OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
6 | 6 |
7 #include <memory> | 7 #include <memory> |
8 | 8 |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/memory/free_deleter.h" | 10 #include "base/memory/free_deleter.h" |
(...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
144 valid_expiry_ = Time::FromFileTime(cert_handle_->pCertInfo->NotAfter); | 144 valid_expiry_ = Time::FromFileTime(cert_handle_->pCertInfo->NotAfter); |
145 | 145 |
146 const CRYPT_INTEGER_BLOB* serial = &cert_handle_->pCertInfo->SerialNumber; | 146 const CRYPT_INTEGER_BLOB* serial = &cert_handle_->pCertInfo->SerialNumber; |
147 std::unique_ptr<uint8_t[]> serial_bytes(new uint8_t[serial->cbData]); | 147 std::unique_ptr<uint8_t[]> serial_bytes(new uint8_t[serial->cbData]); |
148 for (unsigned i = 0; i < serial->cbData; i++) | 148 for (unsigned i = 0; i < serial->cbData; i++) |
149 serial_bytes[i] = serial->pbData[serial->cbData - i - 1]; | 149 serial_bytes[i] = serial->pbData[serial->cbData - i - 1]; |
150 serial_number_ = std::string( | 150 serial_number_ = std::string( |
151 reinterpret_cast<char*>(serial_bytes.get()), serial->cbData); | 151 reinterpret_cast<char*>(serial_bytes.get()), serial->cbData); |
152 } | 152 } |
153 | 153 |
154 void X509Certificate::GetSubjectAltName( | 154 bool X509Certificate::GetSubjectAltName( |
155 std::vector<std::string>* dns_names, | 155 std::vector<std::string>* dns_names, |
156 std::vector<std::string>* ip_addrs) const { | 156 std::vector<std::string>* ip_addrs) const { |
157 if (dns_names) | 157 if (dns_names) |
158 dns_names->clear(); | 158 dns_names->clear(); |
159 if (ip_addrs) | 159 if (ip_addrs) |
160 ip_addrs->clear(); | 160 ip_addrs->clear(); |
161 | 161 |
162 if (!cert_handle_) | 162 if (!cert_handle_) |
163 return; | 163 return false; |
164 | 164 |
165 std::unique_ptr<CERT_ALT_NAME_INFO, base::FreeDeleter> alt_name_info; | 165 std::unique_ptr<CERT_ALT_NAME_INFO, base::FreeDeleter> alt_name_info; |
166 GetCertSubjectAltName(cert_handle_, &alt_name_info); | 166 GetCertSubjectAltName(cert_handle_, &alt_name_info); |
167 CERT_ALT_NAME_INFO* alt_name = alt_name_info.get(); | 167 CERT_ALT_NAME_INFO* alt_name = alt_name_info.get(); |
168 if (alt_name) { | 168 if (!alt_name) |
169 int num_entries = alt_name->cAltEntry; | 169 return false; |
170 for (int i = 0; i < num_entries; i++) { | |
171 // dNSName is an ASN.1 IA5String representing a string of ASCII | |
172 // characters, so we can use UTF16ToASCII here. | |
173 const CERT_ALT_NAME_ENTRY& entry = alt_name->rgAltEntry[i]; | |
174 | 170 |
175 if (dns_names && entry.dwAltNameChoice == CERT_ALT_NAME_DNS_NAME) { | 171 bool has_san = false; |
| 172 for (DWORD i = 0, num_entries = alt_name->cAltEntry; i < num_entries; i++) { |
| 173 // dNSName is an ASN.1 IA5String representing a string of ASCII |
| 174 // characters, so we can use UTF16ToASCII here. |
| 175 const CERT_ALT_NAME_ENTRY& entry = alt_name->rgAltEntry[i]; |
| 176 |
| 177 if (entry.dwAltNameChoice == CERT_ALT_NAME_DNS_NAME) { |
| 178 has_san = true; |
| 179 if (dns_names) |
176 dns_names->push_back(base::UTF16ToASCII(entry.pwszDNSName)); | 180 dns_names->push_back(base::UTF16ToASCII(entry.pwszDNSName)); |
177 } else if (ip_addrs && | 181 } else if (entry.dwAltNameChoice == CERT_ALT_NAME_IP_ADDRESS) { |
178 entry.dwAltNameChoice == CERT_ALT_NAME_IP_ADDRESS) { | 182 has_san = true; |
| 183 if (ip_addrs) { |
179 ip_addrs->push_back(std::string( | 184 ip_addrs->push_back(std::string( |
180 reinterpret_cast<const char*>(entry.IPAddress.pbData), | 185 reinterpret_cast<const char*>(entry.IPAddress.pbData), |
181 entry.IPAddress.cbData)); | 186 entry.IPAddress.cbData)); |
182 } | 187 } |
183 } | 188 } |
| 189 // Fast path: Found at least one subjectAltName and the caller doesn't |
| 190 // need the actual values. |
| 191 if (has_san && !ip_addrs && !dns_names) |
| 192 return true; |
184 } | 193 } |
| 194 |
| 195 return has_san; |
185 } | 196 } |
186 | 197 |
187 PCCERT_CONTEXT X509Certificate::CreateOSCertChainForCert() const { | 198 PCCERT_CONTEXT X509Certificate::CreateOSCertChainForCert() const { |
188 // Create an in-memory certificate store to hold this certificate and | 199 // Create an in-memory certificate store to hold this certificate and |
189 // any intermediate certificates in |intermediate_ca_certs_|. The store | 200 // any intermediate certificates in |intermediate_ca_certs_|. The store |
190 // will be referenced in the returned PCCERT_CONTEXT, and will not be freed | 201 // will be referenced in the returned PCCERT_CONTEXT, and will not be freed |
191 // until the PCCERT_CONTEXT is freed. | 202 // until the PCCERT_CONTEXT is freed. |
192 ScopedHCERTSTORE store(CertOpenStore( | 203 ScopedHCERTSTORE store(CertOpenStore( |
193 CERT_STORE_PROV_MEMORY, 0, NULL, | 204 CERT_STORE_PROV_MEMORY, 0, NULL, |
194 CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG, NULL)); | 205 CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG, NULL)); |
(...skipping 254 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
449 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, | 460 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, |
450 reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)), 0, NULL); | 461 reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)), 0, NULL); |
451 if (!valid_signature) | 462 if (!valid_signature) |
452 return false; | 463 return false; |
453 return !!CertCompareCertificateName(X509_ASN_ENCODING, | 464 return !!CertCompareCertificateName(X509_ASN_ENCODING, |
454 &cert_handle->pCertInfo->Subject, | 465 &cert_handle->pCertInfo->Subject, |
455 &cert_handle->pCertInfo->Issuer); | 466 &cert_handle->pCertInfo->Issuer); |
456 } | 467 } |
457 | 468 |
458 } // namespace net | 469 } // namespace net |
OLD | NEW |