OLD | NEW |
1 // Copyright (c) 2016 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
6 | 6 |
7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
8 #include <Security/Security.h> | 8 #include <Security/Security.h> |
9 | 9 |
10 #include "base/mac/scoped_cftyperef.h" | 10 #include "base/mac/scoped_cftyperef.h" |
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
68 std::vector<std::string>* fields) { | 68 std::vector<std::string>* fields) { |
69 for (int index = -1; | 69 for (int index = -1; |
70 (index = X509_NAME_get_index_by_NID(name, nid, index)) != -1;) { | 70 (index = X509_NAME_get_index_by_NID(name, nid, index)) != -1;) { |
71 std::string field; | 71 std::string field; |
72 if (!x509_util::ParsePrincipalValueByIndex(name, index, &field)) | 72 if (!x509_util::ParsePrincipalValueByIndex(name, index, &field)) |
73 break; | 73 break; |
74 fields->push_back(field); | 74 fields->push_back(field); |
75 } | 75 } |
76 } | 76 } |
77 | 77 |
78 void ParsePrincipal(X509Certificate::OSCertHandle os_cert, | 78 bool ParsePrincipal(X509Certificate::OSCertHandle os_cert, |
79 X509_NAME* x509_name, | 79 X509_NAME* x509_name, |
80 CertPrincipal* principal) { | 80 CertPrincipal* principal) { |
81 if (!x509_name) | 81 if (!x509_name) |
82 return; | 82 return false; |
83 | 83 |
84 ParsePrincipalValues(x509_name, NID_streetAddress, | 84 ParsePrincipalValues(x509_name, NID_streetAddress, |
85 &principal->street_addresses); | 85 &principal->street_addresses); |
86 ParsePrincipalValues(x509_name, NID_organizationName, | 86 ParsePrincipalValues(x509_name, NID_organizationName, |
87 &principal->organization_names); | 87 &principal->organization_names); |
88 ParsePrincipalValues(x509_name, NID_organizationalUnitName, | 88 ParsePrincipalValues(x509_name, NID_organizationalUnitName, |
89 &principal->organization_unit_names); | 89 &principal->organization_unit_names); |
90 ParsePrincipalValues(x509_name, NID_domainComponent, | 90 ParsePrincipalValues(x509_name, NID_domainComponent, |
91 &principal->domain_components); | 91 &principal->domain_components); |
92 | 92 |
93 x509_util::ParsePrincipalValueByNID(x509_name, NID_commonName, | 93 x509_util::ParsePrincipalValueByNID(x509_name, NID_commonName, |
94 &principal->common_name); | 94 &principal->common_name); |
95 x509_util::ParsePrincipalValueByNID(x509_name, NID_localityName, | 95 x509_util::ParsePrincipalValueByNID(x509_name, NID_localityName, |
96 &principal->locality_name); | 96 &principal->locality_name); |
97 x509_util::ParsePrincipalValueByNID(x509_name, NID_stateOrProvinceName, | 97 x509_util::ParsePrincipalValueByNID(x509_name, NID_stateOrProvinceName, |
98 &principal->state_or_province_name); | 98 &principal->state_or_province_name); |
99 x509_util::ParsePrincipalValueByNID(x509_name, NID_countryName, | 99 x509_util::ParsePrincipalValueByNID(x509_name, NID_countryName, |
100 &principal->country_name); | 100 &principal->country_name); |
| 101 return true; |
101 } | 102 } |
102 | 103 |
103 bool ParseSubjectAltName(X509Certificate::OSCertHandle os_cert, | 104 bool ParseSubjectAltName(X509Certificate::OSCertHandle os_cert, |
104 std::vector<std::string>* dns_names, | 105 std::vector<std::string>* dns_names, |
105 std::vector<std::string>* ip_addresses) { | 106 std::vector<std::string>* ip_addresses) { |
106 bssl::UniquePtr<X509> cert = OSCertHandleToOpenSSL(os_cert); | 107 bssl::UniquePtr<X509> cert = OSCertHandleToOpenSSL(os_cert); |
107 if (!cert.get()) | 108 if (!cert.get()) |
108 return false; | 109 return false; |
109 int index = X509_get_ext_by_NID(cert.get(), NID_subject_alt_name, -1); | 110 int index = X509_get_ext_by_NID(cert.get(), NID_subject_alt_name, -1); |
110 X509_EXTENSION* alt_name_ext = X509_get_ext(cert.get(), index); | 111 X509_EXTENSION* alt_name_ext = X509_get_ext(cert.get(), index); |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
158 return nullptr; | 159 return nullptr; |
159 return reinterpret_cast<OSCertHandle>(const_cast<void*>(CFRetain(handle))); | 160 return reinterpret_cast<OSCertHandle>(const_cast<void*>(CFRetain(handle))); |
160 } | 161 } |
161 | 162 |
162 // static | 163 // static |
163 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { | 164 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { |
164 if (cert_handle) | 165 if (cert_handle) |
165 CFRelease(cert_handle); | 166 CFRelease(cert_handle); |
166 } | 167 } |
167 | 168 |
168 void X509Certificate::Initialize() { | 169 bool X509Certificate::Initialize() { |
169 crypto::EnsureOpenSSLInit(); | 170 crypto::EnsureOpenSSLInit(); |
170 bssl::UniquePtr<X509> x509_cert = OSCertHandleToOpenSSL(cert_handle_); | 171 bssl::UniquePtr<X509> x509_cert = OSCertHandleToOpenSSL(cert_handle_); |
171 if (!x509_cert) | 172 if (!x509_cert) |
172 return; | 173 return false; |
173 ASN1_INTEGER* serial_num = X509_get_serialNumber(x509_cert.get()); | 174 ASN1_INTEGER* serial_num = X509_get_serialNumber(x509_cert.get()); |
174 if (serial_num) { | 175 if (!serial_num) |
175 // ASN1_INTEGERS represent the decoded number, in a format internal to | 176 return false; |
176 // OpenSSL. Most notably, this may have leading zeroes stripped off for | 177 // ASN1_INTEGERS represent the decoded number, in a format internal to |
177 // numbers whose first byte is >= 0x80. Thus, it is necessary to | 178 // OpenSSL. Most notably, this may have leading zeroes stripped off for |
178 // re-encoded the integer back into DER, which is what the interface | 179 // numbers whose first byte is >= 0x80. Thus, it is necessary to |
179 // of X509Certificate exposes, to ensure callers get the proper (DER) | 180 // re-encoded the integer back into DER, which is what the interface |
180 // value. | 181 // of X509Certificate exposes, to ensure callers get the proper (DER) |
181 int bytes_required = i2c_ASN1_INTEGER(serial_num, nullptr); | 182 // value. |
182 unsigned char* buffer = reinterpret_cast<unsigned char*>( | 183 int bytes_required = i2c_ASN1_INTEGER(serial_num, nullptr); |
183 base::WriteInto(&serial_number_, bytes_required + 1)); | 184 unsigned char* buffer = reinterpret_cast<unsigned char*>( |
184 int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer); | 185 base::WriteInto(&serial_number_, bytes_required + 1)); |
185 DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size()); | 186 int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer); |
186 } | 187 DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size()); |
187 | 188 |
188 ParsePrincipal(cert_handle_, X509_get_subject_name(x509_cert.get()), | 189 return ( |
189 &subject_); | 190 ParsePrincipal(cert_handle_, X509_get_subject_name(x509_cert.get()), |
190 ParsePrincipal(cert_handle_, X509_get_issuer_name(x509_cert.get()), &issuer_); | 191 &subject_) && |
191 x509_util::ParseDate(X509_get_notBefore(x509_cert.get()), &valid_start_); | 192 ParsePrincipal(cert_handle_, X509_get_issuer_name(x509_cert.get()), |
192 x509_util::ParseDate(X509_get_notAfter(x509_cert.get()), &valid_expiry_); | 193 &issuer_) && |
| 194 x509_util::ParseDate(X509_get_notBefore(x509_cert.get()), |
| 195 &valid_start_) && |
| 196 x509_util::ParseDate(X509_get_notAfter(x509_cert.get()), &valid_expiry_)); |
193 } | 197 } |
194 | 198 |
195 // static | 199 // static |
196 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { | 200 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { |
197 SHA256HashValue sha256; | 201 SHA256HashValue sha256; |
198 memset(sha256.data, 0, sizeof(sha256.data)); | 202 memset(sha256.data, 0, sizeof(sha256.data)); |
199 | 203 |
200 ScopedCFTypeRef<CFDataRef> cert_data(SecCertificateCopyData(cert)); | 204 ScopedCFTypeRef<CFDataRef> cert_data(SecCertificateCopyData(cert)); |
201 if (!cert_data) | 205 if (!cert_data) |
202 return sha256; | 206 return sha256; |
(...skipping 234 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
437 return false; | 441 return false; |
438 bssl::UniquePtr<EVP_PKEY> scoped_key(X509_get_pubkey(cert.get())); | 442 bssl::UniquePtr<EVP_PKEY> scoped_key(X509_get_pubkey(cert.get())); |
439 if (!scoped_key) | 443 if (!scoped_key) |
440 return false; | 444 return false; |
441 if (!X509_verify(cert.get(), scoped_key.get())) | 445 if (!X509_verify(cert.get(), scoped_key.get())) |
442 return false; | 446 return false; |
443 return X509_check_issued(cert.get(), cert.get()) == X509_V_OK; | 447 return X509_check_issued(cert.get(), cert.get()) == X509_V_OK; |
444 } | 448 } |
445 | 449 |
446 } // namespace net | 450 } // namespace net |
OLD | NEW |