net/cert/x509_certificate_openssl.cc - Issue 634033002: Check whether or not a certificate is self-signed.

Side by Side Diff: net/cert/x509_certificate_openssl.cc

Issue 634033002: Check whether or not a certificate is self-signed. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Once again, this is *Manos*... the *Hands*... of *Fate* Created 6 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/x509_certificate.h"	5 #include "net/cert/x509_certificate.h"

6	6

7 #include <openssl/asn1.h>	7 #include <openssl/asn1.h>

8 #include <openssl/bytestring.h>	8 #include <openssl/bytestring.h>

9 #include <openssl/crypto.h>	9 #include <openssl/crypto.h>

10 #include <openssl/obj_mac.h>	10 #include <openssl/obj_mac.h>

11 #include <openssl/pem.h>	11 #include <openssl/pem.h>

12 #include <openssl/sha.h>	12 #include <openssl/sha.h>

13 #include <openssl/ssl.h>	13 #include <openssl/ssl.h>

14 #include <openssl/x509v3.h>	14 #include <openssl/x509v3.h>

15	15

16 #include "base/memory/singleton.h"	16 #include "base/memory/singleton.h"

	17 #include "base/numerics/safe_conversions.h"

17 #include "base/pickle.h"	18 #include "base/pickle.h"

18 #include "base/sha1.h"	19 #include "base/sha1.h"

19 #include "base/strings/string_number_conversions.h"	20 #include "base/strings/string_number_conversions.h"

20 #include "base/strings/string_piece.h"	21 #include "base/strings/string_piece.h"

21 #include "base/strings/string_util.h"	22 #include "base/strings/string_util.h"

22 #include "crypto/openssl_util.h"	23 #include "crypto/openssl_util.h"

23 #include "crypto/scoped_openssl_types.h"	24 #include "crypto/scoped_openssl_types.h"

24 #include "net/base/net_errors.h"	25 #include "net/base/net_errors.h"

25 #include "net/base/net_util.h"	26 #include "net/base/net_util.h"

26 #include "net/cert/x509_util_openssl.h"	27 #include "net/cert/x509_util_openssl.h"

27	28

28 #if defined(OS_ANDROID)	29 #if defined(OS_ANDROID)

29 #include "base/logging.h"	30 #include "base/logging.h"

30 #include "net/android/network_library.h"	31 #include "net/android/network_library.h"

31 #endif	32 #endif

32	33

33 namespace net {	34 namespace net {

34	35

35 namespace {	36 namespace {

36	37

37 typedef crypto::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free>::Type	38 typedef crypto::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free>::Type

38 ScopedGENERAL_NAMES;	39 ScopedGENERAL_NAMES;

	40 typedef crypto::ScopedOpenSSL<X509, X509_free>::Type ScopedX509;

39	41

40 void CreateOSCertHandlesFromPKCS7Bytes(	42 void CreateOSCertHandlesFromPKCS7Bytes(

41 const char* data, int length,	43 const char* data, int length,

42 X509Certificate::OSCertHandles* handles) {	44 X509Certificate::OSCertHandles* handles) {

43 crypto::EnsureOpenSSLInit();	45 crypto::EnsureOpenSSLInit();

44 crypto::OpenSSLErrStackTracer err_cleaner(FROM_HERE);	46 crypto::OpenSSLErrStackTracer err_cleaner(FROM_HERE);

45	47

46 CBS der_data;	48 CBS der_data;

47 CBS_init(&der_data, reinterpret_cast<const uint8_t*>(data), length);	49 CBS_init(&der_data, reinterpret_cast<const uint8_t*>(data), length);

48 STACK_OF(X509)* certs = sk_X509_new_null();	50 STACK_OF(X509)* certs = sk_X509_new_null();

(...skipping 393 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
442 X509_NAME* issuer = sk_X509_NAME_value(issuer_names.get(), m);	444 X509_NAME* issuer = sk_X509_NAME_value(issuer_names.get(), m);

443 if (X509_NAME_cmp(issuer, cert_names[n]) == 0) {	445 if (X509_NAME_cmp(issuer, cert_names[n]) == 0) {

444 return true;	446 return true;

445 }	447 }

446 }	448 }

447 }	449 }

448	450

449 return false;	451 return false;

450 }	452 }

451	453

	454 // static

	455 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {

	456 std::string der_cert;

	457 if (!GetDEREncoded(cert_handle, &der_cert))

	458 return false;

	459

	460 const unsigned char* cert_data =

	461 reinterpret_cast<const unsigned char*>(der_cert.data());

	462 int cert_data_len = base::checked_cast<int>(der_cert.size());

	463 ScopedX509 cert(d2i_X509(NULL, &cert_data, cert_data_len));
	Ryan Sleevi 2014/10/24 22:56:24 Why do you do this round-trip? \|cert_handle\| is an Why do you do this round-trip? \|cert_handle\| is an X509* palmer 2014/10/24 23:32:46 Done. Show quoted text On 2014/10/24 22:56:24, Ryan Sleevi wrote: > Why do you do this round-trip? \|cert_handle\| is an X509* Done.
	464 crypto::ScopedEVP_PKEY scoped_key(X509_get_pubkey(cert_handle));

	465 if (!scoped_key)

	466 return false;

	467 DCHECK(scoped_key.get());
	Ryan Sleevi 2014/10/24 22:56:24 Unnecessary - you just handled it on 465/466, so d Unnecessary - you just handled it on 465/466, so don't DCHECK here palmer 2014/10/24 23:32:46 Done. Show quoted text On 2014/10/24 22:56:24, Ryan Sleevi wrote: > Unnecessary - you just handled it on 465/466, so don't DCHECK here Done.
	468 EVP_PKEY* key = scoped_key.get();
	Ryan Sleevi 2014/10/24 22:56:24 Unnecessary temporary? Just use scoped_key.get() o Unnecessary temporary? Just use scoped_key.get() on 471? palmer 2014/10/24 23:32:46 Done. Show quoted text On 2014/10/24 22:56:24, Ryan Sleevi wrote: > Unnecessary temporary? Just use scoped_key.get() on 471? Done.
	469

	470 // NOTE: X509_verify() returns 1 in case of success, 0 or -1 on error.

	471 return X509_verify(cert.get(), key) == 1;

	472 }

	473

452 } // namespace net	474 } // namespace net

OLD	NEW

« net/cert/x509_certificate_ios.cc ('K') | « net/cert/x509_certificate_nss.cc ('k') | net/cert/x509_certificate_unittest.cc » ('j') | no next file with comments »