OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
6 | 6 |
7 #include "base/macros.h" | 7 #include "base/macros.h" |
8 #include "base/memory/singleton.h" | 8 #include "base/memory/singleton.h" |
9 #include "base/numerics/safe_conversions.h" | 9 #include "base/numerics/safe_conversions.h" |
10 #include "base/pickle.h" | 10 #include "base/pickle.h" |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
61 std::vector<std::string>* fields) { | 61 std::vector<std::string>* fields) { |
62 for (int index = -1; | 62 for (int index = -1; |
63 (index = X509_NAME_get_index_by_NID(name, nid, index)) != -1;) { | 63 (index = X509_NAME_get_index_by_NID(name, nid, index)) != -1;) { |
64 std::string field; | 64 std::string field; |
65 if (!x509_util::ParsePrincipalValueByIndex(name, index, &field)) | 65 if (!x509_util::ParsePrincipalValueByIndex(name, index, &field)) |
66 break; | 66 break; |
67 fields->push_back(field); | 67 fields->push_back(field); |
68 } | 68 } |
69 } | 69 } |
70 | 70 |
71 void ParsePrincipal(X509Certificate::OSCertHandle cert, | 71 bool ParsePrincipal(X509Certificate::OSCertHandle cert, |
72 X509_NAME* x509_name, | 72 X509_NAME* x509_name, |
73 CertPrincipal* principal) { | 73 CertPrincipal* principal) { |
74 if (!x509_name) | 74 if (!x509_name) |
75 return; | 75 return false; |
76 | 76 |
77 ParsePrincipalValues(x509_name, NID_streetAddress, | 77 ParsePrincipalValues(x509_name, NID_streetAddress, |
78 &principal->street_addresses); | 78 &principal->street_addresses); |
79 ParsePrincipalValues(x509_name, NID_organizationName, | 79 ParsePrincipalValues(x509_name, NID_organizationName, |
80 &principal->organization_names); | 80 &principal->organization_names); |
81 ParsePrincipalValues(x509_name, NID_organizationalUnitName, | 81 ParsePrincipalValues(x509_name, NID_organizationalUnitName, |
82 &principal->organization_unit_names); | 82 &principal->organization_unit_names); |
83 ParsePrincipalValues(x509_name, NID_domainComponent, | 83 ParsePrincipalValues(x509_name, NID_domainComponent, |
84 &principal->domain_components); | 84 &principal->domain_components); |
85 | 85 |
86 x509_util::ParsePrincipalValueByNID(x509_name, NID_commonName, | 86 x509_util::ParsePrincipalValueByNID(x509_name, NID_commonName, |
87 &principal->common_name); | 87 &principal->common_name); |
88 x509_util::ParsePrincipalValueByNID(x509_name, NID_localityName, | 88 x509_util::ParsePrincipalValueByNID(x509_name, NID_localityName, |
89 &principal->locality_name); | 89 &principal->locality_name); |
90 x509_util::ParsePrincipalValueByNID(x509_name, NID_stateOrProvinceName, | 90 x509_util::ParsePrincipalValueByNID(x509_name, NID_stateOrProvinceName, |
91 &principal->state_or_province_name); | 91 &principal->state_or_province_name); |
92 x509_util::ParsePrincipalValueByNID(x509_name, NID_countryName, | 92 x509_util::ParsePrincipalValueByNID(x509_name, NID_countryName, |
93 &principal->country_name); | 93 &principal->country_name); |
| 94 return true; |
94 } | 95 } |
95 | 96 |
96 bool ParseSubjectAltName(X509Certificate::OSCertHandle cert, | 97 bool ParseSubjectAltName(X509Certificate::OSCertHandle cert, |
97 std::vector<std::string>* dns_names, | 98 std::vector<std::string>* dns_names, |
98 std::vector<std::string>* ip_addresses) { | 99 std::vector<std::string>* ip_addresses) { |
99 int index = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1); | 100 int index = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1); |
100 X509_EXTENSION* alt_name_ext = X509_get_ext(cert, index); | 101 X509_EXTENSION* alt_name_ext = X509_get_ext(cert, index); |
101 if (!alt_name_ext) | 102 if (!alt_name_ext) |
102 return false; | 103 return false; |
103 | 104 |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
179 } | 180 } |
180 | 181 |
181 // static | 182 // static |
182 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { | 183 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { |
183 // Decrement the ref-count for the cert and, if all references are gone, | 184 // Decrement the ref-count for the cert and, if all references are gone, |
184 // free the memory and any application-specific data associated with the | 185 // free the memory and any application-specific data associated with the |
185 // certificate. | 186 // certificate. |
186 X509_free(cert_handle); | 187 X509_free(cert_handle); |
187 } | 188 } |
188 | 189 |
189 void X509Certificate::Initialize() { | 190 bool X509Certificate::Initialize() { |
190 crypto::EnsureOpenSSLInit(); | 191 crypto::EnsureOpenSSLInit(); |
191 | 192 |
192 ASN1_INTEGER* serial_num = X509_get_serialNumber(cert_handle_); | 193 ASN1_INTEGER* serial_num = X509_get_serialNumber(cert_handle_); |
193 if (serial_num) { | 194 if (!serial_num) |
194 // ASN1_INTEGERS represent the decoded number, in a format internal to | 195 return false; |
195 // OpenSSL. Most notably, this may have leading zeroes stripped off for | 196 // ASN1_INTEGERS represent the decoded number, in a format internal to |
196 // numbers whose first byte is >= 0x80. Thus, it is necessary to | 197 // OpenSSL. Most notably, this may have leading zeroes stripped off for |
197 // re-encoded the integer back into DER, which is what the interface | 198 // numbers whose first byte is >= 0x80. Thus, it is necessary to |
198 // of X509Certificate exposes, to ensure callers get the proper (DER) | 199 // re-encoded the integer back into DER, which is what the interface |
199 // value. | 200 // of X509Certificate exposes, to ensure callers get the proper (DER) |
200 int bytes_required = i2c_ASN1_INTEGER(serial_num, NULL); | 201 // value. |
201 unsigned char* buffer = reinterpret_cast<unsigned char*>( | 202 int bytes_required = i2c_ASN1_INTEGER(serial_num, NULL); |
202 base::WriteInto(&serial_number_, bytes_required + 1)); | 203 unsigned char* buffer = reinterpret_cast<unsigned char*>( |
203 int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer); | 204 base::WriteInto(&serial_number_, bytes_required + 1)); |
204 DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size()); | 205 int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer); |
205 } | 206 DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size()); |
206 | 207 |
207 ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_); | 208 return ( |
208 ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), &issuer_); | 209 ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), |
209 x509_util::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_); | 210 &subject_) && |
210 x509_util::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_); | 211 ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), |
| 212 &issuer_) && |
| 213 x509_util::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_) && |
| 214 x509_util::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_)); |
211 } | 215 } |
212 | 216 |
213 // static | 217 // static |
214 void X509Certificate::ResetCertStore() { | 218 void X509Certificate::ResetCertStore() { |
215 X509InitSingleton::GetInstance()->ResetCertStore(); | 219 X509InitSingleton::GetInstance()->ResetCertStore(); |
216 } | 220 } |
217 | 221 |
218 // static | 222 // static |
219 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { | 223 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { |
220 SHA256HashValue sha256; | 224 SHA256HashValue sha256; |
(...skipping 212 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
433 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) { | 437 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) { |
434 bssl::UniquePtr<EVP_PKEY> scoped_key(X509_get_pubkey(cert_handle)); | 438 bssl::UniquePtr<EVP_PKEY> scoped_key(X509_get_pubkey(cert_handle)); |
435 if (!scoped_key) | 439 if (!scoped_key) |
436 return false; | 440 return false; |
437 if (!X509_verify(cert_handle, scoped_key.get())) | 441 if (!X509_verify(cert_handle, scoped_key.get())) |
438 return false; | 442 return false; |
439 return X509_check_issued(cert_handle, cert_handle) == X509_V_OK; | 443 return X509_check_issued(cert_handle, cert_handle) == X509_V_OK; |
440 } | 444 } |
441 | 445 |
442 } // namespace net | 446 } // namespace net |
OLD | NEW |