OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/common/net/x509_certificate_model.h" | 5 #include "chrome/common/net/x509_certificate_model.h" |
6 | 6 |
7 #include <openssl/bio.h> | 7 #include <openssl/bio.h> |
8 #include <openssl/obj_mac.h> | 8 #include <openssl/obj_mac.h> |
9 #include <openssl/sha.h> | 9 #include <openssl/sha.h> |
10 #include <openssl/x509v3.h> | 10 #include <openssl/x509v3.h> |
11 | 11 |
12 #include "base/i18n/number_formatting.h" | 12 #include "base/i18n/number_formatting.h" |
13 #include "base/lazy_instance.h" | 13 #include "base/lazy_instance.h" |
14 #include "base/logging.h" | 14 #include "base/logging.h" |
15 #include "base/strings/string_number_conversions.h" | 15 #include "base/strings/string_number_conversions.h" |
16 #include "base/strings/stringprintf.h" | 16 #include "base/strings/stringprintf.h" |
17 #include "base/strings/utf_string_conversions.h" | 17 #include "base/strings/utf_string_conversions.h" |
18 #include "crypto/openssl_bio_string.h" | 18 #include "crypto/openssl_bio_string.h" |
19 #include "crypto/openssl_util.h" | 19 #include "crypto/openssl_util.h" |
| 20 #include "crypto/scoped_openssl_types.h" |
20 #include "grit/generated_resources.h" | 21 #include "grit/generated_resources.h" |
21 #include "net/base/net_util.h" | 22 #include "net/base/net_util.h" |
22 #include "net/cert/x509_util_openssl.h" | 23 #include "net/cert/x509_util_openssl.h" |
23 #include "ui/base/l10n/l10n_util.h" | 24 #include "ui/base/l10n/l10n_util.h" |
24 | 25 |
25 namespace x509_util = net::x509_util; | 26 namespace x509_util = net::x509_util; |
26 | 27 |
27 namespace x509_certificate_model { | 28 namespace x509_certificate_model { |
28 | 29 |
29 namespace { | 30 namespace { |
(...skipping 419 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
449 static const MaskIdPair usage_string_map[] = { | 450 static const MaskIdPair usage_string_map[] = { |
450 {NS_SSL_CLIENT, IDS_CERT_USAGE_SSL_CLIENT}, | 451 {NS_SSL_CLIENT, IDS_CERT_USAGE_SSL_CLIENT}, |
451 {NS_SSL_SERVER, IDS_CERT_USAGE_SSL_SERVER}, | 452 {NS_SSL_SERVER, IDS_CERT_USAGE_SSL_SERVER}, |
452 {NS_SMIME, IDS_CERT_EXT_NS_CERT_TYPE_EMAIL}, | 453 {NS_SMIME, IDS_CERT_EXT_NS_CERT_TYPE_EMAIL}, |
453 {NS_OBJSIGN, IDS_CERT_USAGE_OBJECT_SIGNER}, | 454 {NS_OBJSIGN, IDS_CERT_USAGE_OBJECT_SIGNER}, |
454 {NS_SSL_CA, IDS_CERT_USAGE_SSL_CA}, | 455 {NS_SSL_CA, IDS_CERT_USAGE_SSL_CA}, |
455 {NS_SMIME_CA, IDS_CERT_EXT_NS_CERT_TYPE_EMAIL_CA}, | 456 {NS_SMIME_CA, IDS_CERT_EXT_NS_CERT_TYPE_EMAIL_CA}, |
456 {NS_OBJSIGN_CA, IDS_CERT_USAGE_OBJECT_SIGNER}, | 457 {NS_OBJSIGN_CA, IDS_CERT_USAGE_OBJECT_SIGNER}, |
457 }; | 458 }; |
458 | 459 |
459 crypto::ScopedOpenSSL<ASN1_BIT_STRING, ASN1_BIT_STRING_free> value( | 460 crypto::ScopedOpenSSL<ASN1_BIT_STRING, ASN1_BIT_STRING_free>::Type value( |
460 reinterpret_cast<ASN1_BIT_STRING*>(X509V3_EXT_d2i(ex))); | 461 reinterpret_cast<ASN1_BIT_STRING*>(X509V3_EXT_d2i(ex))); |
461 if (!value.get()) | 462 if (!value.get()) |
462 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 463 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
463 return ProcessBitField(value.get(), | 464 return ProcessBitField(value.get(), |
464 usage_string_map, | 465 usage_string_map, |
465 ARRAYSIZE_UNSAFE(usage_string_map), | 466 ARRAYSIZE_UNSAFE(usage_string_map), |
466 '\n'); | 467 '\n'); |
467 } | 468 } |
468 | 469 |
469 std::string ProcessKeyUsageExtension(X509_EXTENSION* ex) { | 470 std::string ProcessKeyUsageExtension(X509_EXTENSION* ex) { |
470 static const MaskIdPair key_usage_string_map[] = { | 471 static const MaskIdPair key_usage_string_map[] = { |
471 {KU_DIGITAL_SIGNATURE, IDS_CERT_X509_KEY_USAGE_SIGNING}, | 472 {KU_DIGITAL_SIGNATURE, IDS_CERT_X509_KEY_USAGE_SIGNING}, |
472 {KU_NON_REPUDIATION, IDS_CERT_X509_KEY_USAGE_NONREP}, | 473 {KU_NON_REPUDIATION, IDS_CERT_X509_KEY_USAGE_NONREP}, |
473 {KU_KEY_ENCIPHERMENT, IDS_CERT_X509_KEY_USAGE_ENCIPHERMENT}, | 474 {KU_KEY_ENCIPHERMENT, IDS_CERT_X509_KEY_USAGE_ENCIPHERMENT}, |
474 {KU_DATA_ENCIPHERMENT, IDS_CERT_X509_KEY_USAGE_DATA_ENCIPHERMENT}, | 475 {KU_DATA_ENCIPHERMENT, IDS_CERT_X509_KEY_USAGE_DATA_ENCIPHERMENT}, |
475 {KU_KEY_AGREEMENT, IDS_CERT_X509_KEY_USAGE_KEY_AGREEMENT}, | 476 {KU_KEY_AGREEMENT, IDS_CERT_X509_KEY_USAGE_KEY_AGREEMENT}, |
476 {KU_KEY_CERT_SIGN, IDS_CERT_X509_KEY_USAGE_CERT_SIGNER}, | 477 {KU_KEY_CERT_SIGN, IDS_CERT_X509_KEY_USAGE_CERT_SIGNER}, |
477 {KU_CRL_SIGN, IDS_CERT_X509_KEY_USAGE_CRL_SIGNER}, | 478 {KU_CRL_SIGN, IDS_CERT_X509_KEY_USAGE_CRL_SIGNER}, |
478 {KU_ENCIPHER_ONLY, IDS_CERT_X509_KEY_USAGE_ENCIPHER_ONLY}, | 479 {KU_ENCIPHER_ONLY, IDS_CERT_X509_KEY_USAGE_ENCIPHER_ONLY}, |
479 {KU_DECIPHER_ONLY, IDS_CERT_X509_KEY_USAGE_DECIPHER_ONLY}, | 480 {KU_DECIPHER_ONLY, IDS_CERT_X509_KEY_USAGE_DECIPHER_ONLY}, |
480 }; | 481 }; |
481 | 482 |
482 crypto::ScopedOpenSSL<ASN1_BIT_STRING, ASN1_BIT_STRING_free> value( | 483 crypto::ScopedOpenSSL<ASN1_BIT_STRING, ASN1_BIT_STRING_free>::Type value( |
483 reinterpret_cast<ASN1_BIT_STRING*>(X509V3_EXT_d2i(ex))); | 484 reinterpret_cast<ASN1_BIT_STRING*>(X509V3_EXT_d2i(ex))); |
484 if (!value.get()) | 485 if (!value.get()) |
485 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 486 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
486 return ProcessBitField(value.get(), | 487 return ProcessBitField(value.get(), |
487 key_usage_string_map, | 488 key_usage_string_map, |
488 ARRAYSIZE_UNSAFE(key_usage_string_map), | 489 ARRAYSIZE_UNSAFE(key_usage_string_map), |
489 '\n'); | 490 '\n'); |
490 } | 491 } |
491 | 492 |
492 std::string ProcessBasicConstraints(X509_EXTENSION* ex) { | 493 std::string ProcessBasicConstraints(X509_EXTENSION* ex) { |
493 std::string rv; | 494 std::string rv; |
494 crypto::ScopedOpenSSL<BASIC_CONSTRAINTS, BASIC_CONSTRAINTS_free> value( | 495 crypto::ScopedOpenSSL<BASIC_CONSTRAINTS, BASIC_CONSTRAINTS_free>::Type value( |
495 reinterpret_cast<BASIC_CONSTRAINTS*>(X509V3_EXT_d2i(ex))); | 496 reinterpret_cast<BASIC_CONSTRAINTS*>(X509V3_EXT_d2i(ex))); |
496 if (!value.get()) | 497 if (!value.get()) |
497 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 498 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
498 if (value.get()->ca) | 499 if (value.get()->ca) |
499 rv = l10n_util::GetStringUTF8(IDS_CERT_X509_BASIC_CONSTRAINT_IS_CA); | 500 rv = l10n_util::GetStringUTF8(IDS_CERT_X509_BASIC_CONSTRAINT_IS_CA); |
500 else | 501 else |
501 rv = l10n_util::GetStringUTF8(IDS_CERT_X509_BASIC_CONSTRAINT_IS_NOT_CA); | 502 rv = l10n_util::GetStringUTF8(IDS_CERT_X509_BASIC_CONSTRAINT_IS_NOT_CA); |
502 rv += '\n'; | 503 rv += '\n'; |
503 if (value.get()->ca) { | 504 if (value.get()->ca) { |
504 base::string16 depth; | 505 base::string16 depth; |
505 if (!value.get()->pathlen) { | 506 if (!value.get()->pathlen) { |
506 depth = l10n_util::GetStringUTF16( | 507 depth = l10n_util::GetStringUTF16( |
507 IDS_CERT_X509_BASIC_CONSTRAINT_PATH_LEN_UNLIMITED); | 508 IDS_CERT_X509_BASIC_CONSTRAINT_PATH_LEN_UNLIMITED); |
508 } else { | 509 } else { |
509 depth = base::FormatNumber(ASN1_INTEGER_get(value.get()->pathlen)); | 510 depth = base::FormatNumber(ASN1_INTEGER_get(value.get()->pathlen)); |
510 } | 511 } |
511 rv += l10n_util::GetStringFUTF8(IDS_CERT_X509_BASIC_CONSTRAINT_PATH_LEN, | 512 rv += l10n_util::GetStringFUTF8(IDS_CERT_X509_BASIC_CONSTRAINT_PATH_LEN, |
512 depth); | 513 depth); |
513 } | 514 } |
514 return rv; | 515 return rv; |
515 } | 516 } |
516 | 517 |
517 std::string ProcessExtKeyUsage(X509_EXTENSION* ex) { | 518 std::string ProcessExtKeyUsage(X509_EXTENSION* ex) { |
518 std::string rv; | 519 std::string rv; |
519 crypto::ScopedOpenSSL<EXTENDED_KEY_USAGE, EXTENDED_KEY_USAGE_free> value( | 520 crypto::ScopedOpenSSL<EXTENDED_KEY_USAGE, EXTENDED_KEY_USAGE_free>::Type |
520 reinterpret_cast<EXTENDED_KEY_USAGE*>(X509V3_EXT_d2i(ex))); | 521 value(reinterpret_cast<EXTENDED_KEY_USAGE*>(X509V3_EXT_d2i(ex))); |
521 if (!value.get()) | 522 if (!value.get()) |
522 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 523 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
523 for (int i = 0; i < sk_ASN1_OBJECT_num(value.get()); i++) { | 524 for (int i = 0; i < sk_ASN1_OBJECT_num(value.get()); i++) { |
524 ASN1_OBJECT* obj = sk_ASN1_OBJECT_value(value.get(), i); | 525 ASN1_OBJECT* obj = sk_ASN1_OBJECT_value(value.get(), i); |
525 std::string oid_dump = Asn1ObjectToOIDString(obj); | 526 std::string oid_dump = Asn1ObjectToOIDString(obj); |
526 std::string oid_text = Asn1ObjectToString(obj); | 527 std::string oid_text = Asn1ObjectToString(obj); |
527 | 528 |
528 // If oid is one we recognize, oid_text will have a text description of the | 529 // If oid is one we recognize, oid_text will have a text description of the |
529 // OID, which we display along with the oid_dump. If we don't recognize the | 530 // OID, which we display along with the oid_dump. If we don't recognize the |
530 // OID, they will be the same, so just display the OID alone. | 531 // OID, they will be the same, so just display the OID alone. |
(...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
658 std::string ProcessGeneralNames(GENERAL_NAMES* names) { | 659 std::string ProcessGeneralNames(GENERAL_NAMES* names) { |
659 std::string rv; | 660 std::string rv; |
660 for (int i = 0; i < sk_GENERAL_NAME_num(names); ++i) { | 661 for (int i = 0; i < sk_GENERAL_NAME_num(names); ++i) { |
661 GENERAL_NAME* name = sk_GENERAL_NAME_value(names, i); | 662 GENERAL_NAME* name = sk_GENERAL_NAME_value(names, i); |
662 rv += ProcessGeneralName(name); | 663 rv += ProcessGeneralName(name); |
663 } | 664 } |
664 return rv; | 665 return rv; |
665 } | 666 } |
666 | 667 |
667 std::string ProcessAltName(X509_EXTENSION* ex) { | 668 std::string ProcessAltName(X509_EXTENSION* ex) { |
668 crypto::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free> alt_names( | 669 crypto::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free>::Type alt_names( |
669 reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(ex))); | 670 reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(ex))); |
670 if (!alt_names.get()) | 671 if (!alt_names.get()) |
671 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 672 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
672 | 673 |
673 return ProcessGeneralNames(alt_names.get()); | 674 return ProcessGeneralNames(alt_names.get()); |
674 } | 675 } |
675 | 676 |
676 std::string ProcessSubjectKeyId(X509_EXTENSION* ex) { | 677 std::string ProcessSubjectKeyId(X509_EXTENSION* ex) { |
677 crypto::ScopedOpenSSL<ASN1_OCTET_STRING, ASN1_OCTET_STRING_free> value( | 678 crypto::ScopedOpenSSL<ASN1_OCTET_STRING, ASN1_OCTET_STRING_free>::Type value( |
678 reinterpret_cast<ASN1_OCTET_STRING*>(X509V3_EXT_d2i(ex))); | 679 reinterpret_cast<ASN1_OCTET_STRING*>(X509V3_EXT_d2i(ex))); |
679 if (!value.get()) | 680 if (!value.get()) |
680 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 681 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
681 | 682 |
682 return l10n_util::GetStringFUTF8( | 683 return l10n_util::GetStringFUTF8( |
683 IDS_CERT_KEYID_FORMAT, | 684 IDS_CERT_KEYID_FORMAT, |
684 base::ASCIIToUTF16(ProcessRawAsn1String(value.get()))); | 685 base::ASCIIToUTF16(ProcessRawAsn1String(value.get()))); |
685 } | 686 } |
686 | 687 |
687 std::string ProcessAuthKeyId(X509_EXTENSION* ex) { | 688 std::string ProcessAuthKeyId(X509_EXTENSION* ex) { |
688 std::string rv; | 689 std::string rv; |
689 crypto::ScopedOpenSSL<AUTHORITY_KEYID, AUTHORITY_KEYID_free> value( | 690 crypto::ScopedOpenSSL<AUTHORITY_KEYID, AUTHORITY_KEYID_free>::Type value( |
690 reinterpret_cast<AUTHORITY_KEYID*>(X509V3_EXT_d2i(ex))); | 691 reinterpret_cast<AUTHORITY_KEYID*>(X509V3_EXT_d2i(ex))); |
691 if (!value.get()) | 692 if (!value.get()) |
692 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 693 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
693 | 694 |
694 if (value.get()->keyid && ASN1_STRING_length(value.get()->keyid) > 0) { | 695 if (value.get()->keyid && ASN1_STRING_length(value.get()->keyid) > 0) { |
695 rv += l10n_util::GetStringFUTF8( | 696 rv += l10n_util::GetStringFUTF8( |
696 IDS_CERT_KEYID_FORMAT, | 697 IDS_CERT_KEYID_FORMAT, |
697 base::ASCIIToUTF16(ProcessRawAsn1String(value.get()->keyid))); | 698 base::ASCIIToUTF16(ProcessRawAsn1String(value.get()->keyid))); |
698 rv += '\n'; | 699 rv += '\n'; |
699 } | 700 } |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
735 } | 736 } |
736 if (notice->exptext && notice->exptext->length != 0) { | 737 if (notice->exptext && notice->exptext->length != 0) { |
737 rv += "\n "; | 738 rv += "\n "; |
738 rv += Asn1StringToUTF8(notice->exptext); | 739 rv += Asn1StringToUTF8(notice->exptext); |
739 } | 740 } |
740 return rv; | 741 return rv; |
741 } | 742 } |
742 | 743 |
743 std::string ProcessCertificatePolicies(X509_EXTENSION* ex) { | 744 std::string ProcessCertificatePolicies(X509_EXTENSION* ex) { |
744 std::string rv; | 745 std::string rv; |
745 crypto::ScopedOpenSSL<CERTIFICATEPOLICIES, CERTIFICATEPOLICIES_free> policies( | 746 crypto::ScopedOpenSSL<CERTIFICATEPOLICIES, CERTIFICATEPOLICIES_free>::Type |
746 reinterpret_cast<CERTIFICATEPOLICIES*>(X509V3_EXT_d2i(ex))); | 747 policies(reinterpret_cast<CERTIFICATEPOLICIES*>(X509V3_EXT_d2i(ex))); |
747 | 748 |
748 if (!policies.get()) | 749 if (!policies.get()) |
749 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 750 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
750 | 751 |
751 for (int i = 0; i < sk_POLICYINFO_num(policies.get()); ++i) { | 752 for (int i = 0; i < sk_POLICYINFO_num(policies.get()); ++i) { |
752 POLICYINFO* info = sk_POLICYINFO_value(policies.get(), i); | 753 POLICYINFO* info = sk_POLICYINFO_value(policies.get(), i); |
753 std::string key = Asn1ObjectToString(info->policyid); | 754 std::string key = Asn1ObjectToString(info->policyid); |
754 // If we have policy qualifiers, display the oid text | 755 // If we have policy qualifiers, display the oid text |
755 // with a ':', otherwise just put the oid text and a newline. | 756 // with a ':', otherwise just put the oid text and a newline. |
756 if (info->qualifiers && sk_POLICYQUALINFO_num(info->qualifiers)) { | 757 if (info->qualifiers && sk_POLICYQUALINFO_num(info->qualifiers)) { |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
806 {6, IDS_CERT_REVOCATION_REASON_CERTIFICATE_HOLD}, | 807 {6, IDS_CERT_REVOCATION_REASON_CERTIFICATE_HOLD}, |
807 {7, IDS_CERT_REVOCATION_REASON_PRIVILEGE_WITHDRAWN}, | 808 {7, IDS_CERT_REVOCATION_REASON_PRIVILEGE_WITHDRAWN}, |
808 {8, IDS_CERT_REVOCATION_REASON_AA_COMPROMISE}, | 809 {8, IDS_CERT_REVOCATION_REASON_AA_COMPROMISE}, |
809 }; | 810 }; |
810 // OpenSSL doesn't define constants for the DIST_POINT type field. These | 811 // OpenSSL doesn't define constants for the DIST_POINT type field. These |
811 // values are from reading openssl/crypto/x509v3/v3_crld.c | 812 // values are from reading openssl/crypto/x509v3/v3_crld.c |
812 const int kDistPointFullName = 0; | 813 const int kDistPointFullName = 0; |
813 const int kDistPointRelativeName = 1; | 814 const int kDistPointRelativeName = 1; |
814 | 815 |
815 std::string rv; | 816 std::string rv; |
816 crypto::ScopedOpenSSL<CRL_DIST_POINTS, CRL_DIST_POINTS_free> dist_points( | 817 crypto::ScopedOpenSSL<CRL_DIST_POINTS, CRL_DIST_POINTS_free>::Type |
817 reinterpret_cast<CRL_DIST_POINTS*>(X509V3_EXT_d2i(ex))); | 818 dist_points(reinterpret_cast<CRL_DIST_POINTS*>(X509V3_EXT_d2i(ex))); |
818 | 819 |
819 if (!dist_points.get()) | 820 if (!dist_points.get()) |
820 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 821 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
821 | 822 |
822 for (int i = 0; i < sk_DIST_POINT_num(dist_points.get()); ++i) { | 823 for (int i = 0; i < sk_DIST_POINT_num(dist_points.get()); ++i) { |
823 DIST_POINT* point = sk_DIST_POINT_value(dist_points.get(), i); | 824 DIST_POINT* point = sk_DIST_POINT_value(dist_points.get(), i); |
824 if (point->distpoint) { | 825 if (point->distpoint) { |
825 switch (point->distpoint->type) { | 826 switch (point->distpoint->type) { |
826 case kDistPointFullName: | 827 case kDistPointFullName: |
827 rv += ProcessGeneralNames(point->distpoint->name.fullname); | 828 rv += ProcessGeneralNames(point->distpoint->name.fullname); |
(...skipping 19 matching lines...) Expand all Loading... |
847 IDS_CERT_ISSUER_FORMAT, | 848 IDS_CERT_ISSUER_FORMAT, |
848 base::UTF8ToUTF16(ProcessGeneralNames(point->CRLissuer))); | 849 base::UTF8ToUTF16(ProcessGeneralNames(point->CRLissuer))); |
849 } | 850 } |
850 } | 851 } |
851 | 852 |
852 return rv; | 853 return rv; |
853 } | 854 } |
854 | 855 |
855 std::string ProcessAuthInfoAccess(X509_EXTENSION* ex) { | 856 std::string ProcessAuthInfoAccess(X509_EXTENSION* ex) { |
856 std::string rv; | 857 std::string rv; |
857 crypto::ScopedOpenSSL<AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_ACCESS_free> aia( | 858 crypto::ScopedOpenSSL<AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_ACCESS_free>::Type |
858 reinterpret_cast<AUTHORITY_INFO_ACCESS*>(X509V3_EXT_d2i(ex))); | 859 aia(reinterpret_cast<AUTHORITY_INFO_ACCESS*>(X509V3_EXT_d2i(ex))); |
859 | 860 |
860 if (!aia.get()) | 861 if (!aia.get()) |
861 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 862 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
862 | 863 |
863 for (int i = 0; i < sk_ACCESS_DESCRIPTION_num(aia.get()); ++i) { | 864 for (int i = 0; i < sk_ACCESS_DESCRIPTION_num(aia.get()); ++i) { |
864 ACCESS_DESCRIPTION* desc = sk_ACCESS_DESCRIPTION_value(aia.get(), i); | 865 ACCESS_DESCRIPTION* desc = sk_ACCESS_DESCRIPTION_value(aia.get(), i); |
865 | 866 |
866 base::string16 location_str = | 867 base::string16 location_str = |
867 base::UTF8ToUTF16(ProcessGeneralName(desc->location)); | 868 base::UTF8ToUTF16(ProcessGeneralName(desc->location)); |
868 switch (OBJ_obj2nid(desc->method)) { | 869 switch (OBJ_obj2nid(desc->method)) { |
(...skipping 11 matching lines...) Expand all Loading... |
880 base::UTF8ToUTF16(Asn1ObjectToString(desc->method)), | 881 base::UTF8ToUTF16(Asn1ObjectToString(desc->method)), |
881 location_str); | 882 location_str); |
882 break; | 883 break; |
883 } | 884 } |
884 } | 885 } |
885 return rv; | 886 return rv; |
886 } | 887 } |
887 | 888 |
888 std::string ProcessIA5StringData(ASN1_OCTET_STRING* asn1_string) { | 889 std::string ProcessIA5StringData(ASN1_OCTET_STRING* asn1_string) { |
889 const unsigned char* data = ASN1_STRING_data(asn1_string); | 890 const unsigned char* data = ASN1_STRING_data(asn1_string); |
890 crypto::ScopedOpenSSL<ASN1_IA5STRING, ASN1_IA5STRING_free> ia5_string( | 891 crypto::ScopedOpenSSL<ASN1_IA5STRING, ASN1_IA5STRING_free>::Type ia5_string( |
891 d2i_ASN1_IA5STRING(NULL, &data, ASN1_STRING_length(asn1_string))); | 892 d2i_ASN1_IA5STRING(NULL, &data, ASN1_STRING_length(asn1_string))); |
892 | 893 |
893 if (!ia5_string.get()) | 894 if (!ia5_string.get()) |
894 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 895 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
895 | 896 |
896 return std::string( | 897 return std::string( |
897 reinterpret_cast<char*>(ASN1_STRING_data(ia5_string.get())), | 898 reinterpret_cast<char*>(ASN1_STRING_data(ia5_string.get())), |
898 ASN1_STRING_length(ia5_string.get())); | 899 ASN1_STRING_length(ia5_string.get())); |
899 } | 900 } |
900 | 901 |
901 std::string ProcessBMPStringData(ASN1_OCTET_STRING* asn1_string) { | 902 std::string ProcessBMPStringData(ASN1_OCTET_STRING* asn1_string) { |
902 const unsigned char* data = ASN1_STRING_data(asn1_string); | 903 const unsigned char* data = ASN1_STRING_data(asn1_string); |
903 crypto::ScopedOpenSSL<ASN1_BMPSTRING, ASN1_BMPSTRING_free> bmp_string( | 904 crypto::ScopedOpenSSL<ASN1_BMPSTRING, ASN1_BMPSTRING_free>::Type bmp_string( |
904 d2i_ASN1_BMPSTRING(NULL, &data, ASN1_STRING_length(asn1_string))); | 905 d2i_ASN1_BMPSTRING(NULL, &data, ASN1_STRING_length(asn1_string))); |
905 | 906 |
906 if (!bmp_string.get()) | 907 if (!bmp_string.get()) |
907 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 908 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
908 | 909 |
909 return Asn1StringToUTF8(bmp_string.get()); | 910 return Asn1StringToUTF8(bmp_string.get()); |
910 } | 911 } |
911 | 912 |
912 std::string X509ExtensionValueToString(X509_EXTENSION* ex) { | 913 std::string X509ExtensionValueToString(X509_EXTENSION* ex) { |
913 g_dynamic_oid_registerer.Get(); | 914 g_dynamic_oid_registerer.Get(); |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
956 } // namespace | 957 } // namespace |
957 | 958 |
958 using net::X509Certificate; | 959 using net::X509Certificate; |
959 | 960 |
960 std::string GetCertNameOrNickname(X509Certificate::OSCertHandle cert_handle) { | 961 std::string GetCertNameOrNickname(X509Certificate::OSCertHandle cert_handle) { |
961 std::string name = | 962 std::string name = |
962 ProcessIDN(GetSubjectCommonName(cert_handle, std::string())); | 963 ProcessIDN(GetSubjectCommonName(cert_handle, std::string())); |
963 if (!name.empty()) | 964 if (!name.empty()) |
964 return name; | 965 return name; |
965 | 966 |
966 crypto::ScopedOpenSSL<BIO, BIO_free_all> bio(crypto::BIO_new_string(&name)); | 967 crypto::ScopedBIO bio(crypto::BIO_new_string(&name)); |
967 if (!bio.get()) | 968 if (!bio.get()) |
968 return name; | 969 return name; |
969 X509_NAME_print_ex(bio.get(), | 970 X509_NAME_print_ex(bio.get(), |
970 X509_get_subject_name(cert_handle), | 971 X509_get_subject_name(cert_handle), |
971 0 /* indent */, | 972 0 /* indent */, |
972 XN_FLAG_RFC2253 & ~ASN1_STRFLGS_ESC_MSB); | 973 XN_FLAG_RFC2253 & ~ASN1_STRFLGS_ESC_MSB); |
973 return name; | 974 return name; |
974 } | 975 } |
975 | 976 |
976 std::string GetTokenName(X509Certificate::OSCertHandle cert_handle) { | 977 std::string GetTokenName(X509Certificate::OSCertHandle cert_handle) { |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1066 | 1067 |
1067 std::string GetTitle(net::X509Certificate::OSCertHandle cert_handle) { | 1068 std::string GetTitle(net::X509Certificate::OSCertHandle cert_handle) { |
1068 // TODO(mattm): merge GetTitle and GetCertNameOrNickname? | 1069 // TODO(mattm): merge GetTitle and GetCertNameOrNickname? |
1069 // Is there any reason GetCertNameOrNickname calls ProcessIDN and this | 1070 // Is there any reason GetCertNameOrNickname calls ProcessIDN and this |
1070 // doesn't? | 1071 // doesn't? |
1071 std::string title = | 1072 std::string title = |
1072 GetSubjectCommonName(cert_handle, std::string()); | 1073 GetSubjectCommonName(cert_handle, std::string()); |
1073 if (!title.empty()) | 1074 if (!title.empty()) |
1074 return title; | 1075 return title; |
1075 | 1076 |
1076 crypto::ScopedOpenSSL<BIO, BIO_free_all> bio(crypto::BIO_new_string(&title)); | 1077 crypto::ScopedBIO bio(crypto::BIO_new_string(&title)); |
1077 if (!bio.get()) | 1078 if (!bio.get()) |
1078 return title; | 1079 return title; |
1079 X509_NAME_print_ex(bio.get(), | 1080 X509_NAME_print_ex(bio.get(), |
1080 X509_get_subject_name(cert_handle), | 1081 X509_get_subject_name(cert_handle), |
1081 0 /* indent */, | 1082 0 /* indent */, |
1082 XN_FLAG_RFC2253 & ~ASN1_STRFLGS_ESC_MSB); | 1083 XN_FLAG_RFC2253 & ~ASN1_STRFLGS_ESC_MSB); |
1083 return title; | 1084 return title; |
1084 } | 1085 } |
1085 | 1086 |
1086 std::string GetIssuerName(net::X509Certificate::OSCertHandle cert_handle) { | 1087 std::string GetIssuerName(net::X509Certificate::OSCertHandle cert_handle) { |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1136 void DestroyCertChain(net::X509Certificate::OSCertHandles* cert_handles) { | 1137 void DestroyCertChain(net::X509Certificate::OSCertHandles* cert_handles) { |
1137 for (net::X509Certificate::OSCertHandles::iterator i = cert_handles->begin(); | 1138 for (net::X509Certificate::OSCertHandles::iterator i = cert_handles->begin(); |
1138 i != cert_handles->end(); ++i) | 1139 i != cert_handles->end(); ++i) |
1139 X509_free(*i); | 1140 X509_free(*i); |
1140 cert_handles->clear(); | 1141 cert_handles->clear(); |
1141 } | 1142 } |
1142 | 1143 |
1143 std::string GetCMSString(const net::X509Certificate::OSCertHandles& cert_chain, | 1144 std::string GetCMSString(const net::X509Certificate::OSCertHandles& cert_chain, |
1144 size_t start, size_t end) { | 1145 size_t start, size_t end) { |
1145 std::string rv; | 1146 std::string rv; |
1146 crypto::ScopedOpenSSL<PKCS7, PKCS7_free> p7(PKCS7_new()); | 1147 crypto::ScopedOpenSSL<PKCS7, PKCS7_free>::Type p7(PKCS7_new()); |
1147 if (!p7.get()) | 1148 if (!p7.get()) |
1148 return rv; | 1149 return rv; |
1149 if (!PKCS7_set_type(p7.get(), NID_pkcs7_signed)) | 1150 if (!PKCS7_set_type(p7.get(), NID_pkcs7_signed)) |
1150 return rv; | 1151 return rv; |
1151 | 1152 |
1152 for (size_t i = start; i < end; ++i) { | 1153 for (size_t i = start; i < end; ++i) { |
1153 if (!PKCS7_add_certificate(p7.get(), cert_chain[i])) | 1154 if (!PKCS7_add_certificate(p7.get(), cert_chain[i])) |
1154 return rv; | 1155 return rv; |
1155 } | 1156 } |
1156 | 1157 |
1157 crypto::ScopedOpenSSL<BIO, BIO_free_all> bio(crypto::BIO_new_string(&rv)); | 1158 crypto::ScopedOpenSSL<BIO, BIO_free_all>::Type bio( |
| 1159 crypto::BIO_new_string(&rv)); |
1158 if (!bio.get()) | 1160 if (!bio.get()) |
1159 return rv; | 1161 return rv; |
1160 | 1162 |
1161 if (!i2d_PKCS7_bio(bio.get(), p7.get())) { | 1163 if (!i2d_PKCS7_bio(bio.get(), p7.get())) { |
1162 rv.clear(); | 1164 rv.clear(); |
1163 return rv; | 1165 return rv; |
1164 } | 1166 } |
1165 | 1167 |
1166 return rv; | 1168 return rv; |
1167 } | 1169 } |
(...skipping 20 matching lines...) Expand all Loading... |
1188 return ""; | 1190 return ""; |
1189 } | 1191 } |
1190 | 1192 |
1191 std::string ProcessRawBitsSignatureWrap( | 1193 std::string ProcessRawBitsSignatureWrap( |
1192 net::X509Certificate::OSCertHandle cert_handle) { | 1194 net::X509Certificate::OSCertHandle cert_handle) { |
1193 // TODO(bulach): implement me. | 1195 // TODO(bulach): implement me. |
1194 return ""; | 1196 return ""; |
1195 } | 1197 } |
1196 | 1198 |
1197 } // namespace x509_certificate_model | 1199 } // namespace x509_certificate_model |
OLD | NEW |