| Index: net/cert/x509_util_nss.cc
|
| diff --git a/net/cert/x509_util_nss.cc b/net/cert/x509_util_nss.cc
|
| index beed9a1a984d27fd0dc500ce91f090ba0cb85331..c74f098f1de768b9a607928daffbaacef2ee6dc5 100644
|
| --- a/net/cert/x509_util_nss.cc
|
| +++ b/net/cert/x509_util_nss.cc
|
| @@ -62,9 +62,8 @@ DomainBoundCertOIDWrapper::DomainBoundCertOIDWrapper()
|
| // 1.3.6.1.4.1.11129.2.1.6
|
| // (iso.org.dod.internet.private.enterprises.google.googleSecurity.
|
| // certificateExtensions.originBoundCertificate)
|
| - static const uint8 kObCertOID[] = {
|
| - 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x01, 0x06
|
| - };
|
| + static const uint8 kObCertOID[] = {0x2b, 0x06, 0x01, 0x04, 0x01,
|
| + 0xd6, 0x79, 0x02, 0x01, 0x06};
|
| SECOidData oid_data;
|
| memset(&oid_data, 0, sizeof(oid_data));
|
| oid_data.oid.data = const_cast<uint8*>(kObCertOID);
|
| @@ -83,12 +82,11 @@ DomainBoundCertOIDWrapper::DomainBoundCertOIDWrapper()
|
| // Returns NULL if an error is encountered in the certificate creation
|
| // process.
|
| // Caller responsible for freeing returned certificate object.
|
| -CERTCertificate* CreateCertificate(
|
| - SECKEYPublicKey* public_key,
|
| - const std::string& subject,
|
| - uint32 serial_number,
|
| - base::Time not_valid_before,
|
| - base::Time not_valid_after) {
|
| +CERTCertificate* CreateCertificate(SECKEYPublicKey* public_key,
|
| + const std::string& subject,
|
| + uint32 serial_number,
|
| + base::Time not_valid_before,
|
| + base::Time not_valid_after) {
|
| // Create info about public key.
|
| CERTSubjectPublicKeyInfo* spki =
|
| SECKEY_CreateSubjectPublicKeyInfo(public_key);
|
| @@ -96,8 +94,7 @@ CERTCertificate* CreateCertificate(
|
| return NULL;
|
|
|
| // Create the certificate request.
|
| - CERTName* subject_name =
|
| - CERT_AsciiToName(const_cast<char*>(subject.c_str()));
|
| + CERTName* subject_name = CERT_AsciiToName(const_cast<char*>(subject.c_str()));
|
| CERTCertificateRequest* cert_request =
|
| CERT_CreateCertificateRequest(subject_name, spki, NULL);
|
| SECKEY_DestroySubjectPublicKeyInfo(spki);
|
| @@ -109,9 +106,9 @@ CERTCertificate* CreateCertificate(
|
| return NULL;
|
| }
|
|
|
| - CERTValidity* validity = CERT_CreateValidity(
|
| - crypto::BaseTimeToPRTime(not_valid_before),
|
| - crypto::BaseTimeToPRTime(not_valid_after));
|
| + CERTValidity* validity =
|
| + CERT_CreateValidity(crypto::BaseTimeToPRTime(not_valid_before),
|
| + crypto::BaseTimeToPRTime(not_valid_after));
|
| if (!validity) {
|
| PRErrorCode prerr = PR_GetError();
|
| LOG(ERROR) << "Failed to create certificate validity object: " << prerr;
|
| @@ -119,8 +116,8 @@ CERTCertificate* CreateCertificate(
|
| CERT_DestroyCertificateRequest(cert_request);
|
| return NULL;
|
| }
|
| - CERTCertificate* cert = CERT_CreateCertificate(serial_number, subject_name,
|
| - validity, cert_request);
|
| + CERTCertificate* cert = CERT_CreateCertificate(
|
| + serial_number, subject_name, validity, cert_request);
|
| if (!cert) {
|
| PRErrorCode prerr = PR_GetError();
|
| LOG(ERROR) << "Failed to create certificate: " << prerr;
|
| @@ -150,14 +147,13 @@ SECOidTag ToSECOid(x509_util::DigestAlgorithm alg) {
|
| // http://mxr.mozilla.org/security/ident?i=SignCert.
|
| // Returns true on success or false if an error is encountered in the
|
| // certificate signing process.
|
| -bool SignCertificate(
|
| - CERTCertificate* cert,
|
| - SECKEYPrivateKey* key,
|
| - SECOidTag hash_algorithm) {
|
| +bool SignCertificate(CERTCertificate* cert,
|
| + SECKEYPrivateKey* key,
|
| + SECOidTag hash_algorithm) {
|
| // |arena| is used to encode the cert.
|
| PLArenaPool* arena = cert->arena;
|
| - SECOidTag algo_id = SEC_GetSignatureAlgorithmOidTag(key->keyType,
|
| - hash_algorithm);
|
| + SECOidTag algo_id =
|
| + SEC_GetSignatureAlgorithmOidTag(key->keyType, hash_algorithm);
|
| if (algo_id == SEC_OID_UNKNOWN)
|
| return false;
|
|
|
| @@ -169,7 +165,7 @@ bool SignCertificate(
|
| *(cert->version.data) = 2;
|
| cert->version.len = 1;
|
|
|
| - SECItem der = { siBuffer, NULL, 0 };
|
| + SECItem der = {siBuffer, NULL, 0};
|
|
|
| // Use ASN1 DER to encode the cert.
|
| void* encode_result = SEC_ASN1EncodeItem(
|
| @@ -178,7 +174,7 @@ bool SignCertificate(
|
| return false;
|
|
|
| // Allocate space to contain the signed cert.
|
| - SECItem result = { siBuffer, NULL, 0 };
|
| + SECItem result = {siBuffer, NULL, 0};
|
|
|
| // Sign the ASN1 encoded cert and save it to |result|.
|
| rv = DerSignData(arena, &result, &der, key, algo_id);
|
| @@ -197,9 +193,8 @@ bool SignCertificate(
|
| #if defined(USE_NSS) || defined(OS_IOS)
|
| // Callback for CERT_DecodeCertPackage(), used in
|
| // CreateOSCertHandlesFromBytes().
|
| -SECStatus PR_CALLBACK CollectCertsCallback(void* arg,
|
| - SECItem** certs,
|
| - int num_certs) {
|
| +SECStatus PR_CALLBACK
|
| +CollectCertsCallback(void* arg, SECItem** certs, int num_certs) {
|
| X509Certificate::OSCertHandles* results =
|
| reinterpret_cast<X509Certificate::OSCertHandles*>(arg);
|
|
|
| @@ -214,9 +209,8 @@ SECStatus PR_CALLBACK CollectCertsCallback(void* arg,
|
| return SECSuccess;
|
| }
|
|
|
| -typedef scoped_ptr<
|
| - CERTName,
|
| - crypto::NSSDestroyer<CERTName, CERT_DestroyName> > ScopedCERTName;
|
| +typedef scoped_ptr<CERTName, crypto::NSSDestroyer<CERTName, CERT_DestroyName> >
|
| + ScopedCERTName;
|
|
|
| // Create a new CERTName object from its encoded representation.
|
| // |arena| is the allocation pool to use.
|
| @@ -233,8 +227,7 @@ CERTName* CreateCertNameFromEncoded(PLArenaPool* arena,
|
|
|
| SECItem item;
|
| item.len = static_cast<unsigned int>(data.length());
|
| - item.data = reinterpret_cast<unsigned char*>(
|
| - const_cast<char*>(data.data()));
|
| + item.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data.data()));
|
|
|
| SECStatus rv = SEC_ASN1DecodeItem(
|
| arena, name.get(), SEC_ASN1_GET(CERT_NameTemplate), &item);
|
| @@ -280,9 +273,9 @@ bool CreateSelfSignedCert(crypto::RSAPrivateKey* key,
|
|
|
| bool IsSupportedValidityRange(base::Time not_valid_before,
|
| base::Time not_valid_after) {
|
| - CERTValidity* validity = CERT_CreateValidity(
|
| - crypto::BaseTimeToPRTime(not_valid_before),
|
| - crypto::BaseTimeToPRTime(not_valid_after));
|
| + CERTValidity* validity =
|
| + CERT_CreateValidity(crypto::BaseTimeToPRTime(not_valid_before),
|
| + crypto::BaseTimeToPRTime(not_valid_after));
|
|
|
| if (!validity)
|
| return false;
|
| @@ -318,16 +311,15 @@ bool CreateDomainBoundCertEC(crypto::ECPrivateKey* key,
|
| }
|
|
|
| // Create SECItem for IA5String encoding.
|
| - SECItem domain_string_item = {
|
| - siAsciiString,
|
| - (unsigned char*)domain.data(),
|
| - static_cast<unsigned>(domain.size())
|
| - };
|
| + SECItem domain_string_item = {siAsciiString, (unsigned char*)domain.data(),
|
| + static_cast<unsigned>(domain.size())};
|
|
|
| // IA5Encode and arena allocate SECItem
|
| - SECItem* asn1_domain_string = SEC_ASN1EncodeItem(
|
| - cert->arena, NULL, &domain_string_item,
|
| - SEC_ASN1_GET(SEC_IA5StringTemplate));
|
| + SECItem* asn1_domain_string =
|
| + SEC_ASN1EncodeItem(cert->arena,
|
| + NULL,
|
| + &domain_string_item,
|
| + SEC_ASN1_GET(SEC_IA5StringTemplate));
|
| if (asn1_domain_string == NULL) {
|
| LOG(ERROR) << "Unable to get ASN1 encoding for domain in domain_bound_cert"
|
| " extension";
|
| @@ -337,18 +329,18 @@ bool CreateDomainBoundCertEC(crypto::ECPrivateKey* key,
|
|
|
| // Add the extension to the opaque handle
|
| if (CERT_AddExtension(
|
| - cert_handle,
|
| - DomainBoundCertOIDWrapper::GetInstance()->domain_bound_cert_oid_tag(),
|
| - asn1_domain_string,
|
| - PR_TRUE,
|
| - PR_TRUE) != SECSuccess){
|
| + cert_handle,
|
| + DomainBoundCertOIDWrapper::GetInstance()->domain_bound_cert_oid_tag(),
|
| + asn1_domain_string,
|
| + PR_TRUE,
|
| + PR_TRUE) != SECSuccess) {
|
| LOG(ERROR) << "Unable to add domain bound cert extension to opaque handle";
|
| CERT_DestroyCertificate(cert);
|
| return false;
|
| }
|
|
|
| // Copy extension into x509 cert
|
| - if (CERT_FinishExtensions(cert_handle) != SECSuccess){
|
| + if (CERT_FinishExtensions(cert_handle) != SECSuccess) {
|
| LOG(ERROR) << "Unable to copy extension to X509 cert";
|
| CERT_DestroyCertificate(cert);
|
| return false;
|
| @@ -383,16 +375,12 @@ void ParsePrincipal(CERTName* name, CertPrincipal* principal) {
|
| // general (the first) RDN. NSS doesn't have a function for the street
|
| // address.
|
| static const SECOidTag kOIDs[] = {
|
| - SEC_OID_AVA_STREET_ADDRESS,
|
| - SEC_OID_AVA_ORGANIZATION_NAME,
|
| - SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
|
| - SEC_OID_AVA_DC };
|
| + SEC_OID_AVA_STREET_ADDRESS, SEC_OID_AVA_ORGANIZATION_NAME,
|
| + SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME, SEC_OID_AVA_DC};
|
|
|
| std::vector<std::string>* values[] = {
|
| - &principal->street_addresses,
|
| - &principal->organization_names,
|
| - &principal->organization_unit_names,
|
| - &principal->domain_components };
|
| + &principal->street_addresses, &principal->organization_names,
|
| + &principal->organization_unit_names, &principal->domain_components};
|
| DCHECK_EQ(arraysize(kOIDs), arraysize(values));
|
|
|
| CERTRDN** rdns = name->rdns;
|
| @@ -417,12 +405,11 @@ void ParsePrincipal(CERTName* name, CertPrincipal* principal) {
|
| }
|
|
|
| // Get CN, L, S, and C.
|
| - CERTGetNameFunc get_name_funcs[4] = {
|
| - CERT_GetCommonName, CERT_GetLocalityName,
|
| - CERT_GetStateName, CERT_GetCountryName };
|
| + CERTGetNameFunc get_name_funcs[4] = {CERT_GetCommonName, CERT_GetLocalityName,
|
| + CERT_GetStateName, CERT_GetCountryName};
|
| std::string* single_values[4] = {
|
| - &principal->common_name, &principal->locality_name,
|
| - &principal->state_or_province_name, &principal->country_name };
|
| + &principal->common_name, &principal->locality_name,
|
| + &principal->state_or_province_name, &principal->country_name};
|
| for (size_t i = 0; i < arraysize(get_name_funcs); ++i) {
|
| char* value = get_name_funcs[i](name);
|
| if (value) {
|
| @@ -453,9 +440,8 @@ void GetSubjectAltName(CERTCertificate* cert_handle,
|
| ip_addrs->clear();
|
|
|
| SECItem alt_name;
|
| - SECStatus rv = CERT_FindCertExtension(cert_handle,
|
| - SEC_OID_X509_SUBJECT_ALT_NAME,
|
| - &alt_name);
|
| + SECStatus rv = CERT_FindCertExtension(
|
| + cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, &alt_name);
|
| if (rv != SECSuccess)
|
| return;
|
|
|
| @@ -472,13 +458,13 @@ void GetSubjectAltName(CERTCertificate* cert_handle,
|
| // respectively, both of which can be byte copied from
|
| // SECItemType::data into the appropriate output vector.
|
| if (dns_names && name->type == certDNSName) {
|
| - dns_names->push_back(std::string(
|
| - reinterpret_cast<char*>(name->name.other.data),
|
| - name->name.other.len));
|
| + dns_names->push_back(
|
| + std::string(reinterpret_cast<char*>(name->name.other.data),
|
| + name->name.other.len));
|
| } else if (ip_addrs && name->type == certIPAddress) {
|
| - ip_addrs->push_back(std::string(
|
| - reinterpret_cast<char*>(name->name.other.data),
|
| - name->name.other.len));
|
| + ip_addrs->push_back(
|
| + std::string(reinterpret_cast<char*>(name->name.other.data),
|
| + name->name.other.len));
|
| }
|
| name = CERT_GetNextGeneralName(name);
|
| if (name == alt_name_list)
|
| @@ -512,8 +498,8 @@ X509Certificate::OSCertHandles CreateOSCertHandlesFromBytes(
|
| // Make a copy since CERT_DecodeCertPackage may modify it
|
| std::vector<char> data_copy(data, data + length);
|
|
|
| - SECStatus result = CERT_DecodeCertPackage(&data_copy[0],
|
| - length, CollectCertsCallback, &results);
|
| + SECStatus result = CERT_DecodeCertPackage(
|
| + &data_copy[0], length, CollectCertsCallback, &results);
|
| if (result != SECSuccess)
|
| results.clear();
|
| break;
|
| @@ -569,10 +555,9 @@ void GetPublicKeyInfo(CERTCertificate* handle,
|
| }
|
| }
|
|
|
| -bool GetIssuersFromEncodedList(
|
| - const std::vector<std::string>& encoded_issuers,
|
| - PLArenaPool* arena,
|
| - std::vector<CERTName*>* out) {
|
| +bool GetIssuersFromEncodedList(const std::vector<std::string>& encoded_issuers,
|
| + PLArenaPool* arena,
|
| + std::vector<CERTName*>* out) {
|
| std::vector<CERTName*> result;
|
| for (size_t n = 0; n < encoded_issuers.size(); ++n) {
|
| CERTName* name = CreateCertNameFromEncoded(arena, encoded_issuers[n]);
|
| @@ -590,7 +575,6 @@ bool GetIssuersFromEncodedList(
|
| return false;
|
| }
|
|
|
| -
|
| bool IsCertificateIssuedBy(const std::vector<CERTCertificate*>& cert_chain,
|
| const std::vector<CERTName*>& valid_issuers) {
|
| for (size_t n = 0; n < cert_chain.size(); ++n) {
|
| @@ -633,6 +617,6 @@ std::string GetUniqueNicknameForSlot(const std::string& nickname,
|
|
|
| #endif // defined(USE_NSS) || defined(OS_IOS)
|
|
|
| -} // namespace x509_util
|
| +} // namespace x509_util
|
|
|
| -} // namespace net
|
| +} // namespace net
|
|
|
Chromium Code Reviews
