OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include <cert.h> | 7 #include <cert.h> |
8 #include <nss.h> | 8 #include <nss.h> |
9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
10 #include <prerror.h> | 10 #include <prerror.h> |
11 #include <prtime.h> | 11 #include <prtime.h> |
12 #include <secder.h> | 12 #include <secder.h> |
13 #include <secerr.h> | 13 #include <secerr.h> |
14 #include <sechash.h> | 14 #include <sechash.h> |
15 #include <sslerr.h> | 15 #include <sslerr.h> |
16 | 16 |
17 #include "base/logging.h" | 17 #include "base/logging.h" |
18 #include "base/pickle.h" | 18 #include "base/pickle.h" |
| 19 #include "base/scoped_ptr.h" |
19 #include "base/time.h" | 20 #include "base/time.h" |
20 #include "base/nss_util.h" | 21 #include "base/nss_util.h" |
21 #include "net/base/cert_status_flags.h" | 22 #include "net/base/cert_status_flags.h" |
22 #include "net/base/cert_verify_result.h" | 23 #include "net/base/cert_verify_result.h" |
23 #include "net/base/ev_root_ca_metadata.h" | 24 #include "net/base/ev_root_ca_metadata.h" |
24 #include "net/base/net_errors.h" | 25 #include "net/base/net_errors.h" |
25 | 26 |
26 namespace net { | 27 namespace net { |
27 | 28 |
28 namespace { | 29 namespace { |
(...skipping 535 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
564 SECOidTag oid_tag = policy_info->oid; | 565 SECOidTag oid_tag = policy_info->oid; |
565 if (oid_tag == SEC_OID_UNKNOWN) | 566 if (oid_tag == SEC_OID_UNKNOWN) |
566 continue; | 567 continue; |
567 if (oid_tag == ev_policy_tag) | 568 if (oid_tag == ev_policy_tag) |
568 return true; | 569 return true; |
569 } | 570 } |
570 LOG(ERROR) << "No EV Policy Tag"; | 571 LOG(ERROR) << "No EV Policy Tag"; |
571 return false; | 572 return false; |
572 } | 573 } |
573 | 574 |
| 575 SECStatus PR_CALLBACK |
| 576 CollectCertsCallback(void* arg, SECItem** certs, int num_certs) { |
| 577 X509Certificate::OSCertHandles* results = |
| 578 reinterpret_cast<X509Certificate::OSCertHandles*>(arg); |
| 579 |
| 580 for (int i = 0; i < num_certs; ++i) { |
| 581 X509Certificate::OSCertHandle handle = |
| 582 X509Certificate::CreateOSCertHandleFromBytes( |
| 583 reinterpret_cast<char*>(certs[i]->data), certs[i]->len); |
| 584 if (handle) |
| 585 results->push_back(handle); |
| 586 } |
| 587 |
| 588 return SECSuccess; |
| 589 } |
| 590 |
574 } // namespace | 591 } // namespace |
575 | 592 |
576 void X509Certificate::Initialize() { | 593 void X509Certificate::Initialize() { |
577 ParsePrincipal(&cert_handle_->subject, &subject_); | 594 ParsePrincipal(&cert_handle_->subject, &subject_); |
578 ParsePrincipal(&cert_handle_->issuer, &issuer_); | 595 ParsePrincipal(&cert_handle_->issuer, &issuer_); |
579 | 596 |
580 ParseDate(&cert_handle_->validity.notBefore, &valid_start_); | 597 ParseDate(&cert_handle_->validity.notBefore, &valid_start_); |
581 ParseDate(&cert_handle_->validity.notAfter, &valid_expiry_); | 598 ParseDate(&cert_handle_->validity.notAfter, &valid_expiry_); |
582 | 599 |
583 fingerprint_ = CalculateFingerprint(cert_handle_); | 600 fingerprint_ = CalculateFingerprint(cert_handle_); |
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
714 | 731 |
715 if (!CheckCertPolicies(cert_handle_, ev_policy_tag)) | 732 if (!CheckCertPolicies(cert_handle_, ev_policy_tag)) |
716 return false; | 733 return false; |
717 | 734 |
718 return true; | 735 return true; |
719 } | 736 } |
720 | 737 |
721 // static | 738 // static |
722 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( | 739 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( |
723 const char* data, int length) { | 740 const char* data, int length) { |
| 741 if (length < 0) |
| 742 return NULL; |
| 743 |
724 base::EnsureNSSInit(); | 744 base::EnsureNSSInit(); |
725 | 745 |
726 if (!NSS_IsInitialized()) | 746 if (!NSS_IsInitialized()) |
727 return NULL; | 747 return NULL; |
728 | 748 |
729 // Make a copy of |data| since CERT_DecodeCertPackage might modify it. | 749 SECItem der_cert; |
730 char* data_copy = new char[length]; | 750 der_cert.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data)); |
731 memcpy(data_copy, data, length); | 751 der_cert.len = length; |
| 752 der_cert.type = siDERCertBuffer; |
732 | 753 |
733 // Parse into a certificate structure. | 754 // Parse into a certificate structure. |
734 CERTCertificate* cert = CERT_DecodeCertFromPackage(data_copy, length); | 755 return CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &der_cert, NULL, |
735 delete [] data_copy; | 756 PR_FALSE, PR_TRUE); |
736 if (!cert) | |
737 LOG(ERROR) << "Couldn't parse a certificate from " << length << " bytes"; | |
738 return cert; | |
739 } | 757 } |
740 | 758 |
741 // static | 759 // static |
| 760 X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes( |
| 761 const char* data, int length, Format format) { |
| 762 OSCertHandles results; |
| 763 if (length < 0) |
| 764 return results; |
| 765 |
| 766 base::EnsureNSSInit(); |
| 767 |
| 768 if (!NSS_IsInitialized()) |
| 769 return results; |
| 770 |
| 771 switch (format) { |
| 772 case FORMAT_SINGLE_CERTIFICATE: { |
| 773 OSCertHandle handle = CreateOSCertHandleFromBytes(data, length); |
| 774 if (handle) |
| 775 results.push_back(handle); |
| 776 break; |
| 777 } |
| 778 case FORMAT_PKCS7: { |
| 779 // Make a copy since CERT_DecodeCertPackage may modify it |
| 780 std::vector<char> data_copy(data, data + length); |
| 781 |
| 782 SECStatus result = CERT_DecodeCertPackage(&data_copy[0], |
| 783 length, CollectCertsCallback, &results); |
| 784 if (result != SECSuccess) |
| 785 results.clear(); |
| 786 break; |
| 787 } |
| 788 default: |
| 789 NOTREACHED() << "Certificate format " << format << " unimplemented"; |
| 790 break; |
| 791 } |
| 792 |
| 793 return results; |
| 794 } |
| 795 |
| 796 // static |
742 X509Certificate::OSCertHandle X509Certificate::DupOSCertHandle( | 797 X509Certificate::OSCertHandle X509Certificate::DupOSCertHandle( |
743 OSCertHandle cert_handle) { | 798 OSCertHandle cert_handle) { |
744 return CERT_DupCertificate(cert_handle); | 799 return CERT_DupCertificate(cert_handle); |
745 } | 800 } |
746 | 801 |
747 // static | 802 // static |
748 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { | 803 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { |
749 CERT_DestroyCertificate(cert_handle); | 804 CERT_DestroyCertificate(cert_handle); |
750 } | 805 } |
751 | 806 |
752 // static | 807 // static |
753 SHA1Fingerprint X509Certificate::CalculateFingerprint( | 808 SHA1Fingerprint X509Certificate::CalculateFingerprint( |
754 OSCertHandle cert) { | 809 OSCertHandle cert) { |
755 SHA1Fingerprint sha1; | 810 SHA1Fingerprint sha1; |
756 memset(sha1.data, 0, sizeof(sha1.data)); | 811 memset(sha1.data, 0, sizeof(sha1.data)); |
757 | 812 |
758 DCHECK(NULL != cert->derCert.data); | 813 DCHECK(NULL != cert->derCert.data); |
759 DCHECK(0 != cert->derCert.len); | 814 DCHECK(0 != cert->derCert.len); |
760 | 815 |
761 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data, | 816 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data, |
762 cert->derCert.data, cert->derCert.len); | 817 cert->derCert.data, cert->derCert.len); |
763 DCHECK(rv == SECSuccess); | 818 DCHECK(rv == SECSuccess); |
764 | 819 |
765 return sha1; | 820 return sha1; |
766 } | 821 } |
767 | 822 |
768 } // namespace net | 823 } // namespace net |
OLD | NEW |