| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <nss.h> | 8 #include <nss.h> |
| 9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
| 10 #include <prerror.h> | 10 #include <prerror.h> |
| 11 #include <prtime.h> | 11 #include <prtime.h> |
| 12 #include <secder.h> | 12 #include <secder.h> |
| 13 #include <secerr.h> | 13 #include <secerr.h> |
| 14 #include <sechash.h> | 14 #include <sechash.h> |
| 15 #include <sslerr.h> | 15 #include <sslerr.h> |
| 16 | 16 |
| 17 #include "base/logging.h" | 17 #include "base/logging.h" |
| 18 #include "base/pickle.h" | 18 #include "base/pickle.h" |
| 19 #include "base/scoped_ptr.h" |
| 19 #include "base/time.h" | 20 #include "base/time.h" |
| 20 #include "base/nss_util.h" | 21 #include "base/nss_util.h" |
| 21 #include "net/base/cert_status_flags.h" | 22 #include "net/base/cert_status_flags.h" |
| 22 #include "net/base/cert_verify_result.h" | 23 #include "net/base/cert_verify_result.h" |
| 23 #include "net/base/ev_root_ca_metadata.h" | 24 #include "net/base/ev_root_ca_metadata.h" |
| 24 #include "net/base/net_errors.h" | 25 #include "net/base/net_errors.h" |
| 25 | 26 |
| 26 namespace net { | 27 namespace net { |
| 27 | 28 |
| 28 namespace { | 29 namespace { |
| (...skipping 535 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 564 SECOidTag oid_tag = policy_info->oid; | 565 SECOidTag oid_tag = policy_info->oid; |
| 565 if (oid_tag == SEC_OID_UNKNOWN) | 566 if (oid_tag == SEC_OID_UNKNOWN) |
| 566 continue; | 567 continue; |
| 567 if (oid_tag == ev_policy_tag) | 568 if (oid_tag == ev_policy_tag) |
| 568 return true; | 569 return true; |
| 569 } | 570 } |
| 570 LOG(ERROR) << "No EV Policy Tag"; | 571 LOG(ERROR) << "No EV Policy Tag"; |
| 571 return false; | 572 return false; |
| 572 } | 573 } |
| 573 | 574 |
| 575 SECStatus PR_CALLBACK |
| 576 CollectCertsCallback(void* arg, SECItem** certs, int num_certs) { |
| 577 X509Certificate::OSCertHandles* results = |
| 578 reinterpret_cast<X509Certificate::OSCertHandles*>(arg); |
| 579 |
| 580 for (int i = 0; i < num_certs; ++i) { |
| 581 X509Certificate::OSCertHandle handle = |
| 582 X509Certificate::CreateOSCertHandleFromBytes( |
| 583 reinterpret_cast<char*>(certs[i]->data), certs[i]->len); |
| 584 if (handle) |
| 585 results->push_back(handle); |
| 586 } |
| 587 |
| 588 return SECSuccess; |
| 589 } |
| 590 |
| 574 } // namespace | 591 } // namespace |
| 575 | 592 |
| 576 void X509Certificate::Initialize() { | 593 void X509Certificate::Initialize() { |
| 577 ParsePrincipal(&cert_handle_->subject, &subject_); | 594 ParsePrincipal(&cert_handle_->subject, &subject_); |
| 578 ParsePrincipal(&cert_handle_->issuer, &issuer_); | 595 ParsePrincipal(&cert_handle_->issuer, &issuer_); |
| 579 | 596 |
| 580 ParseDate(&cert_handle_->validity.notBefore, &valid_start_); | 597 ParseDate(&cert_handle_->validity.notBefore, &valid_start_); |
| 581 ParseDate(&cert_handle_->validity.notAfter, &valid_expiry_); | 598 ParseDate(&cert_handle_->validity.notAfter, &valid_expiry_); |
| 582 | 599 |
| 583 fingerprint_ = CalculateFingerprint(cert_handle_); | 600 fingerprint_ = CalculateFingerprint(cert_handle_); |
| (...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 714 | 731 |
| 715 if (!CheckCertPolicies(cert_handle_, ev_policy_tag)) | 732 if (!CheckCertPolicies(cert_handle_, ev_policy_tag)) |
| 716 return false; | 733 return false; |
| 717 | 734 |
| 718 return true; | 735 return true; |
| 719 } | 736 } |
| 720 | 737 |
| 721 // static | 738 // static |
| 722 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( | 739 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( |
| 723 const char* data, int length) { | 740 const char* data, int length) { |
| 741 if (length < 0) |
| 742 return NULL; |
| 743 |
| 724 base::EnsureNSSInit(); | 744 base::EnsureNSSInit(); |
| 725 | 745 |
| 726 if (!NSS_IsInitialized()) | 746 if (!NSS_IsInitialized()) |
| 727 return NULL; | 747 return NULL; |
| 728 | 748 |
| 729 // Make a copy of |data| since CERT_DecodeCertPackage might modify it. | 749 SECItem der_cert; |
| 730 char* data_copy = new char[length]; | 750 der_cert.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data)); |
| 731 memcpy(data_copy, data, length); | 751 der_cert.len = length; |
| 752 der_cert.type = siDERCertBuffer; |
| 732 | 753 |
| 733 // Parse into a certificate structure. | 754 // Parse into a certificate structure. |
| 734 CERTCertificate* cert = CERT_DecodeCertFromPackage(data_copy, length); | 755 return CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &der_cert, NULL, |
| 735 delete [] data_copy; | 756 PR_FALSE, PR_TRUE); |
| 736 if (!cert) | |
| 737 LOG(ERROR) << "Couldn't parse a certificate from " << length << " bytes"; | |
| 738 return cert; | |
| 739 } | 757 } |
| 740 | 758 |
| 741 // static | 759 // static |
| 760 X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes( |
| 761 const char* data, int length, Format format) { |
| 762 OSCertHandles results; |
| 763 if (length < 0) |
| 764 return results; |
| 765 |
| 766 base::EnsureNSSInit(); |
| 767 |
| 768 if (!NSS_IsInitialized()) |
| 769 return results; |
| 770 |
| 771 switch (format) { |
| 772 case FORMAT_SINGLE_CERTIFICATE: { |
| 773 OSCertHandle handle = CreateOSCertHandleFromBytes(data, length); |
| 774 if (handle) |
| 775 results.push_back(handle); |
| 776 break; |
| 777 } |
| 778 case FORMAT_PKCS7: { |
| 779 // Make a copy since CERT_DecodeCertPackage may modify it |
| 780 std::vector<char> data_copy(data, data + length); |
| 781 |
| 782 SECStatus result = CERT_DecodeCertPackage(&data_copy[0], |
| 783 length, CollectCertsCallback, &results); |
| 784 if (result != SECSuccess) |
| 785 results.clear(); |
| 786 break; |
| 787 } |
| 788 default: |
| 789 NOTREACHED() << "Certificate format " << format << " unimplemented"; |
| 790 break; |
| 791 } |
| 792 |
| 793 return results; |
| 794 } |
| 795 |
| 796 // static |
| 742 X509Certificate::OSCertHandle X509Certificate::DupOSCertHandle( | 797 X509Certificate::OSCertHandle X509Certificate::DupOSCertHandle( |
| 743 OSCertHandle cert_handle) { | 798 OSCertHandle cert_handle) { |
| 744 return CERT_DupCertificate(cert_handle); | 799 return CERT_DupCertificate(cert_handle); |
| 745 } | 800 } |
| 746 | 801 |
| 747 // static | 802 // static |
| 748 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { | 803 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { |
| 749 CERT_DestroyCertificate(cert_handle); | 804 CERT_DestroyCertificate(cert_handle); |
| 750 } | 805 } |
| 751 | 806 |
| 752 // static | 807 // static |
| 753 SHA1Fingerprint X509Certificate::CalculateFingerprint( | 808 SHA1Fingerprint X509Certificate::CalculateFingerprint( |
| 754 OSCertHandle cert) { | 809 OSCertHandle cert) { |
| 755 SHA1Fingerprint sha1; | 810 SHA1Fingerprint sha1; |
| 756 memset(sha1.data, 0, sizeof(sha1.data)); | 811 memset(sha1.data, 0, sizeof(sha1.data)); |
| 757 | 812 |
| 758 DCHECK(NULL != cert->derCert.data); | 813 DCHECK(NULL != cert->derCert.data); |
| 759 DCHECK(0 != cert->derCert.len); | 814 DCHECK(0 != cert->derCert.len); |
| 760 | 815 |
| 761 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data, | 816 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data, |
| 762 cert->derCert.data, cert->derCert.len); | 817 cert->derCert.data, cert->derCert.len); |
| 763 DCHECK(rv == SECSuccess); | 818 DCHECK(rv == SECSuccess); |
| 764 | 819 |
| 765 return sha1; | 820 return sha1; |
| 766 } | 821 } |
| 767 | 822 |
| 768 } // namespace net | 823 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2819018:
Add support for parsing certificate formats other than raw, DER-encoded cert... (Closed)
Base URL: http://src.chromium.org/svn/trunk/src/