| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
| 8 #include <CoreServices/CoreServices.h> | 8 #include <CoreServices/CoreServices.h> |
| 9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
| 10 #include <time.h> | 10 #include <time.h> |
| (...skipping 616 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 627 if (n < 1) | 627 if (n < 1) |
| 628 return false; | 628 return false; |
| 629 SecCertificateRef root_ref = reinterpret_cast<SecCertificateRef>( | 629 SecCertificateRef root_ref = reinterpret_cast<SecCertificateRef>( |
| 630 const_cast<void*>(CFArrayGetValueAtIndex(chain, n - 1))); | 630 const_cast<void*>(CFArrayGetValueAtIndex(chain, n - 1))); |
| 631 SHA1Fingerprint hash = X509Certificate::CalculateFingerprint(root_ref); | 631 SHA1Fingerprint hash = X509Certificate::CalculateFingerprint(root_ref); |
| 632 return IsSHA1HashInSortedArray( | 632 return IsSHA1HashInSortedArray( |
| 633 hash, &kKnownRootCertSHA1Hashes[0][0], sizeof(kKnownRootCertSHA1Hashes)); | 633 hash, &kKnownRootCertSHA1Hashes[0][0], sizeof(kKnownRootCertSHA1Hashes)); |
| 634 } | 634 } |
| 635 | 635 |
| 636 // static | 636 // static |
| 637 X509Certificate* X509Certificate::CreateFromPickle(const Pickle& pickle, | |
| 638 void** pickle_iter) { | |
| 639 const char* data; | |
| 640 int length; | |
| 641 if (!pickle.ReadData(pickle_iter, &data, &length)) | |
| 642 return NULL; | |
| 643 | |
| 644 return CreateFromBytes(data, length); | |
| 645 } | |
| 646 | |
| 647 // static | |
| 648 X509Certificate* X509Certificate::CreateSelfSigned( | 637 X509Certificate* X509Certificate::CreateSelfSigned( |
| 649 crypto::RSAPrivateKey* key, | 638 crypto::RSAPrivateKey* key, |
| 650 const std::string& subject, | 639 const std::string& subject, |
| 651 uint32 serial_number, | 640 uint32 serial_number, |
| 652 base::TimeDelta valid_duration) { | 641 base::TimeDelta valid_duration) { |
| 653 DCHECK(key); | 642 DCHECK(key); |
| 654 DCHECK(!subject.empty()); | 643 DCHECK(!subject.empty()); |
| 655 | 644 |
| 656 if (valid_duration.InSeconds() > UINT32_MAX) { | 645 if (valid_duration.InSeconds() > UINT32_MAX) { |
| 657 LOG(ERROR) << "valid_duration too big" << valid_duration.InSeconds(); | 646 LOG(ERROR) << "valid_duration too big" << valid_duration.InSeconds(); |
| (...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 777 DLOG(ERROR) << "SecCertificateCreateFromData failed: " << os_status; | 766 DLOG(ERROR) << "SecCertificateCreateFromData failed: " << os_status; |
| 778 return NULL; | 767 return NULL; |
| 779 } | 768 } |
| 780 scoped_cert.reset(certificate_ref); | 769 scoped_cert.reset(certificate_ref); |
| 781 | 770 |
| 782 return CreateFromHandle( | 771 return CreateFromHandle( |
| 783 scoped_cert, X509Certificate::SOURCE_LONE_CERT_IMPORT, | 772 scoped_cert, X509Certificate::SOURCE_LONE_CERT_IMPORT, |
| 784 X509Certificate::OSCertHandles()); | 773 X509Certificate::OSCertHandles()); |
| 785 } | 774 } |
| 786 | 775 |
| 787 void X509Certificate::Persist(Pickle* pickle) { | |
| 788 CSSM_DATA cert_data; | |
| 789 OSStatus status = SecCertificateGetData(cert_handle_, &cert_data); | |
| 790 if (status) { | |
| 791 NOTREACHED(); | |
| 792 return; | |
| 793 } | |
| 794 | |
| 795 pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), cert_data.Length); | |
| 796 } | |
| 797 | |
| 798 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { | 776 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { |
| 799 dns_names->clear(); | 777 dns_names->clear(); |
| 800 | 778 |
| 801 GetCertGeneralNamesForOID(cert_handle_, CSSMOID_SubjectAltName, GNT_DNSName, | 779 GetCertGeneralNamesForOID(cert_handle_, CSSMOID_SubjectAltName, GNT_DNSName, |
| 802 dns_names); | 780 dns_names); |
| 803 | 781 |
| 804 if (dns_names->empty()) | 782 if (dns_names->empty()) |
| 805 dns_names->push_back(subject_.common_name); | 783 dns_names->push_back(subject_.common_name); |
| 806 } | 784 } |
| 807 | 785 |
| (...skipping 525 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1333 if (chain_count > 1) { | 1311 if (chain_count > 1) { |
| 1334 CFArrayAppendArray(chain, | 1312 CFArrayAppendArray(chain, |
| 1335 cert_chain, | 1313 cert_chain, |
| 1336 CFRangeMake(1, chain_count - 1)); | 1314 CFRangeMake(1, chain_count - 1)); |
| 1337 } | 1315 } |
| 1338 } | 1316 } |
| 1339 | 1317 |
| 1340 return chain.release(); | 1318 return chain.release(); |
| 1341 } | 1319 } |
| 1342 | 1320 |
| 1321 // static |
| 1322 X509Certificate::OSCertHandle |
| 1323 X509Certificate::ReadCertHandleFromPickle(const Pickle& pickle, |
| 1324 void** pickle_iter) { |
| 1325 const char* data; |
| 1326 int length; |
| 1327 if (!pickle.ReadData(pickle_iter, &data, &length)) |
| 1328 return NULL; |
| 1329 |
| 1330 return CreateOSCertHandleFromBytes(data, length); |
| 1331 } |
| 1332 |
| 1333 // static |
| 1334 bool X509Certificate::WriteCertHandleToPickle(OSCertHandle cert_handle, |
| 1335 Pickle* pickle) { |
| 1336 CSSM_DATA cert_data; |
| 1337 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); |
| 1338 if (status) |
| 1339 return false; |
| 1340 |
| 1341 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), |
| 1342 cert_data.Length); |
| 1343 } |
| 1344 |
| 1343 } // namespace net | 1345 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 4645001:
Change the HTTP cache to cache the entire certificate chain for SSL sites (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/net/base