std::cerr << "WARNING: --hostname is not yet verified with CertPathBuilder\n"; | |
| 174 | |
| 175 base::Time::Exploded exploded_time; | 173 base::Time::Exploded exploded_time; |
| 176 at_time.UTCExplode(&exploded_time); | 174 at_time.UTCExplode(&exploded_time); |
| 177 net::der::GeneralizedTime time = ConvertExplodedTime(exploded_time); | 175 net::der::GeneralizedTime time = ConvertExplodedTime(exploded_time); |
| 178 | 176 |
| 179 net::TrustStoreCollection trust_store; | 177 net::TrustStoreCollection trust_store; |
| 180 | 178 |
| 181 net::TrustStoreInMemory trust_store_in_memory; | 179 net::TrustStoreInMemory trust_store_in_memory; |
| 182 trust_store.AddTrustStoreSynchronousOnly(&trust_store_in_memory); | 180 trust_store.AddTrustStoreSynchronousOnly(&trust_store_in_memory); |
| 183 for (const auto& der_cert : root_der_certs) { | 181 for (const auto& der_cert : root_der_certs) { |
| 184 scoped_refptr<net::ParsedCertificate> cert = | 182 scoped_refptr<net::ParsedCertificate> cert = |
| 185 net::ParsedCertificate::CreateFromCertificateCopy(der_cert.der_cert, | 183 net::ParsedCertificate::CreateFromCertificateCopy(der_cert.der_cert, |
| 186 {}); | 184 {}); |
| 187 if (!cert) | 185 if (!cert) |
| 188 PrintCertError("ERROR: ParsedCertificate failed:", der_cert); | 186 PrintCertError("ERROR: ParsedCertificate failed:", der_cert); |
| 189 else { | 187 else { |
| 190 trust_store_in_memory.AddTrustAnchor( | 188 trust_store_in_memory.AddTrustAnchor( |
| 191 net::TrustAnchor::CreateFromCertificateNoConstraints(cert)); | 189 net::TrustAnchor::CreateFromCertificateNoConstraints(cert)); |
| 192 } | 190 } |
| 193 } | 191 } |
| 194 | 192 |
| 195 #if defined(USE_NSS_CERTS) | 193 #if defined(USE_NSS_CERTS) |
| 196 net::TrustStoreNSS trust_store_nss(trustSSL, | 194 net::TrustStoreNSS trust_store_nss(trustSSL, |
| 197 base::ThreadTaskRunnerHandle::Get()); | 195 base::ThreadTaskRunnerHandle::Get()); |
| 198 trust_store.SetPrimaryTrustStore(&trust_store_nss); | 196 trust_store.SetPrimaryTrustStore(&trust_store_nss); |
| 199 #else | 197 #else |
| 200 std::cout << "NOTE: CertPathBuilder does not currently use OS trust settings " | 198 if (root_der_certs.empty()) { |
| 201 "(--roots must be specified).\n"; | 199 std::cerr << "NOTE: CertPathBuilder does not currently use OS trust " |
| 200 "settings (--roots must be specified).\n"; |
| 201 } |
| 202 #endif | 202 #endif |
| 203 | 203 |
| 204 net::CertIssuerSourceStatic intermediate_cert_issuer_source; | 204 net::CertIssuerSourceStatic intermediate_cert_issuer_source; |
| 205 for (const auto& der_cert : intermediate_der_certs) { | 205 for (const auto& der_cert : intermediate_der_certs) { |
| 206 scoped_refptr<net::ParsedCertificate> cert = | 206 scoped_refptr<net::ParsedCertificate> cert = |
| 207 net::ParsedCertificate::CreateFromCertificateCopy(der_cert.der_cert, | 207 net::ParsedCertificate::CreateFromCertificateCopy(der_cert.der_cert, |
| 208 {}); | 208 {}); |
| 209 if (!cert) | 209 if (!cert) |
| 210 PrintCertError("ERROR: ParsedCertificate failed:", der_cert); | 210 PrintCertError("ERROR: ParsedCertificate failed:", der_cert); |
| 211 else | 211 else |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 269 if (!DumpParsedCertificateChain( | 269 if (!DumpParsedCertificateChain( |
| 270 dump_prefix_path.AddExtension( | 270 dump_prefix_path.AddExtension( |
| 271 FILE_PATH_LITERAL(".CertPathBuilder.pem")), | 271 FILE_PATH_LITERAL(".CertPathBuilder.pem")), |
| 272 result.paths[result.best_result_index]->path)) { | 272 result.paths[result.best_result_index]->path)) { |
| 273 return false; | 273 return false; |
| 274 } | 274 } |
| 275 } | 275 } |
| 276 | 276 |
| 277 return result.HasValidPath(); | 277 return result.HasValidPath(); |
| 278 } | 278 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2305083002:
Misc changes to cert_verify_tool for errors (Closed)
