Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(170)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/x509_certificate_mac.cc

Issue 634033002: Check whether or not a certificate is self-signed. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: More Windows fixing. Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/x509_certificate_ios.cc ('k') | net/cert/x509_certificate_nss.cc » ('j') | net/cert/x509_certificate_win.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/x509_certificate_mac.cc
diff --git a/net/cert/x509_certificate_mac.cc b/net/cert/x509_certificate_mac.cc
index ecdf137c40c240e8ef3818db6e2e8b3a685bbf6b..e451a2c34ff6754f76eb5dc70f66f77387805a84 100644
--- a/net/cert/x509_certificate_mac.cc
+++ b/net/cert/x509_certificate_mac.cc
@@ -15,6 +15,7 @@
#include "base/mac/mac_logging.h"
#include "base/mac/scoped_cftyperef.h"
#include "base/memory/singleton.h"
+#include "base/numerics/safe_conversions.h"
#include "base/pickle.h"
#include "base/sha1.h"
#include "base/strings/string_piece.h"
@@ -22,7 +23,9 @@
#include "base/synchronization/lock.h"
#include "crypto/cssm_init.h"
#include "crypto/mac_security_services_lock.h"
+#include "crypto/scoped_openssl_types.h"
#include "net/cert/x509_util_mac.h"
+#include "net/cert/x509_util_openssl.h"
using base::ScopedCFTypeRef;
using base::Time;
@@ -531,4 +534,25 @@ void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,
}
}
+// static
+bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {
+ std::string der_cert;
+ if (!GetDEREncoded(cert_handle, &der_cert))
+ return false;
+
+ const unsigned char* cert_data =
+ reinterpret_cast<const unsigned char*>(der_cert.data());
+ int cert_data_len = base::checked_cast<int>(der_cert.size());
+ typedef crypto::ScopedOpenSSL<X509, X509_free>::Type ScopedX509;
+ ScopedX509 cert(d2i_X509(NULL, &cert_data, cert_data_len));
+ crypto::ScopedEVP_PKEY scoped_key(X509_get_pubkey(cert.get()));
+ if (!scoped_key)
+ return false;
+ DCHECK(scoped_key.get());
+ EVP_PKEY* key = scoped_key.get();
+
+ // NOTE: X509_verify() returns 1 in case of success, 0 or -1 on error.
+ return X509_verify(cert.get(), key) == 1;
Ryan Sleevi 2014/10/21 22:27:43 Mixing BoringSSL types like this with a platform-s
palmer 2014/10/21 23:02:13 Done.
+}
+
} // namespace net
« no previous file with comments | « net/cert/x509_certificate_ios.cc ('k') | net/cert/x509_certificate_nss.cc » ('j') | net/cert/x509_certificate_win.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698