| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/x509_util.h" | 5 #include "net/cert/x509_util.h" |
| 6 #include "net/cert/x509_util_nss.h" | 6 #include "net/cert/x509_util_nss.h" |
| 7 | 7 |
| 8 #include <cert.h> // Must be included before certdb.h | 8 #include <cert.h> // Must be included before certdb.h |
| 9 #include <certdb.h> | 9 #include <certdb.h> |
| 10 #include <cryptohi.h> | 10 #include <cryptohi.h> |
| (...skipping 15 matching lines...) Expand all Loading... |
| 26 #include "crypto/nss_util_internal.h" | 26 #include "crypto/nss_util_internal.h" |
| 27 #include "crypto/rsa_private_key.h" | 27 #include "crypto/rsa_private_key.h" |
| 28 #include "crypto/scoped_nss_types.h" | 28 #include "crypto/scoped_nss_types.h" |
| 29 #include "crypto/third_party/nss/chromium-nss.h" | 29 #include "crypto/third_party/nss/chromium-nss.h" |
| 30 #include "net/cert/x509_certificate.h" | 30 #include "net/cert/x509_certificate.h" |
| 31 | 31 |
| 32 namespace net { | 32 namespace net { |
| 33 | 33 |
| 34 namespace { | 34 namespace { |
| 35 | 35 |
| 36 class DomainBoundCertOIDWrapper { | 36 class ChannelIDOIDWrapper { |
| 37 public: | 37 public: |
| 38 static DomainBoundCertOIDWrapper* GetInstance() { | 38 static ChannelIDOIDWrapper* GetInstance() { |
| 39 // Instantiated as a leaky singleton to allow the singleton to be | 39 // Instantiated as a leaky singleton to allow the singleton to be |
| 40 // constructed on a worker thead that is not joined when a process | 40 // constructed on a worker thead that is not joined when a process |
| 41 // shuts down. | 41 // shuts down. |
| 42 return Singleton<DomainBoundCertOIDWrapper, | 42 return Singleton<ChannelIDOIDWrapper, |
| 43 LeakySingletonTraits<DomainBoundCertOIDWrapper> >::get(); | 43 LeakySingletonTraits<ChannelIDOIDWrapper> >::get(); |
| 44 } | 44 } |
| 45 | 45 |
| 46 SECOidTag domain_bound_cert_oid_tag() const { | 46 SECOidTag domain_bound_cert_oid_tag() const { |
| 47 return domain_bound_cert_oid_tag_; | 47 return domain_bound_cert_oid_tag_; |
| 48 } | 48 } |
| 49 | 49 |
| 50 private: | 50 private: |
| 51 friend struct DefaultSingletonTraits<DomainBoundCertOIDWrapper>; | 51 friend struct DefaultSingletonTraits<ChannelIDOIDWrapper>; |
| 52 | 52 |
| 53 DomainBoundCertOIDWrapper(); | 53 ChannelIDOIDWrapper(); |
| 54 | 54 |
| 55 SECOidTag domain_bound_cert_oid_tag_; | 55 SECOidTag domain_bound_cert_oid_tag_; |
| 56 | 56 |
| 57 DISALLOW_COPY_AND_ASSIGN(DomainBoundCertOIDWrapper); | 57 DISALLOW_COPY_AND_ASSIGN(ChannelIDOIDWrapper); |
| 58 }; | 58 }; |
| 59 | 59 |
| 60 DomainBoundCertOIDWrapper::DomainBoundCertOIDWrapper() | 60 ChannelIDOIDWrapper::ChannelIDOIDWrapper() |
| 61 : domain_bound_cert_oid_tag_(SEC_OID_UNKNOWN) { | 61 : domain_bound_cert_oid_tag_(SEC_OID_UNKNOWN) { |
| 62 // 1.3.6.1.4.1.11129.2.1.6 | 62 // 1.3.6.1.4.1.11129.2.1.6 |
| 63 // (iso.org.dod.internet.private.enterprises.google.googleSecurity. | 63 // (iso.org.dod.internet.private.enterprises.google.googleSecurity. |
| 64 // certificateExtensions.originBoundCertificate) | 64 // certificateExtensions.originBoundCertificate) |
| 65 static const uint8 kObCertOID[] = { | 65 static const uint8 kObCertOID[] = { |
| 66 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x01, 0x06 | 66 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x01, 0x06 |
| 67 }; | 67 }; |
| 68 SECOidData oid_data; | 68 SECOidData oid_data; |
| 69 memset(&oid_data, 0, sizeof(oid_data)); | 69 memset(&oid_data, 0, sizeof(oid_data)); |
| 70 oid_data.oid.data = const_cast<uint8*>(kObCertOID); | 70 oid_data.oid.data = const_cast<uint8*>(kObCertOID); |
| (...skipping 213 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 284 crypto::BaseTimeToPRTime(not_valid_before), | 284 crypto::BaseTimeToPRTime(not_valid_before), |
| 285 crypto::BaseTimeToPRTime(not_valid_after)); | 285 crypto::BaseTimeToPRTime(not_valid_after)); |
| 286 | 286 |
| 287 if (!validity) | 287 if (!validity) |
| 288 return false; | 288 return false; |
| 289 | 289 |
| 290 CERT_DestroyValidity(validity); | 290 CERT_DestroyValidity(validity); |
| 291 return true; | 291 return true; |
| 292 } | 292 } |
| 293 | 293 |
| 294 bool CreateDomainBoundCertEC(crypto::ECPrivateKey* key, | 294 bool CreateChannelIDEC(crypto::ECPrivateKey* key, |
| 295 DigestAlgorithm alg, | 295 DigestAlgorithm alg, |
| 296 const std::string& domain, | 296 const std::string& domain, |
| 297 uint32 serial_number, | 297 uint32 serial_number, |
| 298 base::Time not_valid_before, | 298 base::Time not_valid_before, |
| 299 base::Time not_valid_after, | 299 base::Time not_valid_after, |
| 300 std::string* der_cert) { | 300 std::string* der_cert) { |
| 301 DCHECK(key); | 301 DCHECK(key); |
| 302 | 302 |
| 303 CERTCertificate* cert = CreateCertificate(key->public_key(), | 303 CERTCertificate* cert = CreateCertificate(key->public_key(), |
| 304 "CN=anonymous.invalid", | 304 "CN=anonymous.invalid", |
| 305 serial_number, | 305 serial_number, |
| 306 not_valid_before, | 306 not_valid_before, |
| 307 not_valid_after); | 307 not_valid_after); |
| 308 | 308 |
| 309 if (!cert) | 309 if (!cert) |
| 310 return false; | 310 return false; |
| (...skipping 20 matching lines...) Expand all Loading... |
| 331 if (asn1_domain_string == NULL) { | 331 if (asn1_domain_string == NULL) { |
| 332 LOG(ERROR) << "Unable to get ASN1 encoding for domain in domain_bound_cert" | 332 LOG(ERROR) << "Unable to get ASN1 encoding for domain in domain_bound_cert" |
| 333 " extension"; | 333 " extension"; |
| 334 CERT_DestroyCertificate(cert); | 334 CERT_DestroyCertificate(cert); |
| 335 return false; | 335 return false; |
| 336 } | 336 } |
| 337 | 337 |
| 338 // Add the extension to the opaque handle | 338 // Add the extension to the opaque handle |
| 339 if (CERT_AddExtension( | 339 if (CERT_AddExtension( |
| 340 cert_handle, | 340 cert_handle, |
| 341 DomainBoundCertOIDWrapper::GetInstance()->domain_bound_cert_oid_tag(), | 341 ChannelIDOIDWrapper::GetInstance()->domain_bound_cert_oid_tag(), |
| 342 asn1_domain_string, | 342 asn1_domain_string, |
| 343 PR_TRUE, | 343 PR_TRUE, |
| 344 PR_TRUE) != SECSuccess){ | 344 PR_TRUE) != SECSuccess){ |
| 345 LOG(ERROR) << "Unable to add domain bound cert extension to opaque handle"; | 345 LOG(ERROR) << "Unable to add domain bound cert extension to opaque handle"; |
| 346 CERT_DestroyCertificate(cert); | 346 CERT_DestroyCertificate(cert); |
| 347 return false; | 347 return false; |
| 348 } | 348 } |
| 349 | 349 |
| 350 // Copy extension into x509 cert | 350 // Copy extension into x509 cert |
| 351 if (CERT_FinishExtensions(cert_handle) != SECSuccess){ | 351 if (CERT_FinishExtensions(cert_handle) != SECSuccess){ |
| (...skipping 277 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 629 } | 629 } |
| 630 | 630 |
| 631 return new_name; | 631 return new_name; |
| 632 } | 632 } |
| 633 | 633 |
| 634 #endif // defined(USE_NSS) || defined(OS_IOS) | 634 #endif // defined(USE_NSS) || defined(OS_IOS) |
| 635 | 635 |
| 636 } // namespace x509_util | 636 } // namespace x509_util |
| 637 | 637 |
| 638 } // namespace net | 638 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 356713005:
Rename ServerBoundCert => ChannelID to reflect the current name (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src