OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/common/net/x509_certificate_model.h" | 5 #include "chrome/common/net/x509_certificate_model.h" |
6 | 6 |
7 #include <openssl/bio.h> | 7 #include <openssl/bio.h> |
8 #include <openssl/obj_mac.h> | 8 #include <openssl/obj_mac.h> |
9 #include <openssl/sha.h> | 9 #include <openssl/sha.h> |
10 #include <openssl/x509v3.h> | 10 #include <openssl/x509v3.h> |
11 | 11 |
12 #include "base/i18n/number_formatting.h" | 12 #include "base/i18n/number_formatting.h" |
13 #include "base/lazy_instance.h" | 13 #include "base/lazy_instance.h" |
14 #include "base/logging.h" | 14 #include "base/logging.h" |
15 #include "base/strings/string_number_conversions.h" | 15 #include "base/strings/string_number_conversions.h" |
16 #include "base/strings/stringprintf.h" | 16 #include "base/strings/stringprintf.h" |
17 #include "base/strings/utf_string_conversions.h" | 17 #include "base/strings/utf_string_conversions.h" |
18 #include "crypto/openssl_bio_string.h" | 18 #include "crypto/openssl_bio_string.h" |
19 #include "crypto/openssl_util.h" | 19 #include "crypto/openssl_util.h" |
| 20 #include "crypto/scoped_openssl_types.h" |
20 #include "grit/generated_resources.h" | 21 #include "grit/generated_resources.h" |
21 #include "net/base/net_util.h" | 22 #include "net/base/net_util.h" |
22 #include "net/cert/x509_util_openssl.h" | 23 #include "net/cert/x509_util_openssl.h" |
23 #include "ui/base/l10n/l10n_util.h" | 24 #include "ui/base/l10n/l10n_util.h" |
24 | 25 |
25 namespace x509_util = net::x509_util; | 26 namespace x509_util = net::x509_util; |
26 | 27 |
27 namespace x509_certificate_model { | 28 namespace x509_certificate_model { |
28 | 29 |
29 namespace { | 30 namespace { |
(...skipping 426 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
456 static const MaskIdPair usage_string_map[] = { | 457 static const MaskIdPair usage_string_map[] = { |
457 {NS_SSL_CLIENT, IDS_CERT_USAGE_SSL_CLIENT}, | 458 {NS_SSL_CLIENT, IDS_CERT_USAGE_SSL_CLIENT}, |
458 {NS_SSL_SERVER, IDS_CERT_USAGE_SSL_SERVER}, | 459 {NS_SSL_SERVER, IDS_CERT_USAGE_SSL_SERVER}, |
459 {NS_SMIME, IDS_CERT_EXT_NS_CERT_TYPE_EMAIL}, | 460 {NS_SMIME, IDS_CERT_EXT_NS_CERT_TYPE_EMAIL}, |
460 {NS_OBJSIGN, IDS_CERT_USAGE_OBJECT_SIGNER}, | 461 {NS_OBJSIGN, IDS_CERT_USAGE_OBJECT_SIGNER}, |
461 {NS_SSL_CA, IDS_CERT_USAGE_SSL_CA}, | 462 {NS_SSL_CA, IDS_CERT_USAGE_SSL_CA}, |
462 {NS_SMIME_CA, IDS_CERT_EXT_NS_CERT_TYPE_EMAIL_CA}, | 463 {NS_SMIME_CA, IDS_CERT_EXT_NS_CERT_TYPE_EMAIL_CA}, |
463 {NS_OBJSIGN_CA, IDS_CERT_USAGE_OBJECT_SIGNER}, | 464 {NS_OBJSIGN_CA, IDS_CERT_USAGE_OBJECT_SIGNER}, |
464 }; | 465 }; |
465 | 466 |
466 crypto::ScopedOpenSSL<ASN1_BIT_STRING, ASN1_BIT_STRING_free> value( | 467 crypto::ScopedOpenSSL<ASN1_BIT_STRING, ASN1_BIT_STRING_free>::Type value( |
467 reinterpret_cast<ASN1_BIT_STRING*>(X509V3_EXT_d2i(ex))); | 468 reinterpret_cast<ASN1_BIT_STRING*>(X509V3_EXT_d2i(ex))); |
468 if (!value.get()) | 469 if (!value.get()) |
469 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 470 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
470 return ProcessBitField(value.get(), | 471 return ProcessBitField(value.get(), |
471 usage_string_map, | 472 usage_string_map, |
472 ARRAYSIZE_UNSAFE(usage_string_map), | 473 ARRAYSIZE_UNSAFE(usage_string_map), |
473 '\n'); | 474 '\n'); |
474 } | 475 } |
475 | 476 |
476 std::string ProcessKeyUsageExtension(X509_EXTENSION* ex) { | 477 std::string ProcessKeyUsageExtension(X509_EXTENSION* ex) { |
477 static const MaskIdPair key_usage_string_map[] = { | 478 static const MaskIdPair key_usage_string_map[] = { |
478 {KU_DIGITAL_SIGNATURE, IDS_CERT_X509_KEY_USAGE_SIGNING}, | 479 {KU_DIGITAL_SIGNATURE, IDS_CERT_X509_KEY_USAGE_SIGNING}, |
479 {KU_NON_REPUDIATION, IDS_CERT_X509_KEY_USAGE_NONREP}, | 480 {KU_NON_REPUDIATION, IDS_CERT_X509_KEY_USAGE_NONREP}, |
480 {KU_KEY_ENCIPHERMENT, IDS_CERT_X509_KEY_USAGE_ENCIPHERMENT}, | 481 {KU_KEY_ENCIPHERMENT, IDS_CERT_X509_KEY_USAGE_ENCIPHERMENT}, |
481 {KU_DATA_ENCIPHERMENT, IDS_CERT_X509_KEY_USAGE_DATA_ENCIPHERMENT}, | 482 {KU_DATA_ENCIPHERMENT, IDS_CERT_X509_KEY_USAGE_DATA_ENCIPHERMENT}, |
482 {KU_KEY_AGREEMENT, IDS_CERT_X509_KEY_USAGE_KEY_AGREEMENT}, | 483 {KU_KEY_AGREEMENT, IDS_CERT_X509_KEY_USAGE_KEY_AGREEMENT}, |
483 {KU_KEY_CERT_SIGN, IDS_CERT_X509_KEY_USAGE_CERT_SIGNER}, | 484 {KU_KEY_CERT_SIGN, IDS_CERT_X509_KEY_USAGE_CERT_SIGNER}, |
484 {KU_CRL_SIGN, IDS_CERT_X509_KEY_USAGE_CRL_SIGNER}, | 485 {KU_CRL_SIGN, IDS_CERT_X509_KEY_USAGE_CRL_SIGNER}, |
485 {KU_ENCIPHER_ONLY, IDS_CERT_X509_KEY_USAGE_ENCIPHER_ONLY}, | 486 {KU_ENCIPHER_ONLY, IDS_CERT_X509_KEY_USAGE_ENCIPHER_ONLY}, |
486 {KU_DECIPHER_ONLY, IDS_CERT_X509_KEY_USAGE_DECIPHER_ONLY}, | 487 {KU_DECIPHER_ONLY, IDS_CERT_X509_KEY_USAGE_DECIPHER_ONLY}, |
487 }; | 488 }; |
488 | 489 |
489 crypto::ScopedOpenSSL<ASN1_BIT_STRING, ASN1_BIT_STRING_free> value( | 490 crypto::ScopedOpenSSL<ASN1_BIT_STRING, ASN1_BIT_STRING_free>::Type value( |
490 reinterpret_cast<ASN1_BIT_STRING*>(X509V3_EXT_d2i(ex))); | 491 reinterpret_cast<ASN1_BIT_STRING*>(X509V3_EXT_d2i(ex))); |
491 if (!value.get()) | 492 if (!value.get()) |
492 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 493 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
493 return ProcessBitField(value.get(), | 494 return ProcessBitField(value.get(), |
494 key_usage_string_map, | 495 key_usage_string_map, |
495 ARRAYSIZE_UNSAFE(key_usage_string_map), | 496 ARRAYSIZE_UNSAFE(key_usage_string_map), |
496 '\n'); | 497 '\n'); |
497 } | 498 } |
498 | 499 |
499 std::string ProcessBasicConstraints(X509_EXTENSION* ex) { | 500 std::string ProcessBasicConstraints(X509_EXTENSION* ex) { |
500 std::string rv; | 501 std::string rv; |
501 crypto::ScopedOpenSSL<BASIC_CONSTRAINTS, BASIC_CONSTRAINTS_free> value( | 502 crypto::ScopedOpenSSL<BASIC_CONSTRAINTS, BASIC_CONSTRAINTS_free>::Type value( |
502 reinterpret_cast<BASIC_CONSTRAINTS*>(X509V3_EXT_d2i(ex))); | 503 reinterpret_cast<BASIC_CONSTRAINTS*>(X509V3_EXT_d2i(ex))); |
503 if (!value.get()) | 504 if (!value.get()) |
504 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 505 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
505 if (value.get()->ca) | 506 if (value.get()->ca) |
506 rv = l10n_util::GetStringUTF8(IDS_CERT_X509_BASIC_CONSTRAINT_IS_CA); | 507 rv = l10n_util::GetStringUTF8(IDS_CERT_X509_BASIC_CONSTRAINT_IS_CA); |
507 else | 508 else |
508 rv = l10n_util::GetStringUTF8(IDS_CERT_X509_BASIC_CONSTRAINT_IS_NOT_CA); | 509 rv = l10n_util::GetStringUTF8(IDS_CERT_X509_BASIC_CONSTRAINT_IS_NOT_CA); |
509 rv += '\n'; | 510 rv += '\n'; |
510 if (value.get()->ca) { | 511 if (value.get()->ca) { |
511 base::string16 depth; | 512 base::string16 depth; |
512 if (!value.get()->pathlen) { | 513 if (!value.get()->pathlen) { |
513 depth = l10n_util::GetStringUTF16( | 514 depth = l10n_util::GetStringUTF16( |
514 IDS_CERT_X509_BASIC_CONSTRAINT_PATH_LEN_UNLIMITED); | 515 IDS_CERT_X509_BASIC_CONSTRAINT_PATH_LEN_UNLIMITED); |
515 } else { | 516 } else { |
516 depth = base::FormatNumber(ASN1_INTEGER_get(value.get()->pathlen)); | 517 depth = base::FormatNumber(ASN1_INTEGER_get(value.get()->pathlen)); |
517 } | 518 } |
518 rv += l10n_util::GetStringFUTF8(IDS_CERT_X509_BASIC_CONSTRAINT_PATH_LEN, | 519 rv += l10n_util::GetStringFUTF8(IDS_CERT_X509_BASIC_CONSTRAINT_PATH_LEN, |
519 depth); | 520 depth); |
520 } | 521 } |
521 return rv; | 522 return rv; |
522 } | 523 } |
523 | 524 |
524 std::string ProcessExtKeyUsage(X509_EXTENSION* ex) { | 525 std::string ProcessExtKeyUsage(X509_EXTENSION* ex) { |
525 std::string rv; | 526 std::string rv; |
526 crypto::ScopedOpenSSL<EXTENDED_KEY_USAGE, EXTENDED_KEY_USAGE_free> value( | 527 crypto::ScopedOpenSSL<EXTENDED_KEY_USAGE, EXTENDED_KEY_USAGE_free>::Type |
527 reinterpret_cast<EXTENDED_KEY_USAGE*>(X509V3_EXT_d2i(ex))); | 528 value(reinterpret_cast<EXTENDED_KEY_USAGE*>(X509V3_EXT_d2i(ex))); |
528 if (!value.get()) | 529 if (!value.get()) |
529 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 530 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
530 for (int i = 0; i < sk_ASN1_OBJECT_num(value.get()); i++) { | 531 for (int i = 0; i < sk_ASN1_OBJECT_num(value.get()); i++) { |
531 ASN1_OBJECT* obj = sk_ASN1_OBJECT_value(value.get(), i); | 532 ASN1_OBJECT* obj = sk_ASN1_OBJECT_value(value.get(), i); |
532 std::string oid_dump = Asn1ObjectToOIDString(obj); | 533 std::string oid_dump = Asn1ObjectToOIDString(obj); |
533 std::string oid_text = Asn1ObjectToString(obj); | 534 std::string oid_text = Asn1ObjectToString(obj); |
534 | 535 |
535 // If oid is one we recognize, oid_text will have a text description of the | 536 // If oid is one we recognize, oid_text will have a text description of the |
536 // OID, which we display along with the oid_dump. If we don't recognize the | 537 // OID, which we display along with the oid_dump. If we don't recognize the |
537 // OID, they will be the same, so just display the OID alone. | 538 // OID, they will be the same, so just display the OID alone. |
(...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
665 std::string ProcessGeneralNames(GENERAL_NAMES* names) { | 666 std::string ProcessGeneralNames(GENERAL_NAMES* names) { |
666 std::string rv; | 667 std::string rv; |
667 for (int i = 0; i < sk_GENERAL_NAME_num(names); ++i) { | 668 for (int i = 0; i < sk_GENERAL_NAME_num(names); ++i) { |
668 GENERAL_NAME* name = sk_GENERAL_NAME_value(names, i); | 669 GENERAL_NAME* name = sk_GENERAL_NAME_value(names, i); |
669 rv += ProcessGeneralName(name); | 670 rv += ProcessGeneralName(name); |
670 } | 671 } |
671 return rv; | 672 return rv; |
672 } | 673 } |
673 | 674 |
674 std::string ProcessAltName(X509_EXTENSION* ex) { | 675 std::string ProcessAltName(X509_EXTENSION* ex) { |
675 crypto::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free> alt_names( | 676 crypto::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free>::Type alt_names( |
676 reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(ex))); | 677 reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(ex))); |
677 if (!alt_names.get()) | 678 if (!alt_names.get()) |
678 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 679 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
679 | 680 |
680 return ProcessGeneralNames(alt_names.get()); | 681 return ProcessGeneralNames(alt_names.get()); |
681 } | 682 } |
682 | 683 |
683 std::string ProcessSubjectKeyId(X509_EXTENSION* ex) { | 684 std::string ProcessSubjectKeyId(X509_EXTENSION* ex) { |
684 crypto::ScopedOpenSSL<ASN1_OCTET_STRING, ASN1_OCTET_STRING_free> value( | 685 crypto::ScopedOpenSSL<ASN1_OCTET_STRING, ASN1_OCTET_STRING_free>::Type value( |
685 reinterpret_cast<ASN1_OCTET_STRING*>(X509V3_EXT_d2i(ex))); | 686 reinterpret_cast<ASN1_OCTET_STRING*>(X509V3_EXT_d2i(ex))); |
686 if (!value.get()) | 687 if (!value.get()) |
687 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 688 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
688 | 689 |
689 return l10n_util::GetStringFUTF8( | 690 return l10n_util::GetStringFUTF8( |
690 IDS_CERT_KEYID_FORMAT, | 691 IDS_CERT_KEYID_FORMAT, |
691 base::ASCIIToUTF16(ProcessRawAsn1String(value.get()))); | 692 base::ASCIIToUTF16(ProcessRawAsn1String(value.get()))); |
692 } | 693 } |
693 | 694 |
694 std::string ProcessAuthKeyId(X509_EXTENSION* ex) { | 695 std::string ProcessAuthKeyId(X509_EXTENSION* ex) { |
695 std::string rv; | 696 std::string rv; |
696 crypto::ScopedOpenSSL<AUTHORITY_KEYID, AUTHORITY_KEYID_free> value( | 697 crypto::ScopedOpenSSL<AUTHORITY_KEYID, AUTHORITY_KEYID_free>::Type value( |
697 reinterpret_cast<AUTHORITY_KEYID*>(X509V3_EXT_d2i(ex))); | 698 reinterpret_cast<AUTHORITY_KEYID*>(X509V3_EXT_d2i(ex))); |
698 if (!value.get()) | 699 if (!value.get()) |
699 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 700 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
700 | 701 |
701 if (value.get()->keyid && ASN1_STRING_length(value.get()->keyid) > 0) { | 702 if (value.get()->keyid && ASN1_STRING_length(value.get()->keyid) > 0) { |
702 rv += l10n_util::GetStringFUTF8( | 703 rv += l10n_util::GetStringFUTF8( |
703 IDS_CERT_KEYID_FORMAT, | 704 IDS_CERT_KEYID_FORMAT, |
704 base::ASCIIToUTF16(ProcessRawAsn1String(value.get()->keyid))); | 705 base::ASCIIToUTF16(ProcessRawAsn1String(value.get()->keyid))); |
705 rv += '\n'; | 706 rv += '\n'; |
706 } | 707 } |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
742 } | 743 } |
743 if (notice->exptext && notice->exptext->length != 0) { | 744 if (notice->exptext && notice->exptext->length != 0) { |
744 rv += "\n "; | 745 rv += "\n "; |
745 rv += Asn1StringToUTF8(notice->exptext); | 746 rv += Asn1StringToUTF8(notice->exptext); |
746 } | 747 } |
747 return rv; | 748 return rv; |
748 } | 749 } |
749 | 750 |
750 std::string ProcessCertificatePolicies(X509_EXTENSION* ex) { | 751 std::string ProcessCertificatePolicies(X509_EXTENSION* ex) { |
751 std::string rv; | 752 std::string rv; |
752 crypto::ScopedOpenSSL<CERTIFICATEPOLICIES, CERTIFICATEPOLICIES_free> policies( | 753 crypto::ScopedOpenSSL<CERTIFICATEPOLICIES, CERTIFICATEPOLICIES_free>::Type |
753 reinterpret_cast<CERTIFICATEPOLICIES*>(X509V3_EXT_d2i(ex))); | 754 policies(reinterpret_cast<CERTIFICATEPOLICIES*>(X509V3_EXT_d2i(ex))); |
754 | 755 |
755 if (!policies.get()) | 756 if (!policies.get()) |
756 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 757 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
757 | 758 |
758 for (int i = 0; i < sk_POLICYINFO_num(policies.get()); ++i) { | 759 for (int i = 0; i < sk_POLICYINFO_num(policies.get()); ++i) { |
759 POLICYINFO* info = sk_POLICYINFO_value(policies.get(), i); | 760 POLICYINFO* info = sk_POLICYINFO_value(policies.get(), i); |
760 std::string key = Asn1ObjectToString(info->policyid); | 761 std::string key = Asn1ObjectToString(info->policyid); |
761 // If we have policy qualifiers, display the oid text | 762 // If we have policy qualifiers, display the oid text |
762 // with a ':', otherwise just put the oid text and a newline. | 763 // with a ':', otherwise just put the oid text and a newline. |
763 if (info->qualifiers && sk_POLICYQUALINFO_num(info->qualifiers)) { | 764 if (info->qualifiers && sk_POLICYQUALINFO_num(info->qualifiers)) { |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
813 {6, IDS_CERT_REVOCATION_REASON_CERTIFICATE_HOLD}, | 814 {6, IDS_CERT_REVOCATION_REASON_CERTIFICATE_HOLD}, |
814 {7, IDS_CERT_REVOCATION_REASON_PRIVILEGE_WITHDRAWN}, | 815 {7, IDS_CERT_REVOCATION_REASON_PRIVILEGE_WITHDRAWN}, |
815 {8, IDS_CERT_REVOCATION_REASON_AA_COMPROMISE}, | 816 {8, IDS_CERT_REVOCATION_REASON_AA_COMPROMISE}, |
816 }; | 817 }; |
817 // OpenSSL doesn't define constants for the DIST_POINT type field. These | 818 // OpenSSL doesn't define constants for the DIST_POINT type field. These |
818 // values are from reading openssl/crypto/x509v3/v3_crld.c | 819 // values are from reading openssl/crypto/x509v3/v3_crld.c |
819 const int kDistPointFullName = 0; | 820 const int kDistPointFullName = 0; |
820 const int kDistPointRelativeName = 1; | 821 const int kDistPointRelativeName = 1; |
821 | 822 |
822 std::string rv; | 823 std::string rv; |
823 crypto::ScopedOpenSSL<CRL_DIST_POINTS, CRL_DIST_POINTS_free> dist_points( | 824 crypto::ScopedOpenSSL<CRL_DIST_POINTS, CRL_DIST_POINTS_free>::Type |
824 reinterpret_cast<CRL_DIST_POINTS*>(X509V3_EXT_d2i(ex))); | 825 dist_points(reinterpret_cast<CRL_DIST_POINTS*>(X509V3_EXT_d2i(ex))); |
825 | 826 |
826 if (!dist_points.get()) | 827 if (!dist_points.get()) |
827 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 828 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
828 | 829 |
829 for (int i = 0; i < sk_DIST_POINT_num(dist_points.get()); ++i) { | 830 for (int i = 0; i < sk_DIST_POINT_num(dist_points.get()); ++i) { |
830 DIST_POINT* point = sk_DIST_POINT_value(dist_points.get(), i); | 831 DIST_POINT* point = sk_DIST_POINT_value(dist_points.get(), i); |
831 if (point->distpoint) { | 832 if (point->distpoint) { |
832 switch (point->distpoint->type) { | 833 switch (point->distpoint->type) { |
833 case kDistPointFullName: | 834 case kDistPointFullName: |
834 rv += ProcessGeneralNames(point->distpoint->name.fullname); | 835 rv += ProcessGeneralNames(point->distpoint->name.fullname); |
(...skipping 19 matching lines...) Expand all Loading... |
854 IDS_CERT_ISSUER_FORMAT, | 855 IDS_CERT_ISSUER_FORMAT, |
855 base::UTF8ToUTF16(ProcessGeneralNames(point->CRLissuer))); | 856 base::UTF8ToUTF16(ProcessGeneralNames(point->CRLissuer))); |
856 } | 857 } |
857 } | 858 } |
858 | 859 |
859 return rv; | 860 return rv; |
860 } | 861 } |
861 | 862 |
862 std::string ProcessAuthInfoAccess(X509_EXTENSION* ex) { | 863 std::string ProcessAuthInfoAccess(X509_EXTENSION* ex) { |
863 std::string rv; | 864 std::string rv; |
864 crypto::ScopedOpenSSL<AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_ACCESS_free> aia( | 865 crypto::ScopedOpenSSL<AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_ACCESS_free>::Type |
865 reinterpret_cast<AUTHORITY_INFO_ACCESS*>(X509V3_EXT_d2i(ex))); | 866 aia(reinterpret_cast<AUTHORITY_INFO_ACCESS*>(X509V3_EXT_d2i(ex))); |
866 | 867 |
867 if (!aia.get()) | 868 if (!aia.get()) |
868 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 869 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
869 | 870 |
870 for (int i = 0; i < sk_ACCESS_DESCRIPTION_num(aia.get()); ++i) { | 871 for (int i = 0; i < sk_ACCESS_DESCRIPTION_num(aia.get()); ++i) { |
871 ACCESS_DESCRIPTION* desc = sk_ACCESS_DESCRIPTION_value(aia.get(), i); | 872 ACCESS_DESCRIPTION* desc = sk_ACCESS_DESCRIPTION_value(aia.get(), i); |
872 | 873 |
873 base::string16 location_str = | 874 base::string16 location_str = |
874 base::UTF8ToUTF16(ProcessGeneralName(desc->location)); | 875 base::UTF8ToUTF16(ProcessGeneralName(desc->location)); |
875 switch (OBJ_obj2nid(desc->method)) { | 876 switch (OBJ_obj2nid(desc->method)) { |
(...skipping 11 matching lines...) Expand all Loading... |
887 base::UTF8ToUTF16(Asn1ObjectToString(desc->method)), | 888 base::UTF8ToUTF16(Asn1ObjectToString(desc->method)), |
888 location_str); | 889 location_str); |
889 break; | 890 break; |
890 } | 891 } |
891 } | 892 } |
892 return rv; | 893 return rv; |
893 } | 894 } |
894 | 895 |
895 std::string ProcessIA5StringData(ASN1_OCTET_STRING* asn1_string) { | 896 std::string ProcessIA5StringData(ASN1_OCTET_STRING* asn1_string) { |
896 const unsigned char* data = ASN1_STRING_data(asn1_string); | 897 const unsigned char* data = ASN1_STRING_data(asn1_string); |
897 crypto::ScopedOpenSSL<ASN1_IA5STRING, ASN1_IA5STRING_free> ia5_string( | 898 crypto::ScopedOpenSSL<ASN1_IA5STRING, ASN1_IA5STRING_free>::Type ia5_string( |
898 d2i_ASN1_IA5STRING(NULL, &data, ASN1_STRING_length(asn1_string))); | 899 d2i_ASN1_IA5STRING(NULL, &data, ASN1_STRING_length(asn1_string))); |
899 | 900 |
900 if (!ia5_string.get()) | 901 if (!ia5_string.get()) |
901 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 902 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
902 | 903 |
903 return std::string( | 904 return std::string( |
904 reinterpret_cast<char*>(ASN1_STRING_data(ia5_string.get())), | 905 reinterpret_cast<char*>(ASN1_STRING_data(ia5_string.get())), |
905 ASN1_STRING_length(ia5_string.get())); | 906 ASN1_STRING_length(ia5_string.get())); |
906 } | 907 } |
907 | 908 |
908 std::string ProcessBMPStringData(ASN1_OCTET_STRING* asn1_string) { | 909 std::string ProcessBMPStringData(ASN1_OCTET_STRING* asn1_string) { |
909 const unsigned char* data = ASN1_STRING_data(asn1_string); | 910 const unsigned char* data = ASN1_STRING_data(asn1_string); |
910 crypto::ScopedOpenSSL<ASN1_BMPSTRING, ASN1_BMPSTRING_free> bmp_string( | 911 crypto::ScopedOpenSSL<ASN1_BMPSTRING, ASN1_BMPSTRING_free>::Type bmp_string( |
911 d2i_ASN1_BMPSTRING(NULL, &data, ASN1_STRING_length(asn1_string))); | 912 d2i_ASN1_BMPSTRING(NULL, &data, ASN1_STRING_length(asn1_string))); |
912 | 913 |
913 if (!bmp_string.get()) | 914 if (!bmp_string.get()) |
914 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); | 915 return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR); |
915 | 916 |
916 return Asn1StringToUTF8(bmp_string.get()); | 917 return Asn1StringToUTF8(bmp_string.get()); |
917 } | 918 } |
918 | 919 |
919 std::string X509ExtensionValueToString(X509_EXTENSION* ex) { | 920 std::string X509ExtensionValueToString(X509_EXTENSION* ex) { |
920 g_dynamic_oid_registerer.Get(); | 921 g_dynamic_oid_registerer.Get(); |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
963 } // namespace | 964 } // namespace |
964 | 965 |
965 using net::X509Certificate; | 966 using net::X509Certificate; |
966 | 967 |
967 std::string GetCertNameOrNickname(X509Certificate::OSCertHandle cert_handle) { | 968 std::string GetCertNameOrNickname(X509Certificate::OSCertHandle cert_handle) { |
968 std::string name = | 969 std::string name = |
969 ProcessIDN(GetSubjectCommonName(cert_handle, std::string())); | 970 ProcessIDN(GetSubjectCommonName(cert_handle, std::string())); |
970 if (!name.empty()) | 971 if (!name.empty()) |
971 return name; | 972 return name; |
972 | 973 |
973 crypto::ScopedOpenSSL<BIO, BIO_free_all> bio(crypto::BIO_new_string(&name)); | 974 crypto::ScopedBIO bio(crypto::BIO_new_string(&name)); |
974 if (!bio.get()) | 975 if (!bio.get()) |
975 return name; | 976 return name; |
976 X509_NAME_print_ex(bio.get(), | 977 X509_NAME_print_ex(bio.get(), |
977 X509_get_subject_name(cert_handle), | 978 X509_get_subject_name(cert_handle), |
978 0 /* indent */, | 979 0 /* indent */, |
979 XN_FLAG_RFC2253 & ~ASN1_STRFLGS_ESC_MSB); | 980 XN_FLAG_RFC2253 & ~ASN1_STRFLGS_ESC_MSB); |
980 return name; | 981 return name; |
981 } | 982 } |
982 | 983 |
983 std::string GetTokenName(X509Certificate::OSCertHandle cert_handle) { | 984 std::string GetTokenName(X509Certificate::OSCertHandle cert_handle) { |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1073 | 1074 |
1074 std::string GetTitle(net::X509Certificate::OSCertHandle cert_handle) { | 1075 std::string GetTitle(net::X509Certificate::OSCertHandle cert_handle) { |
1075 // TODO(mattm): merge GetTitle and GetCertNameOrNickname? | 1076 // TODO(mattm): merge GetTitle and GetCertNameOrNickname? |
1076 // Is there any reason GetCertNameOrNickname calls ProcessIDN and this | 1077 // Is there any reason GetCertNameOrNickname calls ProcessIDN and this |
1077 // doesn't? | 1078 // doesn't? |
1078 std::string title = | 1079 std::string title = |
1079 GetSubjectCommonName(cert_handle, std::string()); | 1080 GetSubjectCommonName(cert_handle, std::string()); |
1080 if (!title.empty()) | 1081 if (!title.empty()) |
1081 return title; | 1082 return title; |
1082 | 1083 |
1083 crypto::ScopedOpenSSL<BIO, BIO_free_all> bio(crypto::BIO_new_string(&title)); | 1084 crypto::ScopedBIO bio(crypto::BIO_new_string(&title)); |
1084 if (!bio.get()) | 1085 if (!bio.get()) |
1085 return title; | 1086 return title; |
1086 X509_NAME_print_ex(bio.get(), | 1087 X509_NAME_print_ex(bio.get(), |
1087 X509_get_subject_name(cert_handle), | 1088 X509_get_subject_name(cert_handle), |
1088 0 /* indent */, | 1089 0 /* indent */, |
1089 XN_FLAG_RFC2253 & ~ASN1_STRFLGS_ESC_MSB); | 1090 XN_FLAG_RFC2253 & ~ASN1_STRFLGS_ESC_MSB); |
1090 return title; | 1091 return title; |
1091 } | 1092 } |
1092 | 1093 |
1093 std::string GetIssuerName(net::X509Certificate::OSCertHandle cert_handle) { | 1094 std::string GetIssuerName(net::X509Certificate::OSCertHandle cert_handle) { |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1143 void DestroyCertChain(net::X509Certificate::OSCertHandles* cert_handles) { | 1144 void DestroyCertChain(net::X509Certificate::OSCertHandles* cert_handles) { |
1144 for (net::X509Certificate::OSCertHandles::iterator i = cert_handles->begin(); | 1145 for (net::X509Certificate::OSCertHandles::iterator i = cert_handles->begin(); |
1145 i != cert_handles->end(); ++i) | 1146 i != cert_handles->end(); ++i) |
1146 X509_free(*i); | 1147 X509_free(*i); |
1147 cert_handles->clear(); | 1148 cert_handles->clear(); |
1148 } | 1149 } |
1149 | 1150 |
1150 std::string GetCMSString(const net::X509Certificate::OSCertHandles& cert_chain, | 1151 std::string GetCMSString(const net::X509Certificate::OSCertHandles& cert_chain, |
1151 size_t start, size_t end) { | 1152 size_t start, size_t end) { |
1152 std::string rv; | 1153 std::string rv; |
1153 crypto::ScopedOpenSSL<PKCS7, PKCS7_free> p7(PKCS7_new()); | 1154 crypto::ScopedOpenSSL<PKCS7, PKCS7_free>::Type p7(PKCS7_new()); |
1154 if (!p7.get()) | 1155 if (!p7.get()) |
1155 return rv; | 1156 return rv; |
1156 if (!PKCS7_set_type(p7.get(), NID_pkcs7_signed)) | 1157 if (!PKCS7_set_type(p7.get(), NID_pkcs7_signed)) |
1157 return rv; | 1158 return rv; |
1158 | 1159 |
1159 for (size_t i = start; i < end; ++i) { | 1160 for (size_t i = start; i < end; ++i) { |
1160 if (!PKCS7_add_certificate(p7.get(), cert_chain[i])) | 1161 if (!PKCS7_add_certificate(p7.get(), cert_chain[i])) |
1161 return rv; | 1162 return rv; |
1162 } | 1163 } |
1163 | 1164 |
1164 crypto::ScopedOpenSSL<BIO, BIO_free_all> bio(crypto::BIO_new_string(&rv)); | 1165 crypto::ScopedOpenSSL<BIO, BIO_free_all>::Type bio( |
| 1166 crypto::BIO_new_string(&rv)); |
1165 if (!bio.get()) | 1167 if (!bio.get()) |
1166 return rv; | 1168 return rv; |
1167 | 1169 |
1168 if (!i2d_PKCS7_bio(bio.get(), p7.get())) { | 1170 if (!i2d_PKCS7_bio(bio.get(), p7.get())) { |
1169 rv.clear(); | 1171 rv.clear(); |
1170 return rv; | 1172 return rv; |
1171 } | 1173 } |
1172 | 1174 |
1173 return rv; | 1175 return rv; |
1174 } | 1176 } |
(...skipping 10 matching lines...) Expand all Loading... |
1185 } | 1187 } |
1186 | 1188 |
1187 std::string ProcessSecAlgorithmSignatureWrap( | 1189 std::string ProcessSecAlgorithmSignatureWrap( |
1188 net::X509Certificate::OSCertHandle cert_handle) { | 1190 net::X509Certificate::OSCertHandle cert_handle) { |
1189 return Asn1ObjectToString(cert_handle->sig_alg->algorithm); | 1191 return Asn1ObjectToString(cert_handle->sig_alg->algorithm); |
1190 } | 1192 } |
1191 | 1193 |
1192 std::string ProcessSubjectPublicKeyInfo( | 1194 std::string ProcessSubjectPublicKeyInfo( |
1193 net::X509Certificate::OSCertHandle cert_handle) { | 1195 net::X509Certificate::OSCertHandle cert_handle) { |
1194 std::string rv; | 1196 std::string rv; |
1195 crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> public_key( | 1197 crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free>::Type public_key( |
1196 X509_get_pubkey(cert_handle)); | 1198 X509_get_pubkey(cert_handle)); |
1197 if (!public_key.get()) | 1199 if (!public_key.get()) |
1198 return rv; | 1200 return rv; |
1199 switch (EVP_PKEY_type(public_key.get()->type)) { | 1201 switch (EVP_PKEY_type(public_key.get()->type)) { |
1200 case EVP_PKEY_RSA: { | 1202 case EVP_PKEY_RSA: { |
1201 crypto::ScopedOpenSSL<RSA, RSA_free> rsa_key( | 1203 crypto::ScopedOpenSSL<RSA, RSA_free>::Type rsa_key( |
1202 EVP_PKEY_get1_RSA(public_key.get())); | 1204 EVP_PKEY_get1_RSA(public_key.get())); |
1203 if (!rsa_key.get()) | 1205 if (!rsa_key.get()) |
1204 return rv; | 1206 return rv; |
1205 rv = l10n_util::GetStringFUTF8( | 1207 rv = l10n_util::GetStringFUTF8( |
1206 IDS_CERT_RSA_PUBLIC_KEY_DUMP_FORMAT, | 1208 IDS_CERT_RSA_PUBLIC_KEY_DUMP_FORMAT, |
1207 base::UintToString16(BN_num_bits(rsa_key.get()->n)), | 1209 base::UintToString16(BN_num_bits(rsa_key.get()->n)), |
1208 base::UTF8ToUTF16(ProcessRawBignum(rsa_key.get()->n)), | 1210 base::UTF8ToUTF16(ProcessRawBignum(rsa_key.get()->n)), |
1209 base::UintToString16(BN_num_bits(rsa_key.get()->e)), | 1211 base::UintToString16(BN_num_bits(rsa_key.get()->e)), |
1210 base::UTF8ToUTF16(ProcessRawBignum(rsa_key.get()->e))); | 1212 base::UTF8ToUTF16(ProcessRawBignum(rsa_key.get()->e))); |
1211 return rv; | 1213 return rv; |
1212 } | 1214 } |
1213 default: | 1215 default: |
1214 rv = ProcessRawAsn1String(X509_get_X509_PUBKEY(cert_handle)->public_key); | 1216 rv = ProcessRawAsn1String(X509_get_X509_PUBKEY(cert_handle)->public_key); |
1215 return rv; | 1217 return rv; |
1216 } | 1218 } |
1217 } | 1219 } |
1218 | 1220 |
1219 std::string ProcessRawBitsSignatureWrap( | 1221 std::string ProcessRawBitsSignatureWrap( |
1220 net::X509Certificate::OSCertHandle cert_handle) { | 1222 net::X509Certificate::OSCertHandle cert_handle) { |
1221 // TODO(bulach): implement me. | 1223 // TODO(bulach): implement me. |
1222 return ""; | 1224 return ""; |
1223 } | 1225 } |
1224 | 1226 |
1225 } // namespace x509_certificate_model | 1227 } // namespace x509_certificate_model |
OLD | NEW |