OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
6 | 6 |
7 #include "base/numerics/safe_conversions.h" | 7 #include "base/numerics/safe_conversions.h" |
8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
9 #include "crypto/openssl_util.h" | 9 #include "crypto/openssl_util.h" |
10 #include "net/base/ip_address.h" | 10 #include "net/base/ip_address.h" |
(...skipping 24 matching lines...) Expand all Loading... |
35 base::Time::Exploded exploded = {0}; | 35 base::Time::Exploded exploded = {0}; |
36 exploded.year = generalized.year; | 36 exploded.year = generalized.year; |
37 exploded.month = generalized.month; | 37 exploded.month = generalized.month; |
38 exploded.day_of_month = generalized.day; | 38 exploded.day_of_month = generalized.day; |
39 exploded.hour = generalized.hours; | 39 exploded.hour = generalized.hours; |
40 exploded.minute = generalized.minutes; | 40 exploded.minute = generalized.minutes; |
41 exploded.second = generalized.seconds; | 41 exploded.second = generalized.seconds; |
42 return base::Time::FromUTCExploded(exploded, result); | 42 return base::Time::FromUTCExploded(exploded, result); |
43 } | 43 } |
44 | 44 |
| 45 ParseCertificateOptions DefaultParseCertificateOptions() { |
| 46 ParseCertificateOptions options; |
| 47 options.allow_invalid_serial_numbers = true; |
| 48 return options; |
| 49 } |
| 50 |
45 // Sets |value| to the Value from a DER Sequence Tag-Length-Value and return | 51 // Sets |value| to the Value from a DER Sequence Tag-Length-Value and return |
46 // true, or return false if the TLV was not a valid DER Sequence. | 52 // true, or return false if the TLV was not a valid DER Sequence. |
47 WARN_UNUSED_RESULT bool GetSequenceValue(const der::Input& tlv, | 53 WARN_UNUSED_RESULT bool GetSequenceValue(const der::Input& tlv, |
48 der::Input* value) { | 54 der::Input* value) { |
49 der::Parser parser(tlv); | 55 der::Parser parser(tlv); |
50 return parser.ReadTag(der::kSequence, value) && !parser.HasMore(); | 56 return parser.ReadTag(der::kSequence, value) && !parser.HasMore(); |
51 } | 57 } |
52 | 58 |
53 // Normalize |cert|'s Issuer and store it in |out_normalized_issuer|, returning | 59 // Normalize |cert|'s Issuer and store it in |out_normalized_issuer|, returning |
54 // true on success or false if there was a parsing error. | 60 // true on success or false if there was a parsing error. |
55 bool GetNormalizedCertIssuer(CRYPTO_BUFFER* cert, | 61 bool GetNormalizedCertIssuer(CRYPTO_BUFFER* cert, |
56 std::string* out_normalized_issuer) { | 62 std::string* out_normalized_issuer) { |
57 der::Input tbs_certificate_tlv; | 63 der::Input tbs_certificate_tlv; |
58 der::Input signature_algorithm_tlv; | 64 der::Input signature_algorithm_tlv; |
59 der::BitString signature_value; | 65 der::BitString signature_value; |
60 if (!ParseCertificate( | 66 if (!ParseCertificate( |
61 der::Input(CRYPTO_BUFFER_data(cert), CRYPTO_BUFFER_len(cert)), | 67 der::Input(CRYPTO_BUFFER_data(cert), CRYPTO_BUFFER_len(cert)), |
62 &tbs_certificate_tlv, &signature_algorithm_tlv, &signature_value, | 68 &tbs_certificate_tlv, &signature_algorithm_tlv, &signature_value, |
63 nullptr)) { | 69 nullptr)) { |
64 return false; | 70 return false; |
65 } | 71 } |
66 ParsedTbsCertificate tbs; | 72 ParsedTbsCertificate tbs; |
67 if (!ParseTbsCertificate(tbs_certificate_tlv, {}, &tbs, nullptr)) | 73 if (!ParseTbsCertificate(tbs_certificate_tlv, |
| 74 DefaultParseCertificateOptions(), &tbs, nullptr)) |
68 return false; | 75 return false; |
69 | 76 |
70 der::Input issuer_value; | 77 der::Input issuer_value; |
71 if (!GetSequenceValue(tbs.issuer_tlv, &issuer_value)) | 78 if (!GetSequenceValue(tbs.issuer_tlv, &issuer_value)) |
72 return false; | 79 return false; |
73 | 80 |
74 return NormalizeName(issuer_value, out_normalized_issuer); | 81 return NormalizeName(issuer_value, out_normalized_issuer); |
75 } | 82 } |
76 | 83 |
77 // Fills |principal| from the DER encoded |name_tlv|, returning true on success | 84 // Fills |principal| from the DER encoded |name_tlv|, returning true on success |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
162 der::BitString signature_value; | 169 der::BitString signature_value; |
163 | 170 |
164 if (!ParseCertificate(der::Input(CRYPTO_BUFFER_data(cert_handle_), | 171 if (!ParseCertificate(der::Input(CRYPTO_BUFFER_data(cert_handle_), |
165 CRYPTO_BUFFER_len(cert_handle_)), | 172 CRYPTO_BUFFER_len(cert_handle_)), |
166 &tbs_certificate_tlv, &signature_algorithm_tlv, | 173 &tbs_certificate_tlv, &signature_algorithm_tlv, |
167 &signature_value, nullptr)) { | 174 &signature_value, nullptr)) { |
168 return false; | 175 return false; |
169 } | 176 } |
170 | 177 |
171 ParsedTbsCertificate tbs; | 178 ParsedTbsCertificate tbs; |
172 if (!ParseTbsCertificate(tbs_certificate_tlv, {}, &tbs, nullptr)) | 179 if (!ParseTbsCertificate(tbs_certificate_tlv, |
| 180 DefaultParseCertificateOptions(), &tbs, nullptr)) |
173 return false; | 181 return false; |
174 | 182 |
175 if (!ParsePrincipal(tbs.subject_tlv, &subject_) || | 183 if (!ParsePrincipal(tbs.subject_tlv, &subject_) || |
176 !ParsePrincipal(tbs.issuer_tlv, &issuer_)) { | 184 !ParsePrincipal(tbs.issuer_tlv, &issuer_)) { |
177 return false; | 185 return false; |
178 } | 186 } |
179 | 187 |
180 if (!GeneralizedTimeToBaseTime(tbs.validity_not_before, &valid_start_) || | 188 if (!GeneralizedTimeToBaseTime(tbs.validity_not_before, &valid_start_) || |
181 !GeneralizedTimeToBaseTime(tbs.validity_not_after, &valid_expiry_)) { | 189 !GeneralizedTimeToBaseTime(tbs.validity_not_after, &valid_expiry_)) { |
182 return false; | 190 return false; |
(...skipping 14 matching lines...) Expand all Loading... |
197 der::Input signature_algorithm_tlv; | 205 der::Input signature_algorithm_tlv; |
198 der::BitString signature_value; | 206 der::BitString signature_value; |
199 if (!ParseCertificate(der::Input(CRYPTO_BUFFER_data(cert_handle_), | 207 if (!ParseCertificate(der::Input(CRYPTO_BUFFER_data(cert_handle_), |
200 CRYPTO_BUFFER_len(cert_handle_)), | 208 CRYPTO_BUFFER_len(cert_handle_)), |
201 &tbs_certificate_tlv, &signature_algorithm_tlv, | 209 &tbs_certificate_tlv, &signature_algorithm_tlv, |
202 &signature_value, nullptr)) { | 210 &signature_value, nullptr)) { |
203 return false; | 211 return false; |
204 } | 212 } |
205 | 213 |
206 ParsedTbsCertificate tbs; | 214 ParsedTbsCertificate tbs; |
207 if (!ParseTbsCertificate(tbs_certificate_tlv, {}, &tbs, nullptr)) | 215 if (!ParseTbsCertificate(tbs_certificate_tlv, |
| 216 DefaultParseCertificateOptions(), &tbs, nullptr)) |
208 return false; | 217 return false; |
209 if (!tbs.has_extensions) | 218 if (!tbs.has_extensions) |
210 return false; | 219 return false; |
211 | 220 |
212 std::map<der::Input, ParsedExtension> extensions; | 221 std::map<der::Input, ParsedExtension> extensions; |
213 if (!ParseExtensions(tbs.extensions_tlv, &extensions)) | 222 if (!ParseExtensions(tbs.extensions_tlv, &extensions)) |
214 return false; | 223 return false; |
215 | 224 |
216 ParsedExtension subject_alt_names_extension; | 225 ParsedExtension subject_alt_names_extension; |
217 if (!ConsumeExtension(SubjectAltNameOid(), &extensions, | 226 if (!ConsumeExtension(SubjectAltNameOid(), &extensions, |
(...skipping 203 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
421 der::Input tbs_certificate_tlv; | 430 der::Input tbs_certificate_tlv; |
422 der::Input signature_algorithm_tlv; | 431 der::Input signature_algorithm_tlv; |
423 der::BitString signature_value; | 432 der::BitString signature_value; |
424 if (!ParseCertificate(der::Input(CRYPTO_BUFFER_data(cert_handle), | 433 if (!ParseCertificate(der::Input(CRYPTO_BUFFER_data(cert_handle), |
425 CRYPTO_BUFFER_len(cert_handle)), | 434 CRYPTO_BUFFER_len(cert_handle)), |
426 &tbs_certificate_tlv, &signature_algorithm_tlv, | 435 &tbs_certificate_tlv, &signature_algorithm_tlv, |
427 &signature_value, nullptr)) { | 436 &signature_value, nullptr)) { |
428 return false; | 437 return false; |
429 } | 438 } |
430 ParsedTbsCertificate tbs; | 439 ParsedTbsCertificate tbs; |
431 if (!ParseTbsCertificate(tbs_certificate_tlv, {}, &tbs, nullptr)) { | 440 if (!ParseTbsCertificate(tbs_certificate_tlv, |
| 441 DefaultParseCertificateOptions(), &tbs, nullptr)) { |
432 return false; | 442 return false; |
433 } | 443 } |
434 | 444 |
435 der::Input subject_value; | 445 der::Input subject_value; |
436 std::string normalized_subject; | 446 std::string normalized_subject; |
437 if (!GetSequenceValue(tbs.subject_tlv, &subject_value) || | 447 if (!GetSequenceValue(tbs.subject_tlv, &subject_value) || |
438 !NormalizeName(subject_value, &normalized_subject)) { | 448 !NormalizeName(subject_value, &normalized_subject)) { |
439 return false; | 449 return false; |
440 } | 450 } |
441 der::Input issuer_value; | 451 der::Input issuer_value; |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
473 | 483 |
474 // static | 484 // static |
475 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, | 485 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, |
476 base::Pickle* pickle) { | 486 base::Pickle* pickle) { |
477 return pickle->WriteData( | 487 return pickle->WriteData( |
478 reinterpret_cast<const char*>(CRYPTO_BUFFER_data(cert_handle)), | 488 reinterpret_cast<const char*>(CRYPTO_BUFFER_data(cert_handle)), |
479 CRYPTO_BUFFER_len(cert_handle)); | 489 CRYPTO_BUFFER_len(cert_handle)); |
480 } | 490 } |
481 | 491 |
482 } // namespace net | 492 } // namespace net |
OLD | NEW |