| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_test_util.h" | 5 #include "net/base/cert_test_util.h" |
| 6 | 6 |
| 7 #include "build/build_config.h" | 7 #include "base/file_path.h" |
| 8 | |
| 9 #if defined(USE_OPENSSL) | |
| 10 #include <openssl/err.h> | |
| 11 #include <openssl/ssl.h> | |
| 12 #include <openssl/x509v3.h> | |
| 13 #include "base/openssl_util.h" | |
| 14 #elif defined(USE_NSS) | |
| 15 #include <cert.h> | |
| 16 #include "base/nss_util.h" | |
| 17 #elif defined(OS_MACOSX) | |
| 18 #include <Security/Security.h> | |
| 19 #include "base/mac/scoped_cftyperef.h" | |
| 20 #endif | |
| 21 | |
| 22 #include "base/file_util.h" | 8 #include "base/file_util.h" |
| 23 #include "base/logging.h" | |
| 24 #include "base/path_service.h" | 9 #include "base/path_service.h" |
| 25 #include "net/base/x509_certificate.h" | 10 #include "net/base/x509_certificate.h" |
| 26 | 11 |
| 27 namespace net { | 12 namespace net { |
| 28 | 13 |
| 29 #if defined(USE_OPENSSL) | 14 FilePath GetTestCertsDirectory() { |
| 30 X509Certificate* AddTemporaryRootCertToStore(X509* x509_cert) { | 15 FilePath certs_dir; |
| 31 if (!X509_STORE_add_cert(X509Certificate::cert_store(), x509_cert)) { | 16 PathService::Get(base::DIR_SOURCE_ROOT, &certs_dir); |
| 32 unsigned long error_code = ERR_get_error(); | 17 certs_dir = certs_dir.AppendASCII("net"); |
| 33 if (ERR_GET_LIB(error_code) != ERR_LIB_X509 || | 18 certs_dir = certs_dir.AppendASCII("data"); |
| 34 ERR_GET_REASON(error_code) != X509_R_CERT_ALREADY_IN_HASH_TABLE) { | 19 certs_dir = certs_dir.AppendASCII("ssl"); |
| 35 base::ClearOpenSSLERRStack(FROM_HERE); | 20 certs_dir = certs_dir.AppendASCII("certificates"); |
| 36 return NULL; | 21 return certs_dir; |
| 37 } | |
| 38 } | |
| 39 return X509Certificate::CreateFromHandle( | |
| 40 x509_cert, X509Certificate::SOURCE_LONE_CERT_IMPORT, | |
| 41 X509Certificate::OSCertHandles()); | |
| 42 } | 22 } |
| 43 | 23 |
| 44 X509Certificate* LoadTemporaryRootCert(const FilePath& filename) { | 24 scoped_refptr<X509Certificate> ImportCertFromFile( |
| 45 base::EnsureOpenSSLInit(); | 25 const FilePath& certs_dir, |
| 46 | 26 const std::string& cert_file) { |
| 47 std::string rawcert; | 27 FilePath cert_path = certs_dir.AppendASCII(cert_file); |
| 48 if (!file_util::ReadFileToString(filename, &rawcert)) { | 28 std::string cert_data; |
| 49 LOG(ERROR) << "Can't load certificate " << filename.value(); | 29 if (!file_util::ReadFileToString(cert_path, &cert_data)) |
| 50 return NULL; | |
| 51 } | |
| 52 | |
| 53 base::ScopedOpenSSL<BIO, BIO_free_all> cert_bio( | |
| 54 BIO_new_mem_buf(const_cast<char*>(rawcert.c_str()), | |
| 55 rawcert.length())); | |
| 56 if (!cert_bio.get()) { | |
| 57 LOG(ERROR) << "Can't create read-only BIO " << filename.value(); | |
| 58 return NULL; | |
| 59 } | |
| 60 | |
| 61 base::ScopedOpenSSL<X509, X509_free> pem_cert(PEM_read_bio_X509( | |
| 62 cert_bio.get(), NULL, NULL, NULL)); | |
| 63 if (pem_cert.get()) | |
| 64 return AddTemporaryRootCertToStore(pem_cert.get()); | |
| 65 | |
| 66 // File does not contain PEM data, let's try DER. | |
| 67 const unsigned char* der_data = | |
| 68 reinterpret_cast<const unsigned char*>(rawcert.c_str()); | |
| 69 int der_length = rawcert.length(); | |
| 70 base::ScopedOpenSSL<X509, X509_free> der_cert(d2i_X509( | |
| 71 NULL, &der_data, der_length)); | |
| 72 if (der_cert.get()) | |
| 73 return AddTemporaryRootCertToStore(der_cert.get()); | |
| 74 | |
| 75 LOG(ERROR) << "Can't parse certificate " << filename.value(); | |
| 76 return NULL; | |
| 77 } | |
| 78 #elif defined(USE_NSS) | |
| 79 X509Certificate* LoadTemporaryRootCert(const FilePath& filename) { | |
| 80 base::EnsureNSSInit(); | |
| 81 | |
| 82 std::string rawcert; | |
| 83 if (!file_util::ReadFileToString(filename, &rawcert)) { | |
| 84 LOG(ERROR) << "Can't load certificate " << filename.value(); | |
| 85 return NULL; | |
| 86 } | |
| 87 | |
| 88 CERTCertificate *cert; | |
| 89 cert = CERT_DecodeCertFromPackage(const_cast<char *>(rawcert.c_str()), | |
| 90 rawcert.length()); | |
| 91 if (!cert) { | |
| 92 LOG(ERROR) << "Can't convert certificate " << filename.value(); | |
| 93 return NULL; | |
| 94 } | |
| 95 | |
| 96 // TODO(port): remove this const_cast after NSS 3.12.3 is released | |
| 97 CERTCertTrust trust; | |
| 98 int rv = CERT_DecodeTrustString(&trust, const_cast<char *>("TCu,Cu,Tu")); | |
| 99 if (rv != SECSuccess) { | |
| 100 LOG(ERROR) << "Can't decode trust string"; | |
| 101 CERT_DestroyCertificate(cert); | |
| 102 return NULL; | |
| 103 } | |
| 104 | |
| 105 rv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, &trust); | |
| 106 if (rv != SECSuccess) { | |
| 107 LOG(ERROR) << "Can't change trust for certificate " << filename.value(); | |
| 108 CERT_DestroyCertificate(cert); | |
| 109 return NULL; | |
| 110 } | |
| 111 | |
| 112 X509Certificate* result = X509Certificate::CreateFromHandle( | |
| 113 cert, | |
| 114 X509Certificate::SOURCE_LONE_CERT_IMPORT, | |
| 115 X509Certificate::OSCertHandles()); | |
| 116 CERT_DestroyCertificate(cert); | |
| 117 return result; | |
| 118 } | |
| 119 #endif | |
| 120 | |
| 121 #if defined(OS_MACOSX) | |
| 122 X509Certificate* LoadTemporaryRootCert(const FilePath& filename) { | |
| 123 std::string rawcert; | |
| 124 if (!file_util::ReadFileToString(filename, &rawcert)) { | |
| 125 LOG(ERROR) << "Can't load certificate " << filename.value(); | |
| 126 return NULL; | |
| 127 } | |
| 128 | |
| 129 CFDataRef pem = CFDataCreate(kCFAllocatorDefault, | |
| 130 reinterpret_cast<const UInt8*>(rawcert.data()), | |
| 131 static_cast<CFIndex>(rawcert.size())); | |
| 132 if (!pem) | |
| 133 return NULL; | |
| 134 base::mac::ScopedCFTypeRef<CFDataRef> scoped_pem(pem); | |
| 135 | |
| 136 SecExternalFormat input_format = kSecFormatUnknown; | |
| 137 SecExternalItemType item_type = kSecItemTypeUnknown; | |
| 138 CFArrayRef cert_array = NULL; | |
| 139 if (SecKeychainItemImport(pem, NULL, &input_format, &item_type, 0, NULL, NULL, | |
| 140 &cert_array)) | |
| 141 return NULL; | |
| 142 base::mac::ScopedCFTypeRef<CFArrayRef> scoped_cert_array(cert_array); | |
| 143 | |
| 144 if (!CFArrayGetCount(cert_array)) | |
| 145 return NULL; | 30 return NULL; |
| 146 | 31 |
| 147 SecCertificateRef cert_ref = static_cast<SecCertificateRef>( | 32 CertificateList certs_in_file = |
| 148 const_cast<void*>(CFArrayGetValueAtIndex(cert_array, 0))); | 33 X509Certificate::CreateCertificateListFromBytes( |
| 149 | 34 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); |
| 150 return X509Certificate::CreateFromHandle(cert_ref, | 35 if (certs_in_file.empty()) |
| 151 X509Certificate::SOURCE_LONE_CERT_IMPORT, | 36 return NULL; |
| 152 X509Certificate::OSCertHandles()); | 37 return certs_in_file[0]; |
| 153 } | 38 } |
| 154 #endif | |
| 155 | 39 |
| 156 } // namespace net | 40 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 4646001:
Implement LoadTemporaryRoot for Windows (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/net/base