OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
8 #include <CoreServices/CoreServices.h> | 8 #include <CoreServices/CoreServices.h> |
9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
10 #include <time.h> | 10 #include <time.h> |
(...skipping 724 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
735 SecCertificateRef certificate_ref = NULL; | 735 SecCertificateRef certificate_ref = NULL; |
736 OSStatus os_status = | 736 OSStatus os_status = |
737 SecCertificateCreateFromData(&encCert->CertBlob, encCert->CertType, | 737 SecCertificateCreateFromData(&encCert->CertBlob, encCert->CertType, |
738 encCert->CertEncoding, &certificate_ref); | 738 encCert->CertEncoding, &certificate_ref); |
739 if (os_status != 0) { | 739 if (os_status != 0) { |
740 DLOG(ERROR) << "SecCertificateCreateFromData failed: " << os_status; | 740 DLOG(ERROR) << "SecCertificateCreateFromData failed: " << os_status; |
741 return NULL; | 741 return NULL; |
742 } | 742 } |
743 scoped_cert.reset(certificate_ref); | 743 scoped_cert.reset(certificate_ref); |
744 | 744 |
745 return CreateFromHandle( | 745 return CreateFromHandle(scoped_cert, X509Certificate::OSCertHandles()); |
746 scoped_cert, X509Certificate::SOURCE_LONE_CERT_IMPORT, | |
747 X509Certificate::OSCertHandles()); | |
748 } | 746 } |
749 | 747 |
750 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { | 748 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { |
751 dns_names->clear(); | 749 dns_names->clear(); |
752 | 750 |
753 GetCertGeneralNamesForOID(cert_handle_, CSSMOID_SubjectAltName, GNT_DNSName, | 751 GetCertGeneralNamesForOID(cert_handle_, CSSMOID_SubjectAltName, GNT_DNSName, |
754 dns_names); | 752 dns_names); |
755 | 753 |
756 if (dns_names->empty()) | 754 if (dns_names->empty()) |
757 dns_names->push_back(subject_.common_name); | 755 dns_names->push_back(subject_.common_name); |
(...skipping 383 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1141 if (result) | 1139 if (result) |
1142 return false; | 1140 return false; |
1143 ScopedCFTypeRef<CFArrayRef> scoped_cert_chain(cert_chain); | 1141 ScopedCFTypeRef<CFArrayRef> scoped_cert_chain(cert_chain); |
1144 | 1142 |
1145 // Check all the certs in the chain for a match. | 1143 // Check all the certs in the chain for a match. |
1146 int n = CFArrayGetCount(cert_chain); | 1144 int n = CFArrayGetCount(cert_chain); |
1147 for (int i = 0; i < n; ++i) { | 1145 for (int i = 0; i < n; ++i) { |
1148 SecCertificateRef cert_handle = reinterpret_cast<SecCertificateRef>( | 1146 SecCertificateRef cert_handle = reinterpret_cast<SecCertificateRef>( |
1149 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i))); | 1147 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i))); |
1150 scoped_refptr<X509Certificate> cert(X509Certificate::CreateFromHandle( | 1148 scoped_refptr<X509Certificate> cert(X509Certificate::CreateFromHandle( |
1151 cert_handle, | 1149 cert_handle, X509Certificate::OSCertHandles())); |
1152 X509Certificate::SOURCE_LONE_CERT_IMPORT, | |
1153 X509Certificate::OSCertHandles())); | |
1154 for (unsigned j = 0; j < valid_issuers.size(); j++) { | 1150 for (unsigned j = 0; j < valid_issuers.size(); j++) { |
1155 if (cert->issuer().Matches(valid_issuers[j])) | 1151 if (cert->issuer().Matches(valid_issuers[j])) |
1156 return true; | 1152 return true; |
1157 } | 1153 } |
1158 } | 1154 } |
1159 return false; | 1155 return false; |
1160 } | 1156 } |
1161 | 1157 |
1162 // static | 1158 // static |
1163 OSStatus X509Certificate::CreateSSLClientPolicy(SecPolicyRef* policy) { | 1159 OSStatus X509Certificate::CreateSSLClientPolicy(SecPolicyRef* policy) { |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1283 break; | 1279 break; |
1284 ScopedCFTypeRef<SecIdentityRef> scoped_identity(identity); | 1280 ScopedCFTypeRef<SecIdentityRef> scoped_identity(identity); |
1285 | 1281 |
1286 SecCertificateRef cert_handle; | 1282 SecCertificateRef cert_handle; |
1287 err = SecIdentityCopyCertificate(identity, &cert_handle); | 1283 err = SecIdentityCopyCertificate(identity, &cert_handle); |
1288 if (err != noErr) | 1284 if (err != noErr) |
1289 continue; | 1285 continue; |
1290 ScopedCFTypeRef<SecCertificateRef> scoped_cert_handle(cert_handle); | 1286 ScopedCFTypeRef<SecCertificateRef> scoped_cert_handle(cert_handle); |
1291 | 1287 |
1292 scoped_refptr<X509Certificate> cert( | 1288 scoped_refptr<X509Certificate> cert( |
1293 CreateFromHandle(cert_handle, SOURCE_LONE_CERT_IMPORT, | 1289 CreateFromHandle(cert_handle, OSCertHandles())); |
1294 OSCertHandles())); | |
1295 if (cert->HasExpired() || !cert->SupportsSSLClientAuth()) | 1290 if (cert->HasExpired() || !cert->SupportsSSLClientAuth()) |
1296 continue; | 1291 continue; |
1297 | 1292 |
1298 // Skip duplicates (a cert may be in multiple keychains). | 1293 // Skip duplicates (a cert may be in multiple keychains). |
1299 const SHA1Fingerprint& fingerprint = cert->fingerprint(); | 1294 const SHA1Fingerprint& fingerprint = cert->fingerprint(); |
1300 unsigned i; | 1295 unsigned i; |
1301 for (i = 0; i < certs->size(); ++i) { | 1296 for (i = 0; i < certs->size(); ++i) { |
1302 if ((*certs)[i]->fingerprint().Equals(fingerprint)) | 1297 if ((*certs)[i]->fingerprint().Equals(fingerprint)) |
1303 break; | 1298 break; |
1304 } | 1299 } |
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1383 CSSM_DATA cert_data; | 1378 CSSM_DATA cert_data; |
1384 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); | 1379 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); |
1385 if (status) | 1380 if (status) |
1386 return false; | 1381 return false; |
1387 | 1382 |
1388 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), | 1383 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), |
1389 cert_data.Length); | 1384 cert_data.Length); |
1390 } | 1385 } |
1391 | 1386 |
1392 } // namespace net | 1387 } // namespace net |
OLD | NEW |