| OLD | NEW |
|---|
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
| 6 | 6 |
| 7 #include "base/numerics/safe_conversions.h" | 7 #include "base/numerics/safe_conversions.h" |
| 8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
| 9 #include "crypto/openssl_util.h" | 9 #include "crypto/openssl_util.h" |
| 10 #include "net/base/ip_address.h" | 10 #include "net/base/ip_address.h" |
| 11 #include "net/cert/asn1_util.h" | 11 #include "net/cert/asn1_util.h" |
| 12 #include "net/cert/internal/cert_errors.h" | 12 #include "net/cert/internal/cert_errors.h" |
| 13 #include "net/cert/internal/name_constraints.h" | 13 #include "net/cert/internal/name_constraints.h" |
| 14 #include "net/cert/internal/parse_name.h" | 14 #include "net/cert/internal/parse_name.h" |
| 15 #include "net/cert/internal/parsed_certificate.h" | 15 #include "net/cert/internal/parsed_certificate.h" |
| 16 #include "net/cert/internal/signature_policy.h" | 16 #include "net/cert/internal/signature_policy.h" |
| 17 #include "net/cert/internal/verify_name_match.h" | 17 #include "net/cert/internal/verify_name_match.h" |
| 18 #include "net/cert/internal/verify_signed_data.h" | 18 #include "net/cert/internal/verify_signed_data.h" |
| 19 #include "net/cert/x509_util.h" | 19 #include "net/cert/x509_util.h" |
| 20 #include "net/cert/x509_util_openssl.h" | |
| 21 #include "net/der/parser.h" | 20 #include "net/der/parser.h" |
| 22 #include "third_party/boringssl/src/include/openssl/evp.h" | 21 #include "third_party/boringssl/src/include/openssl/evp.h" |
| 22 #include "third_party/boringssl/src/include/openssl/pkcs7.h" |
| 23 #include "third_party/boringssl/src/include/openssl/pool.h" | 23 #include "third_party/boringssl/src/include/openssl/pool.h" |
| 24 #include "third_party/boringssl/src/include/openssl/sha.h" | 24 #include "third_party/boringssl/src/include/openssl/sha.h" |
| 25 | 25 |
| 26 namespace net { | 26 namespace net { |
| 27 | 27 |
| 28 namespace { | 28 namespace { |
| 29 | 29 |
| 30 // Converts a GeneralizedTime struct to a base::Time, returning true on success | 30 // Converts a GeneralizedTime struct to a base::Time, returning true on success |
| 31 // or false if |generalized| was invalid or cannot be represented by | 31 // or false if |generalized| was invalid or cannot be represented by |
| 32 // base::Time. | 32 // base::Time. |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 134 // |handles|. | 134 // |handles|. |
| 135 void CreateOSCertHandlesFromPKCS7Bytes( | 135 void CreateOSCertHandlesFromPKCS7Bytes( |
| 136 const char* data, | 136 const char* data, |
| 137 size_t length, | 137 size_t length, |
| 138 X509Certificate::OSCertHandles* handles) { | 138 X509Certificate::OSCertHandles* handles) { |
| 139 crypto::EnsureOpenSSLInit(); | 139 crypto::EnsureOpenSSLInit(); |
| 140 crypto::OpenSSLErrStackTracer err_cleaner(FROM_HERE); | 140 crypto::OpenSSLErrStackTracer err_cleaner(FROM_HERE); |
| 141 | 141 |
| 142 CBS der_data; | 142 CBS der_data; |
| 143 CBS_init(&der_data, reinterpret_cast<const uint8_t*>(data), length); | 143 CBS_init(&der_data, reinterpret_cast<const uint8_t*>(data), length); |
| 144 STACK_OF(X509)* certs = sk_X509_new_null(); | 144 STACK_OF(CRYPTO_BUFFER)* certs = sk_CRYPTO_BUFFER_new_null(); |
| 145 | 145 |
| 146 if (PKCS7_get_certificates(certs, &der_data)) { | 146 if (PKCS7_get_raw_certificates(certs, &der_data, |
| 147 for (size_t i = 0; i < sk_X509_num(certs); ++i) { | 147 x509_util::GetBufferPool())) { |
| 148 base::StringPiece stringpiece; | 148 for (size_t i = 0; i < sk_CRYPTO_BUFFER_num(certs); ++i) { |
| 149 x509_util::GetDER(sk_X509_value(certs, i), &stringpiece); | 149 handles->push_back(sk_CRYPTO_BUFFER_value(certs, i)); |
| 150 handles->push_back(x509_util::CreateCryptoBuffer(stringpiece).release()); | |
| 151 } | 150 } |
| 152 } | 151 } |
| 153 sk_X509_pop_free(certs, X509_free); | 152 // |handles| took ownership of the individual buffers, so only free the list |
| 153 // itself. |
| 154 sk_CRYPTO_BUFFER_free(certs); |
| 154 } | 155 } |
| 155 | 156 |
| 156 } // namespace | 157 } // namespace |
| 157 | 158 |
| 158 bool X509Certificate::Initialize() { | 159 bool X509Certificate::Initialize() { |
| 159 der::Input tbs_certificate_tlv; | 160 der::Input tbs_certificate_tlv; |
| 160 der::Input signature_algorithm_tlv; | 161 der::Input signature_algorithm_tlv; |
| 161 der::BitString signature_value; | 162 der::BitString signature_value; |
| 162 | 163 |
| 163 if (!ParseCertificate(der::Input(CRYPTO_BUFFER_data(cert_handle_), | 164 if (!ParseCertificate(der::Input(CRYPTO_BUFFER_data(cert_handle_), |
| (...skipping 308 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 472 | 473 |
| 473 // static | 474 // static |
| 474 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, | 475 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, |
| 475 base::Pickle* pickle) { | 476 base::Pickle* pickle) { |
| 476 return pickle->WriteData( | 477 return pickle->WriteData( |
| 477 reinterpret_cast<const char*>(CRYPTO_BUFFER_data(cert_handle)), | 478 reinterpret_cast<const char*>(CRYPTO_BUFFER_data(cert_handle)), |
| 478 CRYPTO_BUFFER_len(cert_handle)); | 479 CRYPTO_BUFFER_len(cert_handle)); |
| 479 } | 480 } |
| 480 | 481 |
| 481 } // namespace net | 482 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2831743002:
Use PKCS7_get_raw_certificates in x509_certificate_bytes.cc. (Closed)
