OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <cert.h> // Must be included before certdb.h | 5 #include <cert.h> // Must be included before certdb.h |
6 #include <certdb.h> | 6 #include <certdb.h> |
7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
8 #include <nss.h> | 8 #include <nss.h> |
9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
10 #include <prerror.h> | 10 #include <prerror.h> |
(...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
152 SECStatus rv = DER_DecodeTimeChoice(&prtime, der_date); | 152 SECStatus rv = DER_DecodeTimeChoice(&prtime, der_date); |
153 DCHECK_EQ(SECSuccess, rv); | 153 DCHECK_EQ(SECSuccess, rv); |
154 *result = crypto::PRTimeToBaseTime(prtime); | 154 *result = crypto::PRTimeToBaseTime(prtime); |
155 } | 155 } |
156 | 156 |
157 std::string ParseSerialNumber(const CERTCertificate* certificate) { | 157 std::string ParseSerialNumber(const CERTCertificate* certificate) { |
158 return std::string(reinterpret_cast<char*>(certificate->serialNumber.data), | 158 return std::string(reinterpret_cast<char*>(certificate->serialNumber.data), |
159 certificate->serialNumber.len); | 159 certificate->serialNumber.len); |
160 } | 160 } |
161 | 161 |
162 void GetSubjectAltName(CERTCertificate* cert_handle, | 162 bool GetSubjectAltName(CERTCertificate* cert_handle, |
163 std::vector<std::string>* dns_names, | 163 std::vector<std::string>* dns_names, |
164 std::vector<std::string>* ip_addrs) { | 164 std::vector<std::string>* ip_addrs) { |
165 if (dns_names) | 165 if (dns_names) |
166 dns_names->clear(); | 166 dns_names->clear(); |
167 if (ip_addrs) | 167 if (ip_addrs) |
168 ip_addrs->clear(); | 168 ip_addrs->clear(); |
169 | 169 |
170 SECItem alt_name; | 170 SECItem alt_name; |
171 SECStatus rv = CERT_FindCertExtension( | 171 SECStatus rv = CERT_FindCertExtension( |
172 cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, &alt_name); | 172 cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, &alt_name); |
173 if (rv != SECSuccess) | 173 if (rv != SECSuccess) |
174 return; | 174 return false; |
175 | 175 |
176 PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 176 crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); |
177 DCHECK(arena != NULL); | |
178 | 177 |
179 CERTGeneralName* alt_name_list; | 178 CERTGeneralName* alt_name_list; |
180 alt_name_list = CERT_DecodeAltNameExtension(arena, &alt_name); | 179 alt_name_list = CERT_DecodeAltNameExtension(arena.get(), &alt_name); |
181 SECITEM_FreeItem(&alt_name, PR_FALSE); | 180 SECITEM_FreeItem(&alt_name, PR_FALSE); |
182 | 181 |
| 182 bool has_san = false; |
183 CERTGeneralName* name = alt_name_list; | 183 CERTGeneralName* name = alt_name_list; |
184 while (name) { | 184 while (name) { |
185 // DNSName and IPAddress are encoded as IA5String and OCTET STRINGs | 185 // DNSName and IPAddress are encoded as IA5String and OCTET STRINGs |
186 // respectively, both of which can be byte copied from | 186 // respectively, both of which can be byte copied from |
187 // SECItemType::data into the appropriate output vector. | 187 // SECItemType::data into the appropriate output vector. |
188 if (dns_names && name->type == certDNSName) { | 188 if (name->type == certDNSName) { |
189 dns_names->push_back( | 189 has_san = true; |
190 std::string(reinterpret_cast<char*>(name->name.other.data), | 190 if (dns_names) { |
191 name->name.other.len)); | 191 dns_names->push_back( |
192 } else if (ip_addrs && name->type == certIPAddress) { | 192 std::string(reinterpret_cast<char*>(name->name.other.data), |
193 ip_addrs->push_back( | 193 name->name.other.len)); |
194 std::string(reinterpret_cast<char*>(name->name.other.data), | 194 } |
195 name->name.other.len)); | 195 } else if (name->type == certIPAddress) { |
| 196 has_san = true; |
| 197 if (ip_addrs) { |
| 198 ip_addrs->push_back( |
| 199 std::string(reinterpret_cast<char*>(name->name.other.data), |
| 200 name->name.other.len)); |
| 201 } |
196 } | 202 } |
| 203 // Fast path: Found at least one subjectAltName and the caller doesn't |
| 204 // need the actual values. |
| 205 if (has_san && !ip_addrs && !dns_names) |
| 206 return true; |
| 207 |
197 name = CERT_GetNextGeneralName(name); | 208 name = CERT_GetNextGeneralName(name); |
198 if (name == alt_name_list) | 209 if (name == alt_name_list) |
199 break; | 210 break; |
200 } | 211 } |
201 PORT_FreeArena(arena, PR_FALSE); | 212 return has_san; |
202 } | 213 } |
203 | 214 |
204 void GetRFC822SubjectAltNames(CERTCertificate* cert_handle, | 215 void GetRFC822SubjectAltNames(CERTCertificate* cert_handle, |
205 std::vector<std::string>* names) { | 216 std::vector<std::string>* names) { |
206 crypto::ScopedSECItem alt_name(SECITEM_AllocItem(NULL, NULL, 0)); | 217 crypto::ScopedSECItem alt_name(SECITEM_AllocItem(NULL, NULL, 0)); |
207 DCHECK(alt_name.get()); | 218 DCHECK(alt_name.get()); |
208 | 219 |
209 names->clear(); | 220 names->clear(); |
210 SECStatus rv = CERT_FindCertExtension( | 221 SECStatus rv = CERT_FindCertExtension( |
211 cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, alt_name.get()); | 222 cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, alt_name.get()); |
(...skipping 194 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
406 base::SStringPrintf(&new_name, "%s #%d", nickname.c_str(), index++); | 417 base::SStringPrintf(&new_name, "%s #%d", nickname.c_str(), index++); |
407 temp_nickname = token_name + new_name; | 418 temp_nickname = token_name + new_name; |
408 } | 419 } |
409 | 420 |
410 return new_name; | 421 return new_name; |
411 } | 422 } |
412 | 423 |
413 } // namespace x509_util | 424 } // namespace x509_util |
414 | 425 |
415 } // namespace net | 426 } // namespace net |
OLD | NEW |