OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
8 #include <CoreServices/CoreServices.h> | 8 #include <CoreServices/CoreServices.h> |
9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
10 #include <time.h> | 10 #include <time.h> |
(...skipping 616 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
627 if (n < 1) | 627 if (n < 1) |
628 return false; | 628 return false; |
629 SecCertificateRef root_ref = reinterpret_cast<SecCertificateRef>( | 629 SecCertificateRef root_ref = reinterpret_cast<SecCertificateRef>( |
630 const_cast<void*>(CFArrayGetValueAtIndex(chain, n - 1))); | 630 const_cast<void*>(CFArrayGetValueAtIndex(chain, n - 1))); |
631 SHA1Fingerprint hash = X509Certificate::CalculateFingerprint(root_ref); | 631 SHA1Fingerprint hash = X509Certificate::CalculateFingerprint(root_ref); |
632 return IsSHA1HashInSortedArray( | 632 return IsSHA1HashInSortedArray( |
633 hash, &kKnownRootCertSHA1Hashes[0][0], sizeof(kKnownRootCertSHA1Hashes)); | 633 hash, &kKnownRootCertSHA1Hashes[0][0], sizeof(kKnownRootCertSHA1Hashes)); |
634 } | 634 } |
635 | 635 |
636 // static | 636 // static |
637 X509Certificate* X509Certificate::CreateFromPickle(const Pickle& pickle, | |
638 void** pickle_iter) { | |
639 const char* data; | |
640 int length; | |
641 if (!pickle.ReadData(pickle_iter, &data, &length)) | |
642 return NULL; | |
643 | |
644 return CreateFromBytes(data, length); | |
645 } | |
646 | |
647 // static | |
648 X509Certificate* X509Certificate::CreateSelfSigned( | 637 X509Certificate* X509Certificate::CreateSelfSigned( |
649 crypto::RSAPrivateKey* key, | 638 crypto::RSAPrivateKey* key, |
650 const std::string& subject, | 639 const std::string& subject, |
651 uint32 serial_number, | 640 uint32 serial_number, |
652 base::TimeDelta valid_duration) { | 641 base::TimeDelta valid_duration) { |
653 DCHECK(key); | 642 DCHECK(key); |
654 DCHECK(!subject.empty()); | 643 DCHECK(!subject.empty()); |
655 | 644 |
656 if (valid_duration.InSeconds() > UINT32_MAX) { | 645 if (valid_duration.InSeconds() > UINT32_MAX) { |
657 LOG(ERROR) << "valid_duration too big" << valid_duration.InSeconds(); | 646 LOG(ERROR) << "valid_duration too big" << valid_duration.InSeconds(); |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
777 DLOG(ERROR) << "SecCertificateCreateFromData failed: " << os_status; | 766 DLOG(ERROR) << "SecCertificateCreateFromData failed: " << os_status; |
778 return NULL; | 767 return NULL; |
779 } | 768 } |
780 scoped_cert.reset(certificate_ref); | 769 scoped_cert.reset(certificate_ref); |
781 | 770 |
782 return CreateFromHandle( | 771 return CreateFromHandle( |
783 scoped_cert, X509Certificate::SOURCE_LONE_CERT_IMPORT, | 772 scoped_cert, X509Certificate::SOURCE_LONE_CERT_IMPORT, |
784 X509Certificate::OSCertHandles()); | 773 X509Certificate::OSCertHandles()); |
785 } | 774 } |
786 | 775 |
787 void X509Certificate::Persist(Pickle* pickle) { | |
788 CSSM_DATA cert_data; | |
789 OSStatus status = SecCertificateGetData(cert_handle_, &cert_data); | |
790 if (status) { | |
791 NOTREACHED(); | |
792 return; | |
793 } | |
794 | |
795 pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), cert_data.Length); | |
796 } | |
797 | |
798 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { | 776 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { |
799 dns_names->clear(); | 777 dns_names->clear(); |
800 | 778 |
801 GetCertGeneralNamesForOID(cert_handle_, CSSMOID_SubjectAltName, GNT_DNSName, | 779 GetCertGeneralNamesForOID(cert_handle_, CSSMOID_SubjectAltName, GNT_DNSName, |
802 dns_names); | 780 dns_names); |
803 | 781 |
804 if (dns_names->empty()) | 782 if (dns_names->empty()) |
805 dns_names->push_back(subject_.common_name); | 783 dns_names->push_back(subject_.common_name); |
806 } | 784 } |
807 | 785 |
(...skipping 525 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1333 if (chain_count > 1) { | 1311 if (chain_count > 1) { |
1334 CFArrayAppendArray(chain, | 1312 CFArrayAppendArray(chain, |
1335 cert_chain, | 1313 cert_chain, |
1336 CFRangeMake(1, chain_count - 1)); | 1314 CFRangeMake(1, chain_count - 1)); |
1337 } | 1315 } |
1338 } | 1316 } |
1339 | 1317 |
1340 return chain.release(); | 1318 return chain.release(); |
1341 } | 1319 } |
1342 | 1320 |
| 1321 // static |
| 1322 X509Certificate::OSCertHandle |
| 1323 X509Certificate::ReadCertHandleFromPickle(const Pickle& pickle, |
| 1324 void** pickle_iter) { |
| 1325 const char* data; |
| 1326 int length; |
| 1327 if (!pickle.ReadData(pickle_iter, &data, &length)) |
| 1328 return NULL; |
| 1329 |
| 1330 return CreateOSCertHandleFromBytes(data, length); |
| 1331 } |
| 1332 |
| 1333 // static |
| 1334 bool X509Certificate::WriteCertHandleToPickle(OSCertHandle cert_handle, |
| 1335 Pickle* pickle) { |
| 1336 CSSM_DATA cert_data; |
| 1337 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); |
| 1338 if (status) |
| 1339 return false; |
| 1340 |
| 1341 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), |
| 1342 cert_data.Length); |
| 1343 } |
| 1344 |
1343 } // namespace net | 1345 } // namespace net |
OLD | NEW |