OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
6 | 6 |
7 #include <memory> | 7 #include <memory> |
8 | 8 |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/memory/free_deleter.h" | 10 #include "base/memory/free_deleter.h" |
(...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
144 valid_expiry_ = Time::FromFileTime(cert_handle_->pCertInfo->NotAfter); | 144 valid_expiry_ = Time::FromFileTime(cert_handle_->pCertInfo->NotAfter); |
145 | 145 |
146 const CRYPT_INTEGER_BLOB* serial = &cert_handle_->pCertInfo->SerialNumber; | 146 const CRYPT_INTEGER_BLOB* serial = &cert_handle_->pCertInfo->SerialNumber; |
147 std::unique_ptr<uint8_t[]> serial_bytes(new uint8_t[serial->cbData]); | 147 std::unique_ptr<uint8_t[]> serial_bytes(new uint8_t[serial->cbData]); |
148 for (unsigned i = 0; i < serial->cbData; i++) | 148 for (unsigned i = 0; i < serial->cbData; i++) |
149 serial_bytes[i] = serial->pbData[serial->cbData - i - 1]; | 149 serial_bytes[i] = serial->pbData[serial->cbData - i - 1]; |
150 serial_number_ = std::string( | 150 serial_number_ = std::string( |
151 reinterpret_cast<char*>(serial_bytes.get()), serial->cbData); | 151 reinterpret_cast<char*>(serial_bytes.get()), serial->cbData); |
152 } | 152 } |
153 | 153 |
154 void X509Certificate::GetSubjectAltName( | 154 bool X509Certificate::GetSubjectAltName( |
155 std::vector<std::string>* dns_names, | 155 std::vector<std::string>* dns_names, |
156 std::vector<std::string>* ip_addrs) const { | 156 std::vector<std::string>* ip_addrs) const { |
157 if (dns_names) | 157 if (dns_names) |
158 dns_names->clear(); | 158 dns_names->clear(); |
159 if (ip_addrs) | 159 if (ip_addrs) |
160 ip_addrs->clear(); | 160 ip_addrs->clear(); |
161 | 161 |
162 if (!cert_handle_) | 162 if (!cert_handle_) |
163 return; | 163 return false; |
164 | 164 |
165 std::unique_ptr<CERT_ALT_NAME_INFO, base::FreeDeleter> alt_name_info; | 165 std::unique_ptr<CERT_ALT_NAME_INFO, base::FreeDeleter> alt_name_info; |
166 GetCertSubjectAltName(cert_handle_, &alt_name_info); | 166 GetCertSubjectAltName(cert_handle_, &alt_name_info); |
167 CERT_ALT_NAME_INFO* alt_name = alt_name_info.get(); | 167 CERT_ALT_NAME_INFO* alt_name = alt_name_info.get(); |
168 if (alt_name) { | 168 if (!alt_name) |
169 int num_entries = alt_name->cAltEntry; | 169 return false; |
170 for (int i = 0; i < num_entries; i++) { | |
171 // dNSName is an ASN.1 IA5String representing a string of ASCII | |
172 // characters, so we can use UTF16ToASCII here. | |
173 const CERT_ALT_NAME_ENTRY& entry = alt_name->rgAltEntry[i]; | |
174 | 170 |
175 if (dns_names && entry.dwAltNameChoice == CERT_ALT_NAME_DNS_NAME) { | 171 bool has_san = false; |
172 int num_entries = alt_name->cAltEntry; | |
eroman
2017/03/21 21:09:54
Why the implicit signed cast? (I believe cAltEntry
| |
173 for (int i = 0; i < num_entries; i++) { | |
174 // dNSName is an ASN.1 IA5String representing a string of ASCII | |
175 // characters, so we can use UTF16ToASCII here. | |
176 const CERT_ALT_NAME_ENTRY& entry = alt_name->rgAltEntry[i]; | |
177 | |
178 if (entry.dwAltNameChoice == CERT_ALT_NAME_DNS_NAME) { | |
179 has_san = true; | |
180 if (dns_names) | |
176 dns_names->push_back(base::UTF16ToASCII(entry.pwszDNSName)); | 181 dns_names->push_back(base::UTF16ToASCII(entry.pwszDNSName)); |
177 } else if (ip_addrs && | 182 } else if (entry.dwAltNameChoice == CERT_ALT_NAME_IP_ADDRESS) { |
178 entry.dwAltNameChoice == CERT_ALT_NAME_IP_ADDRESS) { | 183 has_san = true; |
184 if (ip_addrs) { | |
179 ip_addrs->push_back(std::string( | 185 ip_addrs->push_back(std::string( |
180 reinterpret_cast<const char*>(entry.IPAddress.pbData), | 186 reinterpret_cast<const char*>(entry.IPAddress.pbData), |
181 entry.IPAddress.cbData)); | 187 entry.IPAddress.cbData)); |
182 } | 188 } |
183 } | 189 } |
190 // Fast path: Found at least one subjectAltName and the caller doesn't | |
191 // need the actual values. | |
192 if (has_san && !ip_addrs && !dns_names) | |
193 return true; | |
184 } | 194 } |
195 | |
196 return has_san; | |
185 } | 197 } |
186 | 198 |
187 PCCERT_CONTEXT X509Certificate::CreateOSCertChainForCert() const { | 199 PCCERT_CONTEXT X509Certificate::CreateOSCertChainForCert() const { |
188 // Create an in-memory certificate store to hold this certificate and | 200 // Create an in-memory certificate store to hold this certificate and |
189 // any intermediate certificates in |intermediate_ca_certs_|. The store | 201 // any intermediate certificates in |intermediate_ca_certs_|. The store |
190 // will be referenced in the returned PCCERT_CONTEXT, and will not be freed | 202 // will be referenced in the returned PCCERT_CONTEXT, and will not be freed |
191 // until the PCCERT_CONTEXT is freed. | 203 // until the PCCERT_CONTEXT is freed. |
192 ScopedHCERTSTORE store(CertOpenStore( | 204 ScopedHCERTSTORE store(CertOpenStore( |
193 CERT_STORE_PROV_MEMORY, 0, NULL, | 205 CERT_STORE_PROV_MEMORY, 0, NULL, |
194 CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG, NULL)); | 206 CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG, NULL)); |
(...skipping 254 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
449 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, | 461 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, |
450 reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)), 0, NULL); | 462 reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)), 0, NULL); |
451 if (!valid_signature) | 463 if (!valid_signature) |
452 return false; | 464 return false; |
453 return !!CertCompareCertificateName(X509_ASN_ENCODING, | 465 return !!CertCompareCertificateName(X509_ASN_ENCODING, |
454 &cert_handle->pCertInfo->Subject, | 466 &cert_handle->pCertInfo->Subject, |
455 &cert_handle->pCertInfo->Issuer); | 467 &cert_handle->pCertInfo->Issuer); |
456 } | 468 } |
457 | 469 |
458 } // namespace net | 470 } // namespace net |
OLD | NEW |