OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/cert_test_util.h" | 5 #include "net/base/cert_test_util.h" |
6 | 6 |
7 #include "build/build_config.h" | 7 #include "base/file_path.h" |
8 | |
9 #if defined(USE_OPENSSL) | |
10 #include <openssl/err.h> | |
11 #include <openssl/ssl.h> | |
12 #include <openssl/x509v3.h> | |
13 #include "base/openssl_util.h" | |
14 #elif defined(USE_NSS) | |
15 #include <cert.h> | |
16 #include "base/nss_util.h" | |
17 #elif defined(OS_MACOSX) | |
18 #include <Security/Security.h> | |
19 #include "base/mac/scoped_cftyperef.h" | |
20 #endif | |
21 | |
22 #include "base/file_util.h" | 8 #include "base/file_util.h" |
23 #include "base/logging.h" | |
24 #include "base/path_service.h" | 9 #include "base/path_service.h" |
25 #include "net/base/x509_certificate.h" | 10 #include "net/base/x509_certificate.h" |
26 | 11 |
27 namespace net { | 12 namespace net { |
28 | 13 |
29 #if defined(USE_OPENSSL) | 14 FilePath GetTestCertsDirectory() { |
30 X509Certificate* AddTemporaryRootCertToStore(X509* x509_cert) { | 15 FilePath certs_dir; |
31 if (!X509_STORE_add_cert(X509Certificate::cert_store(), x509_cert)) { | 16 PathService::Get(base::DIR_SOURCE_ROOT, &certs_dir); |
32 unsigned long error_code = ERR_get_error(); | 17 certs_dir = certs_dir.AppendASCII("net"); |
33 if (ERR_GET_LIB(error_code) != ERR_LIB_X509 || | 18 certs_dir = certs_dir.AppendASCII("data"); |
34 ERR_GET_REASON(error_code) != X509_R_CERT_ALREADY_IN_HASH_TABLE) { | 19 certs_dir = certs_dir.AppendASCII("ssl"); |
35 base::ClearOpenSSLERRStack(FROM_HERE); | 20 certs_dir = certs_dir.AppendASCII("certificates"); |
36 return NULL; | 21 return certs_dir; |
37 } | |
38 } | |
39 return X509Certificate::CreateFromHandle( | |
40 x509_cert, X509Certificate::SOURCE_LONE_CERT_IMPORT, | |
41 X509Certificate::OSCertHandles()); | |
42 } | 22 } |
43 | 23 |
44 X509Certificate* LoadTemporaryRootCert(const FilePath& filename) { | 24 scoped_refptr<X509Certificate> ImportCertFromFile( |
45 base::EnsureOpenSSLInit(); | 25 const FilePath& certs_dir, |
46 | 26 const std::string& cert_file) { |
47 std::string rawcert; | 27 FilePath cert_path = certs_dir.AppendASCII(cert_file); |
48 if (!file_util::ReadFileToString(filename, &rawcert)) { | 28 std::string cert_data; |
49 LOG(ERROR) << "Can't load certificate " << filename.value(); | 29 if (!file_util::ReadFileToString(cert_path, &cert_data)) |
50 return NULL; | |
51 } | |
52 | |
53 base::ScopedOpenSSL<BIO, BIO_free_all> cert_bio( | |
54 BIO_new_mem_buf(const_cast<char*>(rawcert.c_str()), | |
55 rawcert.length())); | |
56 if (!cert_bio.get()) { | |
57 LOG(ERROR) << "Can't create read-only BIO " << filename.value(); | |
58 return NULL; | |
59 } | |
60 | |
61 base::ScopedOpenSSL<X509, X509_free> pem_cert(PEM_read_bio_X509( | |
62 cert_bio.get(), NULL, NULL, NULL)); | |
63 if (pem_cert.get()) | |
64 return AddTemporaryRootCertToStore(pem_cert.get()); | |
65 | |
66 // File does not contain PEM data, let's try DER. | |
67 const unsigned char* der_data = | |
68 reinterpret_cast<const unsigned char*>(rawcert.c_str()); | |
69 int der_length = rawcert.length(); | |
70 base::ScopedOpenSSL<X509, X509_free> der_cert(d2i_X509( | |
71 NULL, &der_data, der_length)); | |
72 if (der_cert.get()) | |
73 return AddTemporaryRootCertToStore(der_cert.get()); | |
74 | |
75 LOG(ERROR) << "Can't parse certificate " << filename.value(); | |
76 return NULL; | |
77 } | |
78 #elif defined(USE_NSS) | |
79 X509Certificate* LoadTemporaryRootCert(const FilePath& filename) { | |
80 base::EnsureNSSInit(); | |
81 | |
82 std::string rawcert; | |
83 if (!file_util::ReadFileToString(filename, &rawcert)) { | |
84 LOG(ERROR) << "Can't load certificate " << filename.value(); | |
85 return NULL; | |
86 } | |
87 | |
88 CERTCertificate *cert; | |
89 cert = CERT_DecodeCertFromPackage(const_cast<char *>(rawcert.c_str()), | |
90 rawcert.length()); | |
91 if (!cert) { | |
92 LOG(ERROR) << "Can't convert certificate " << filename.value(); | |
93 return NULL; | |
94 } | |
95 | |
96 // TODO(port): remove this const_cast after NSS 3.12.3 is released | |
97 CERTCertTrust trust; | |
98 int rv = CERT_DecodeTrustString(&trust, const_cast<char *>("TCu,Cu,Tu")); | |
99 if (rv != SECSuccess) { | |
100 LOG(ERROR) << "Can't decode trust string"; | |
101 CERT_DestroyCertificate(cert); | |
102 return NULL; | |
103 } | |
104 | |
105 rv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, &trust); | |
106 if (rv != SECSuccess) { | |
107 LOG(ERROR) << "Can't change trust for certificate " << filename.value(); | |
108 CERT_DestroyCertificate(cert); | |
109 return NULL; | |
110 } | |
111 | |
112 X509Certificate* result = X509Certificate::CreateFromHandle( | |
113 cert, | |
114 X509Certificate::SOURCE_LONE_CERT_IMPORT, | |
115 X509Certificate::OSCertHandles()); | |
116 CERT_DestroyCertificate(cert); | |
117 return result; | |
118 } | |
119 #endif | |
120 | |
121 #if defined(OS_MACOSX) | |
122 X509Certificate* LoadTemporaryRootCert(const FilePath& filename) { | |
123 std::string rawcert; | |
124 if (!file_util::ReadFileToString(filename, &rawcert)) { | |
125 LOG(ERROR) << "Can't load certificate " << filename.value(); | |
126 return NULL; | |
127 } | |
128 | |
129 CFDataRef pem = CFDataCreate(kCFAllocatorDefault, | |
130 reinterpret_cast<const UInt8*>(rawcert.data()), | |
131 static_cast<CFIndex>(rawcert.size())); | |
132 if (!pem) | |
133 return NULL; | |
134 base::mac::ScopedCFTypeRef<CFDataRef> scoped_pem(pem); | |
135 | |
136 SecExternalFormat input_format = kSecFormatUnknown; | |
137 SecExternalItemType item_type = kSecItemTypeUnknown; | |
138 CFArrayRef cert_array = NULL; | |
139 if (SecKeychainItemImport(pem, NULL, &input_format, &item_type, 0, NULL, NULL, | |
140 &cert_array)) | |
141 return NULL; | |
142 base::mac::ScopedCFTypeRef<CFArrayRef> scoped_cert_array(cert_array); | |
143 | |
144 if (!CFArrayGetCount(cert_array)) | |
145 return NULL; | 30 return NULL; |
146 | 31 |
147 SecCertificateRef cert_ref = static_cast<SecCertificateRef>( | 32 CertificateList certs_in_file = |
148 const_cast<void*>(CFArrayGetValueAtIndex(cert_array, 0))); | 33 X509Certificate::CreateCertificateListFromBytes( |
149 | 34 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); |
150 return X509Certificate::CreateFromHandle(cert_ref, | 35 if (certs_in_file.empty()) |
151 X509Certificate::SOURCE_LONE_CERT_IMPORT, | 36 return NULL; |
152 X509Certificate::OSCertHandles()); | 37 return certs_in_file[0]; |
153 } | 38 } |
154 #endif | |
155 | 39 |
156 } // namespace net | 40 } // namespace net |
OLD | NEW |