Chromium Code Reviews Chromium Code Reviews
Issue 634033002:
Check whether or not a certificate is self-signed. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/cert/x509_certificate_openssl.cc |
| diff --git a/net/cert/x509_certificate_openssl.cc b/net/cert/x509_certificate_openssl.cc |
| index 91501f84ecd8cb2d91354cdf47f38c2c54101b71..6ca32cca8a65cd39b05cb453008c380f210b3ad4 100644 |
| --- a/net/cert/x509_certificate_openssl.cc |
| +++ b/net/cert/x509_certificate_openssl.cc |
| @@ -14,6 +14,7 @@ |
| #include <openssl/x509v3.h> |
| #include "base/memory/singleton.h" |
| +#include "base/numerics/safe_conversions.h" |
| #include "base/pickle.h" |
| #include "base/sha1.h" |
| #include "base/strings/string_number_conversions.h" |
| @@ -36,6 +37,7 @@ namespace { |
| typedef crypto::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free>::Type |
| ScopedGENERAL_NAMES; |
| +typedef crypto::ScopedOpenSSL<X509, X509_free>::Type ScopedX509; |
| void CreateOSCertHandlesFromPKCS7Bytes( |
| const char* data, int length, |
| @@ -449,4 +451,24 @@ bool X509Certificate::IsIssuedByEncoded( |
| return false; |
| } |
| +// static |
| +bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) { |
| + std::string der_cert; |
| + if (!GetDEREncoded(cert_handle, &der_cert)) |
| + return false; |
| + |
| + const unsigned char* cert_data = |
| + reinterpret_cast<const unsigned char*>(der_cert.data()); |
| + int cert_data_len = base::checked_cast<int>(der_cert.size()); |
| + ScopedX509 cert(d2i_X509(NULL, &cert_data, cert_data_len)); |
|
Ryan Sleevi
2014/10/24 22:56:24
Why do you do this round-trip? |cert_handle| is an
palmer
2014/10/24 23:32:46
Done.
|
| + crypto::ScopedEVP_PKEY scoped_key(X509_get_pubkey(cert_handle)); |
| + if (!scoped_key) |
| + return false; |
| + DCHECK(scoped_key.get()); |
|
Ryan Sleevi
2014/10/24 22:56:24
Unnecessary - you just handled it on 465/466, so d
palmer
2014/10/24 23:32:46
Done.
|
| + EVP_PKEY* key = scoped_key.get(); |
|
Ryan Sleevi
2014/10/24 22:56:24
Unnecessary temporary? Just use scoped_key.get() o
palmer
2014/10/24 23:32:46
Done.
|
| + |
| + // NOTE: X509_verify() returns 1 in case of success, 0 or -1 on error. |
| + return X509_verify(cert.get(), key) == 1; |
| +} |
| + |
| } // namespace net |
