net/base/x509_certificate_nss.cc - Issue 2812064: Revert 52799 - Add support for parsing certificate formats other than raw, DE...

Side by Side Diff: net/base/x509_certificate_nss.cc

Issue 2812064: Revert 52799 - Add support for parsing certificate formats other than raw, DE... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Created 10 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/base/x509_certificate.h"	5 #include "net/base/x509_certificate.h"

6	6

7 #include <cert.h>	7 #include <cert.h>

8 #include <nss.h>	8 #include <nss.h>

9 #include <pk11pub.h>	9 #include <pk11pub.h>

10 #include <prerror.h>	10 #include <prerror.h>

11 #include <prtime.h>	11 #include <prtime.h>

12 #include <secder.h>	12 #include <secder.h>

13 #include <secerr.h>	13 #include <secerr.h>

14 #include <sechash.h>	14 #include <sechash.h>

15 #include <sslerr.h>	15 #include <sslerr.h>

16	16

17 #include "base/logging.h"	17 #include "base/logging.h"

18 #include "base/pickle.h"	18 #include "base/pickle.h"

19 #include "base/scoped_ptr.h"

20 #include "base/time.h"	19 #include "base/time.h"

21 #include "base/nss_util.h"	20 #include "base/nss_util.h"

22 #include "net/base/cert_status_flags.h"	21 #include "net/base/cert_status_flags.h"

23 #include "net/base/cert_verify_result.h"	22 #include "net/base/cert_verify_result.h"

24 #include "net/base/ev_root_ca_metadata.h"	23 #include "net/base/ev_root_ca_metadata.h"

25 #include "net/base/net_errors.h"	24 #include "net/base/net_errors.h"

26	25

27 namespace net {	26 namespace net {

28	27

29 namespace {	28 namespace {

(...skipping 535 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
565 SECOidTag oid_tag = policy_info->oid;	564 SECOidTag oid_tag = policy_info->oid;

566 if (oid_tag == SEC_OID_UNKNOWN)	565 if (oid_tag == SEC_OID_UNKNOWN)

567 continue;	566 continue;

568 if (oid_tag == ev_policy_tag)	567 if (oid_tag == ev_policy_tag)

569 return true;	568 return true;

570 }	569 }

571 LOG(ERROR) << "No EV Policy Tag";	570 LOG(ERROR) << "No EV Policy Tag";

572 return false;	571 return false;

573 }	572 }

574	573

575 SECStatus PR_CALLBACK

576 CollectCertsCallback(void* arg, SECItem** certs, int num_certs) {

577 X509Certificate::OSCertHandles* results =

578 reinterpret_cast<X509Certificate::OSCertHandles*>(arg);

579

580 for (int i = 0; i < num_certs; ++i) {

581 X509Certificate::OSCertHandle handle =

582 X509Certificate::CreateOSCertHandleFromBytes(

583 reinterpret_cast<char*>(certs[i]->data), certs[i]->len);

584 if (handle)

585 results->push_back(handle);

586 }

587

588 return SECSuccess;

589 }

590

591 } // namespace	574 } // namespace

592	575

593 void X509Certificate::Initialize() {	576 void X509Certificate::Initialize() {

594 ParsePrincipal(&cert_handle_->subject, &subject_);	577 ParsePrincipal(&cert_handle_->subject, &subject_);

595 ParsePrincipal(&cert_handle_->issuer, &issuer_);	578 ParsePrincipal(&cert_handle_->issuer, &issuer_);

596	579

597 ParseDate(&cert_handle_->validity.notBefore, &valid_start_);	580 ParseDate(&cert_handle_->validity.notBefore, &valid_start_);

598 ParseDate(&cert_handle_->validity.notAfter, &valid_expiry_);	581 ParseDate(&cert_handle_->validity.notAfter, &valid_expiry_);

599	582

600 fingerprint_ = CalculateFingerprint(cert_handle_);	583 fingerprint_ = CalculateFingerprint(cert_handle_);

(...skipping 130 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
731	714

732 if (!CheckCertPolicies(cert_handle_, ev_policy_tag))	715 if (!CheckCertPolicies(cert_handle_, ev_policy_tag))

733 return false;	716 return false;

734	717

735 return true;	718 return true;

736 }	719 }

737	720

738 // static	721 // static

739 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes(	722 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes(

740 const char* data, int length) {	723 const char* data, int length) {

741 if (length < 0)

742 return NULL;

743

744 base::EnsureNSSInit();	724 base::EnsureNSSInit();

745	725

746 if (!NSS_IsInitialized())	726 if (!NSS_IsInitialized())

747 return NULL;	727 return NULL;

748	728

749 SECItem der_cert;	729 // Make a copy of \|data\| since CERT_DecodeCertPackage might modify it.

750 der_cert.data = reinterpret_cast<unsigned char>(const_cast<char>(data));	730 char* data_copy = new char[length];

751 der_cert.len = length;	731 memcpy(data_copy, data, length);

752 der_cert.type = siDERCertBuffer;

753	732

754 // Parse into a certificate structure.	733 // Parse into a certificate structure.

755 return CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &der_cert, NULL,	734 CERTCertificate* cert = CERT_DecodeCertFromPackage(data_copy, length);

756 PR_FALSE, PR_TRUE);	735 delete [] data_copy;

757 }	736 if (!cert)

758	737 LOG(ERROR) << "Couldn't parse a certificate from " << length << " bytes";

759 // static	738 return cert;

760 X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes(

761 const char* data, int length, Format format) {

762 OSCertHandles results;

763 if (length < 0)

764 return results;

765

766 base::EnsureNSSInit();

767

768 if (!NSS_IsInitialized())

769 return results;

770

771 switch (format) {

772 case FORMAT_DER: {

773 OSCertHandle handle = CreateOSCertHandleFromBytes(data, length);

774 if (handle)

775 results.push_back(handle);

776 break;

777 }

778 case FORMAT_PKCS7: {

779 // Make a copy since CERT_DecodeCertPackage may modify it

780 std::vector<char> data_copy(data, data + length);

781

782 SECStatus result = CERT_DecodeCertPackage(&data_copy[0],

783 length, CollectCertsCallback, &results);

784 if (result != SECSuccess)

785 results.clear();

786 break;

787 }

788 default:

789 NOTREACHED() << "Certificate format " << format << " unimplemented";

790 break;

791 }

792

793 return results;

794 }	739 }

795	740

796 // static	741 // static

797 X509Certificate::OSCertHandle X509Certificate::DupOSCertHandle(	742 X509Certificate::OSCertHandle X509Certificate::DupOSCertHandle(

798 OSCertHandle cert_handle) {	743 OSCertHandle cert_handle) {

799 return CERT_DupCertificate(cert_handle);	744 return CERT_DupCertificate(cert_handle);

800 }	745 }

801	746

802 // static	747 // static

803 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {	748 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {

(...skipping 10 matching lines...) Expand all Loading...
814 DCHECK(0 != cert->derCert.len);	759 DCHECK(0 != cert->derCert.len);

815	760

816 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data,	761 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data,

817 cert->derCert.data, cert->derCert.len);	762 cert->derCert.data, cert->derCert.len);

818 DCHECK(rv == SECSuccess);	763 DCHECK(rv == SECSuccess);

819	764

820 return sha1;	765 return sha1;

821 }	766 }

822	767

823 } // namespace net	768 } // namespace net

OLD	NEW

« no previous file with comments | « net/base/x509_certificate_mac.cc ('k') | net/base/x509_certificate_unittest.cc » ('j') | net/base/x509_certificate_unittest.cc » ('J')