| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/tools/cert_verify_tool/verify_using_path_builder.h" | 5 #include "net/tools/cert_verify_tool/verify_using_path_builder.h" |
| 6 | 6 |
| 7 #include <iostream> | 7 #include <iostream> |
| 8 | 8 |
| 9 #include "base/memory/ptr_util.h" | 9 #include "base/memory/ptr_util.h" |
| 10 #include "base/strings/string_number_conversions.h" | 10 #include "base/strings/string_number_conversions.h" |
| (...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 145 << SubjectFromTrustAnchor(trust_anchor.get()) << "\n"; | 145 << SubjectFromTrustAnchor(trust_anchor.get()) << "\n"; |
| 146 } | 146 } |
| 147 | 147 |
| 148 // Print the errors. | 148 // Print the errors. |
| 149 if (!result_path->errors.empty()) { | 149 if (!result_path->errors.empty()) { |
| 150 std::cout << "Errors:\n"; | 150 std::cout << "Errors:\n"; |
| 151 std::cout << result_path->errors.ToDebugString() << "\n"; | 151 std::cout << result_path->errors.ToDebugString() << "\n"; |
| 152 } | 152 } |
| 153 } | 153 } |
| 154 | 154 |
| 155 scoped_refptr<net::ParsedCertificate> ParseCertificate(const CertInput& input) { |
| 156 net::CertErrors errors; |
| 157 scoped_refptr<net::ParsedCertificate> cert = |
| 158 net::ParsedCertificate::Create(input.der_cert, {}, &errors); |
| 159 if (!cert) { |
| 160 PrintCertError("ERROR: ParsedCertificate failed:", input); |
| 161 std::cout << errors.ToDebugString() << "\n"; |
| 162 } |
| 163 |
| 164 // TODO(crbug.com/634443): Print errors if there are any on success too (i.e. |
| 165 // warnings). |
| 166 |
| 167 return cert; |
| 168 } |
| 169 |
| 155 } // namespace | 170 } // namespace |
| 156 | 171 |
| 157 // Verifies |target_der_cert| using CertPathBuilder. | 172 // Verifies |target_der_cert| using CertPathBuilder. |
| 158 bool VerifyUsingPathBuilder( | 173 bool VerifyUsingPathBuilder( |
| 159 const CertInput& target_der_cert, | 174 const CertInput& target_der_cert, |
| 160 const std::vector<CertInput>& intermediate_der_certs, | 175 const std::vector<CertInput>& intermediate_der_certs, |
| 161 const std::vector<CertInput>& root_der_certs, | 176 const std::vector<CertInput>& root_der_certs, |
| 162 const base::Time at_time, | 177 const base::Time at_time, |
| 163 const base::FilePath& dump_prefix_path) { | 178 const base::FilePath& dump_prefix_path) { |
| 164 base::Time::Exploded exploded_time; | 179 base::Time::Exploded exploded_time; |
| 165 at_time.UTCExplode(&exploded_time); | 180 at_time.UTCExplode(&exploded_time); |
| 166 net::der::GeneralizedTime time = ConvertExplodedTime(exploded_time); | 181 net::der::GeneralizedTime time = ConvertExplodedTime(exploded_time); |
| 167 | 182 |
| 168 net::TrustStoreCollection trust_store; | 183 net::TrustStoreCollection trust_store; |
| 169 | 184 |
| 170 net::TrustStoreInMemory trust_store_in_memory; | 185 net::TrustStoreInMemory trust_store_in_memory; |
| 171 trust_store.AddTrustStoreSynchronousOnly(&trust_store_in_memory); | 186 trust_store.AddTrustStoreSynchronousOnly(&trust_store_in_memory); |
| 172 for (const auto& der_cert : root_der_certs) { | 187 for (const auto& der_cert : root_der_certs) { |
| 173 scoped_refptr<net::ParsedCertificate> cert = | 188 scoped_refptr<net::ParsedCertificate> cert = ParseCertificate(der_cert); |
| 174 net::ParsedCertificate::CreateFromCertificateCopy(der_cert.der_cert, | 189 if (cert) { |
| 175 {}); | |
| 176 if (!cert) | |
| 177 PrintCertError("ERROR: ParsedCertificate failed:", der_cert); | |
| 178 else { | |
| 179 trust_store_in_memory.AddTrustAnchor( | 190 trust_store_in_memory.AddTrustAnchor( |
| 180 net::TrustAnchor::CreateFromCertificateNoConstraints(cert)); | 191 net::TrustAnchor::CreateFromCertificateNoConstraints(cert)); |
| 181 } | 192 } |
| 182 } | 193 } |
| 183 | 194 |
| 184 #if defined(USE_NSS_CERTS) | 195 #if defined(USE_NSS_CERTS) |
| 185 net::TrustStoreNSS trust_store_nss(trustSSL, | 196 net::TrustStoreNSS trust_store_nss(trustSSL, |
| 186 base::ThreadTaskRunnerHandle::Get()); | 197 base::ThreadTaskRunnerHandle::Get()); |
| 187 trust_store.SetPrimaryTrustStore(&trust_store_nss); | 198 trust_store.SetPrimaryTrustStore(&trust_store_nss); |
| 188 #else | 199 #else |
| 189 if (root_der_certs.empty()) { | 200 if (root_der_certs.empty()) { |
| 190 std::cerr << "NOTE: CertPathBuilder does not currently use OS trust " | 201 std::cerr << "NOTE: CertPathBuilder does not currently use OS trust " |
| 191 "settings (--roots must be specified).\n"; | 202 "settings (--roots must be specified).\n"; |
| 192 } | 203 } |
| 193 #endif | 204 #endif |
| 194 | 205 |
| 195 net::CertIssuerSourceStatic intermediate_cert_issuer_source; | 206 net::CertIssuerSourceStatic intermediate_cert_issuer_source; |
| 196 for (const auto& der_cert : intermediate_der_certs) { | 207 for (const auto& der_cert : intermediate_der_certs) { |
| 197 scoped_refptr<net::ParsedCertificate> cert = | 208 scoped_refptr<net::ParsedCertificate> cert = ParseCertificate(der_cert); |
| 198 net::ParsedCertificate::CreateFromCertificateCopy(der_cert.der_cert, | 209 if (cert) |
| 199 {}); | |
| 200 if (!cert) | |
| 201 PrintCertError("ERROR: ParsedCertificate failed:", der_cert); | |
| 202 else | |
| 203 intermediate_cert_issuer_source.AddCert(cert); | 210 intermediate_cert_issuer_source.AddCert(cert); |
| 204 } | 211 } |
| 205 | 212 |
| 206 scoped_refptr<net::ParsedCertificate> target_cert = | 213 scoped_refptr<net::ParsedCertificate> target_cert = |
| 207 net::ParsedCertificate::CreateFromCertificateCopy( | 214 ParseCertificate(target_der_cert); |
| 208 target_der_cert.der_cert, {}); | 215 if (!target_cert) |
| 209 if (!target_cert) { | |
| 210 PrintCertError("ERROR: ParsedCertificate failed:", target_der_cert); | |
| 211 return false; | 216 return false; |
| 212 } | |
| 213 | 217 |
| 214 // Verify the chain. | 218 // Verify the chain. |
| 215 net::SimpleSignaturePolicy signature_policy(2048); | 219 net::SimpleSignaturePolicy signature_policy(2048); |
| 216 net::CertPathBuilder::Result result; | 220 net::CertPathBuilder::Result result; |
| 217 net::CertPathBuilder path_builder(target_cert, &trust_store, | 221 net::CertPathBuilder path_builder(target_cert, &trust_store, |
| 218 &signature_policy, time, &result); | 222 &signature_policy, time, &result); |
| 219 path_builder.AddCertIssuerSource(&intermediate_cert_issuer_source); | 223 path_builder.AddCertIssuerSource(&intermediate_cert_issuer_source); |
| 220 | 224 |
| 221 // TODO(mattm): add command line flags to configure using CertIssuerSourceAia | 225 // TODO(mattm): add command line flags to configure using CertIssuerSourceAia |
| 222 // (similar to VERIFY_CERT_IO_ENABLED flag for CertVerifyProc). | 226 // (similar to VERIFY_CERT_IO_ENABLED flag for CertVerifyProc). |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 260 if (!DumpParsedCertificateChain( | 264 if (!DumpParsedCertificateChain( |
| 261 dump_prefix_path.AddExtension( | 265 dump_prefix_path.AddExtension( |
| 262 FILE_PATH_LITERAL(".CertPathBuilder.pem")), | 266 FILE_PATH_LITERAL(".CertPathBuilder.pem")), |
| 263 result.paths[result.best_result_index]->path)) { | 267 result.paths[result.best_result_index]->path)) { |
| 264 return false; | 268 return false; |
| 265 } | 269 } |
| 266 } | 270 } |
| 267 | 271 |
| 268 return result.HasValidPath(); | 272 return result.HasValidPath(); |
| 269 } | 273 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2327973002:
Add CertErrors* parameter to the main Certificate parsing functions. (Closed)
