OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include <openssl/asn1.h> | 7 #include <openssl/asn1.h> |
8 #include <openssl/crypto.h> | 8 #include <openssl/crypto.h> |
9 #include <openssl/obj_mac.h> | 9 #include <openssl/obj_mac.h> |
10 #include <openssl/pem.h> | 10 #include <openssl/pem.h> |
(...skipping 444 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
455 << " : " << x509_error | 455 << " : " << x509_error |
456 << " : " << X509_STORE_CTX_get_error_depth(ctx.get()) | 456 << " : " << X509_STORE_CTX_get_error_depth(ctx.get()) |
457 << " : " << cert_status; | 457 << " : " << cert_status; |
458 verify_result->cert_status |= cert_status; | 458 verify_result->cert_status |= cert_status; |
459 } | 459 } |
460 | 460 |
461 if (IsCertStatusError(verify_result->cert_status)) | 461 if (IsCertStatusError(verify_result->cert_status)) |
462 return MapCertStatusToNetError(verify_result->cert_status); | 462 return MapCertStatusToNetError(verify_result->cert_status); |
463 | 463 |
464 STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(ctx.get()); | 464 STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(ctx.get()); |
| 465 X509* verified_cert = NULL; |
| 466 std::vector<X509*> verified_chain; |
465 for (int i = 0; i < sk_X509_num(chain); ++i) { | 467 for (int i = 0; i < sk_X509_num(chain); ++i) { |
466 X509* cert = sk_X509_value(chain, i); | 468 X509* cert = sk_X509_value(chain, i); |
| 469 if (i == 0) { |
| 470 verified_cert = cert; |
| 471 } else { |
| 472 verified_chain.push_back(verified_cert); |
| 473 } |
| 474 |
467 DERCache der_cache; | 475 DERCache der_cache; |
468 if (!GetDERAndCacheIfNeeded(cert, &der_cache)) | 476 if (!GetDERAndCacheIfNeeded(cert, &der_cache)) |
469 continue; | 477 continue; |
470 | 478 |
471 base::StringPiece der_bytes(reinterpret_cast<const char*>(der_cache.data), | 479 base::StringPiece der_bytes(reinterpret_cast<const char*>(der_cache.data), |
472 der_cache.data_length); | 480 der_cache.data_length); |
473 base::StringPiece spki_bytes; | 481 base::StringPiece spki_bytes; |
474 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) | 482 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) |
475 continue; | 483 continue; |
476 | 484 |
477 SHA1Fingerprint hash; | 485 SHA1Fingerprint hash; |
478 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()), | 486 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()), |
479 spki_bytes.size(), hash.data); | 487 spki_bytes.size(), hash.data); |
480 verify_result->public_key_hashes.push_back(hash); | 488 verify_result->public_key_hashes.push_back(hash); |
481 } | 489 } |
482 | 490 |
| 491 if (verified_cert) { |
| 492 verify_result->verified_cert = CreateFromHandle(verified_cert, |
| 493 verified_chain); |
| 494 } |
| 495 |
483 // Currently we only ues OpenSSL's default root CA paths, so treat all | 496 // Currently we only ues OpenSSL's default root CA paths, so treat all |
484 // correctly verified certs as being from a known root. TODO(joth): if the | 497 // correctly verified certs as being from a known root. TODO(joth): if the |
485 // motivations described in http://src.chromium.org/viewvc/chrome?view=rev&rev
ision=80778 | 498 // motivations described in http://src.chromium.org/viewvc/chrome?view=rev&rev
ision=80778 |
486 // become an issue on OpenSSL builds, we will need to embed a hardcoded list | 499 // become an issue on OpenSSL builds, we will need to embed a hardcoded list |
487 // of well known root CAs, as per the _mac and _win versions. | 500 // of well known root CAs, as per the _mac and _win versions. |
488 verify_result->is_issued_by_known_root = true; | 501 verify_result->is_issued_by_known_root = true; |
489 | 502 |
490 return OK; | 503 return OK; |
491 } | 504 } |
492 | 505 |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
535 DERCache der_cache; | 548 DERCache der_cache; |
536 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache)) | 549 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache)) |
537 return false; | 550 return false; |
538 | 551 |
539 return pickle->WriteData( | 552 return pickle->WriteData( |
540 reinterpret_cast<const char*>(der_cache.data), | 553 reinterpret_cast<const char*>(der_cache.data), |
541 der_cache.data_length); | 554 der_cache.data_length); |
542 } | 555 } |
543 | 556 |
544 } // namespace net | 557 } // namespace net |
OLD | NEW |