OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
6 | 6 |
7 #include <openssl/asn1.h> | 7 #include <openssl/asn1.h> |
8 #include <openssl/crypto.h> | 8 #include <openssl/crypto.h> |
9 #include <openssl/obj_mac.h> | 9 #include <openssl/obj_mac.h> |
10 #include <openssl/pem.h> | 10 #include <openssl/pem.h> |
11 #include <openssl/pkcs7.h> | 11 #include <openssl/pkcs7.h> |
12 #include <openssl/sha.h> | 12 #include <openssl/sha.h> |
13 #include <openssl/ssl.h> | 13 #include <openssl/ssl.h> |
14 #include <openssl/x509v3.h> | 14 #include <openssl/x509v3.h> |
15 | 15 |
16 #include "base/memory/singleton.h" | 16 #include "base/memory/singleton.h" |
17 #include "base/pickle.h" | 17 #include "base/pickle.h" |
18 #include "base/sha1.h" | 18 #include "base/sha1.h" |
19 #include "base/strings/string_number_conversions.h" | 19 #include "base/strings/string_number_conversions.h" |
20 #include "base/strings/string_util.h" | 20 #include "base/strings/string_util.h" |
21 #include "crypto/openssl_util.h" | 21 #include "crypto/openssl_util.h" |
| 22 #include "crypto/scoped_openssl_types.h" |
22 #include "net/base/net_errors.h" | 23 #include "net/base/net_errors.h" |
23 #include "net/base/net_util.h" | 24 #include "net/base/net_util.h" |
24 #include "net/cert/x509_util_openssl.h" | 25 #include "net/cert/x509_util_openssl.h" |
25 | 26 |
26 #if defined(OS_ANDROID) | 27 #if defined(OS_ANDROID) |
27 #include "base/logging.h" | 28 #include "base/logging.h" |
28 #include "net/android/network_library.h" | 29 #include "net/android/network_library.h" |
29 #endif | 30 #endif |
30 | 31 |
31 namespace net { | 32 namespace net { |
32 | 33 |
33 namespace { | 34 namespace { |
34 | 35 |
| 36 typedef scoped_ptr<GENERAL_NAMES, |
| 37 crypto::OpenSSLDestroyer<GENERAL_NAMES, GENERAL_NAMES_free> > |
| 38 ScopedGENERAL_NAMES; |
| 39 |
35 void CreateOSCertHandlesFromPKCS7Bytes( | 40 void CreateOSCertHandlesFromPKCS7Bytes( |
36 const char* data, int length, | 41 const char* data, int length, |
37 X509Certificate::OSCertHandles* handles) { | 42 X509Certificate::OSCertHandles* handles) { |
38 crypto::EnsureOpenSSLInit(); | 43 crypto::EnsureOpenSSLInit(); |
39 const unsigned char* der_data = reinterpret_cast<const unsigned char*>(data); | 44 const unsigned char* der_data = reinterpret_cast<const unsigned char*>(data); |
40 crypto::ScopedOpenSSL<PKCS7, PKCS7_free> pkcs7_cert( | 45 scoped_ptr<PKCS7, crypto::OpenSSLDestroyer<PKCS7, PKCS7_free> > pkcs7_cert( |
41 d2i_PKCS7(NULL, &der_data, length)); | 46 d2i_PKCS7(NULL, &der_data, length)); |
42 if (!pkcs7_cert.get()) | 47 if (!pkcs7_cert.get()) |
43 return; | 48 return; |
44 | 49 |
45 STACK_OF(X509)* certs = NULL; | 50 STACK_OF(X509)* certs = NULL; |
46 int nid = OBJ_obj2nid(pkcs7_cert.get()->type); | 51 int nid = OBJ_obj2nid(pkcs7_cert.get()->type); |
47 if (nid == NID_pkcs7_signed) { | 52 if (nid == NID_pkcs7_signed) { |
48 certs = pkcs7_cert.get()->d.sign->cert; | 53 certs = pkcs7_cert.get()->d.sign->cert; |
49 } else if (nid == NID_pkcs7_signedAndEnveloped) { | 54 } else if (nid == NID_pkcs7_signedAndEnveloped) { |
50 certs = pkcs7_cert.get()->d.signed_and_enveloped->cert; | 55 certs = pkcs7_cert.get()->d.signed_and_enveloped->cert; |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
98 | 103 |
99 void ParseSubjectAltName(X509Certificate::OSCertHandle cert, | 104 void ParseSubjectAltName(X509Certificate::OSCertHandle cert, |
100 std::vector<std::string>* dns_names, | 105 std::vector<std::string>* dns_names, |
101 std::vector<std::string>* ip_addresses) { | 106 std::vector<std::string>* ip_addresses) { |
102 DCHECK(dns_names || ip_addresses); | 107 DCHECK(dns_names || ip_addresses); |
103 int index = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1); | 108 int index = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1); |
104 X509_EXTENSION* alt_name_ext = X509_get_ext(cert, index); | 109 X509_EXTENSION* alt_name_ext = X509_get_ext(cert, index); |
105 if (!alt_name_ext) | 110 if (!alt_name_ext) |
106 return; | 111 return; |
107 | 112 |
108 crypto::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free> alt_names( | 113 ScopedGENERAL_NAMES alt_names( |
109 reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(alt_name_ext))); | 114 reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(alt_name_ext))); |
110 if (!alt_names.get()) | 115 if (!alt_names.get()) |
111 return; | 116 return; |
112 | 117 |
113 for (int i = 0; i < sk_GENERAL_NAME_num(alt_names.get()); ++i) { | 118 for (int i = 0; i < sk_GENERAL_NAME_num(alt_names.get()); ++i) { |
114 const GENERAL_NAME* name = sk_GENERAL_NAME_value(alt_names.get(), i); | 119 const GENERAL_NAME* name = sk_GENERAL_NAME_value(alt_names.get(), i); |
115 if (name->type == GEN_DNS && dns_names) { | 120 if (name->type == GEN_DNS && dns_names) { |
116 const unsigned char* dns_name = ASN1_STRING_data(name->d.dNSName); | 121 const unsigned char* dns_name = ASN1_STRING_data(name->d.dNSName); |
117 if (!dns_name) | 122 if (!dns_name) |
118 continue; | 123 continue; |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
175 private: | 180 private: |
176 friend struct DefaultSingletonTraits<X509InitSingleton>; | 181 friend struct DefaultSingletonTraits<X509InitSingleton>; |
177 X509InitSingleton() { | 182 X509InitSingleton() { |
178 crypto::EnsureOpenSSLInit(); | 183 crypto::EnsureOpenSSLInit(); |
179 der_cache_ex_index_ = X509_get_ex_new_index(0, 0, 0, 0, DERCache_free); | 184 der_cache_ex_index_ = X509_get_ex_new_index(0, 0, 0, 0, DERCache_free); |
180 DCHECK_NE(der_cache_ex_index_, -1); | 185 DCHECK_NE(der_cache_ex_index_, -1); |
181 ResetCertStore(); | 186 ResetCertStore(); |
182 } | 187 } |
183 | 188 |
184 int der_cache_ex_index_; | 189 int der_cache_ex_index_; |
185 crypto::ScopedOpenSSL<X509_STORE, X509_STORE_free> store_; | 190 scoped_ptr<X509_STORE, crypto::OpenSSLDestroyer<X509_STORE, X509_STORE_free> > |
| 191 store_; |
186 | 192 |
187 DISALLOW_COPY_AND_ASSIGN(X509InitSingleton); | 193 DISALLOW_COPY_AND_ASSIGN(X509InitSingleton); |
188 }; | 194 }; |
189 | 195 |
190 // Takes ownership of |data| (which must have been allocated by OpenSSL). | 196 // Takes ownership of |data| (which must have been allocated by OpenSSL). |
191 DERCache* SetDERCache(X509Certificate::OSCertHandle cert, | 197 DERCache* SetDERCache(X509Certificate::OSCertHandle cert, |
192 int x509_der_cache_index, | 198 int x509_der_cache_index, |
193 unsigned char* data, | 199 unsigned char* data, |
194 int data_length) { | 200 int data_length) { |
195 DERCache* internal_cache = static_cast<DERCache*>( | 201 DERCache* internal_cache = static_cast<DERCache*>( |
(...skipping 234 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
430 der_cache.data_length); | 436 der_cache.data_length); |
431 } | 437 } |
432 | 438 |
433 // static | 439 // static |
434 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle, | 440 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle, |
435 size_t* size_bits, | 441 size_t* size_bits, |
436 PublicKeyType* type) { | 442 PublicKeyType* type) { |
437 *type = kPublicKeyTypeUnknown; | 443 *type = kPublicKeyTypeUnknown; |
438 *size_bits = 0; | 444 *size_bits = 0; |
439 | 445 |
440 crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> scoped_key( | 446 crypto::ScopedEVP_PKEY scoped_key(X509_get_pubkey(cert_handle)); |
441 X509_get_pubkey(cert_handle)); | |
442 if (!scoped_key.get()) | 447 if (!scoped_key.get()) |
443 return; | 448 return; |
444 | 449 |
445 CHECK(scoped_key.get()); | 450 CHECK(scoped_key.get()); |
446 EVP_PKEY* key = scoped_key.get(); | 451 EVP_PKEY* key = scoped_key.get(); |
447 | 452 |
448 switch (key->type) { | 453 switch (key->type) { |
449 case EVP_PKEY_RSA: | 454 case EVP_PKEY_RSA: |
450 *type = kPublicKeyTypeRSA; | 455 *type = kPublicKeyTypeRSA; |
451 *size_bits = EVP_PKEY_size(key) * 8; | 456 *size_bits = EVP_PKEY_size(key) * 8; |
(...skipping 13 matching lines...) Expand all Loading... |
465 } | 470 } |
466 } | 471 } |
467 | 472 |
468 bool X509Certificate::IsIssuedByEncoded( | 473 bool X509Certificate::IsIssuedByEncoded( |
469 const std::vector<std::string>& valid_issuers) { | 474 const std::vector<std::string>& valid_issuers) { |
470 if (valid_issuers.empty()) | 475 if (valid_issuers.empty()) |
471 return false; | 476 return false; |
472 | 477 |
473 // Convert to a temporary list of X509_NAME objects. | 478 // Convert to a temporary list of X509_NAME objects. |
474 // It will own the objects it points to. | 479 // It will own the objects it points to. |
475 crypto::ScopedOpenSSL<STACK_OF(X509_NAME), sk_X509_NAME_free_all> | 480 scoped_ptr<STACK_OF(X509_NAME), |
| 481 crypto::OpenSSLDestroyer<STACK_OF(X509_NAME), |
| 482 sk_X509_NAME_free_all> > |
476 issuer_names(sk_X509_NAME_new_null()); | 483 issuer_names(sk_X509_NAME_new_null()); |
477 if (!issuer_names.get()) | 484 if (!issuer_names.get()) |
478 return false; | 485 return false; |
479 | 486 |
480 for (std::vector<std::string>::const_iterator it = valid_issuers.begin(); | 487 for (std::vector<std::string>::const_iterator it = valid_issuers.begin(); |
481 it != valid_issuers.end(); ++it) { | 488 it != valid_issuers.end(); ++it) { |
482 const unsigned char* p = | 489 const unsigned char* p = |
483 reinterpret_cast<const unsigned char*>(it->data()); | 490 reinterpret_cast<const unsigned char*>(it->data()); |
484 long len = static_cast<long>(it->length()); | 491 long len = static_cast<long>(it->length()); |
485 X509_NAME* ca_name = d2i_X509_NAME(NULL, &p, len); | 492 X509_NAME* ca_name = d2i_X509_NAME(NULL, &p, len); |
(...skipping 25 matching lines...) Expand all Loading... |
511 if (X509_NAME_cmp(issuer, cert_names[n]) == 0) { | 518 if (X509_NAME_cmp(issuer, cert_names[n]) == 0) { |
512 return true; | 519 return true; |
513 } | 520 } |
514 } | 521 } |
515 } | 522 } |
516 | 523 |
517 return false; | 524 return false; |
518 } | 525 } |
519 | 526 |
520 } // namespace net | 527 } // namespace net |
OLD | NEW |