| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/common/cast/cast_cert_validator.h" | 5 #include "extensions/common/cast/cast_cert_validator.h" |
| 6 | 6 |
| 7 #include <openssl/digest.h> | 7 #include <openssl/digest.h> |
| 8 #include <openssl/evp.h> | 8 #include <openssl/evp.h> |
| 9 #include <openssl/rsa.h> | 9 #include <openssl/rsa.h> |
| 10 #include <openssl/x509.h> | 10 #include <openssl/x509.h> |
| 11 | 11 |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/strings/string_number_conversions.h" | 13 #include "base/strings/string_number_conversions.h" |
| 14 #include "base/strings/string_util.h" | 14 #include "base/strings/string_util.h" |
| 15 #include "base/strings/stringprintf.h" | 15 #include "base/strings/stringprintf.h" |
| 16 #include "crypto/openssl_util.h" | 16 #include "crypto/openssl_util.h" |
| 17 #include "crypto/scoped_openssl_types.h" | 17 #include "crypto/scoped_openssl_types.h" |
| 18 #include "extensions/browser/api/cast_channel/cast_auth_ica.h" | 18 #include "extensions/browser/api/cast_channel/cast_auth_ica.h" |
| 19 #include "net/cert/x509_certificate.h" | 19 #include "net/cert/x509_certificate.h" |
| 20 #include "net/cert/x509_util_openssl.h" | 20 #include "net/cert/x509_util_openssl.h" |
| 21 #include "net/ssl/scoped_openssl_types.h" |
| 21 | 22 |
| 22 namespace extensions { | 23 namespace extensions { |
| 23 namespace core_api { | 24 namespace core_api { |
| 24 namespace cast_crypto { | 25 namespace cast_crypto { |
| 25 namespace { | 26 namespace { |
| 26 | 27 |
| 27 typedef crypto::ScopedOpenSSL<X509, X509_free>::Type ScopedX509; | |
| 28 | |
| 29 class CertVerificationContextOpenSSL : public CertVerificationContext { | 28 class CertVerificationContextOpenSSL : public CertVerificationContext { |
| 30 public: | 29 public: |
| 31 // Takes ownership of the passed-in x509 object | 30 // Takes ownership of the passed-in x509 object |
| 32 explicit CertVerificationContextOpenSSL(X509* x509) : x509_(x509) {} | 31 explicit CertVerificationContextOpenSSL(X509* x509) : x509_(x509) {} |
| 33 | 32 |
| 34 VerificationResult VerifySignatureOverData( | 33 VerificationResult VerifySignatureOverData( |
| 35 const base::StringPiece& signature, | 34 const base::StringPiece& signature, |
| 36 const base::StringPiece& data) const override { | 35 const base::StringPiece& data) const override { |
| 37 // Retrieve public key object. | 36 // Retrieve public key object. |
| 38 crypto::ScopedEVP_PKEY public_key(X509_get_pubkey(x509_.get())); | 37 crypto::ScopedEVP_PKEY public_key(X509_get_pubkey(x509_.get())); |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 73 common_name_length = X509_NAME_get_text_by_NID( | 72 common_name_length = X509_NAME_get_text_by_NID( |
| 74 x509_->cert_info->subject, NID_commonName, | 73 x509_->cert_info->subject, NID_commonName, |
| 75 WriteInto(&common_name, static_cast<size_t>(common_name_length) + 1), | 74 WriteInto(&common_name, static_cast<size_t>(common_name_length) + 1), |
| 76 common_name_length + 1); | 75 common_name_length + 1); |
| 77 if (common_name_length < 0) | 76 if (common_name_length < 0) |
| 78 return std::string(); | 77 return std::string(); |
| 79 return common_name; | 78 return common_name; |
| 80 } | 79 } |
| 81 | 80 |
| 82 private: | 81 private: |
| 83 ScopedX509 x509_; | 82 net::ScopedX509 x509_; |
| 84 }; | 83 }; |
| 85 | 84 |
| 86 } // namespace | 85 } // namespace |
| 87 | 86 |
| 88 VerificationResult VerifyDeviceCert( | 87 VerificationResult VerifyDeviceCert( |
| 89 const base::StringPiece& device_cert, | 88 const base::StringPiece& device_cert, |
| 90 const std::vector<std::string>& ica_certs, | 89 const std::vector<std::string>& ica_certs, |
| 91 scoped_ptr<CertVerificationContext>* context) { | 90 scoped_ptr<CertVerificationContext>* context) { |
| 92 crypto::EnsureOpenSSLInit(); | 91 crypto::EnsureOpenSSLInit(); |
| 93 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 92 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| (...skipping 26 matching lines...) Expand all Loading... |
| 120 crypto::ScopedEVP_PKEY ica_public_key_evp(EVP_PKEY_new()); | 119 crypto::ScopedEVP_PKEY ica_public_key_evp(EVP_PKEY_new()); |
| 121 if (!ica_public_key_evp || | 120 if (!ica_public_key_evp || |
| 122 !EVP_PKEY_set1_RSA(ica_public_key_evp.get(), ica_public_key_rsa.get())) { | 121 !EVP_PKEY_set1_RSA(ica_public_key_evp.get(), ica_public_key_rsa.get())) { |
| 123 return VerificationResult("Failed to import trusted public key.", | 122 return VerificationResult("Failed to import trusted public key.", |
| 124 VerificationResult::ERROR_INTERNAL); | 123 VerificationResult::ERROR_INTERNAL); |
| 125 } | 124 } |
| 126 // Parse the device certificate. | 125 // Parse the device certificate. |
| 127 const uint8_t* device_cert_der_ptr = | 126 const uint8_t* device_cert_der_ptr = |
| 128 reinterpret_cast<const uint8_t*>(device_cert.data()); | 127 reinterpret_cast<const uint8_t*>(device_cert.data()); |
| 129 const uint8_t* device_cert_der_end = device_cert_der_ptr + device_cert.size(); | 128 const uint8_t* device_cert_der_end = device_cert_der_ptr + device_cert.size(); |
| 130 ScopedX509 device_cert_x509( | 129 net::ScopedX509 device_cert_x509( |
| 131 d2i_X509(NULL, &device_cert_der_ptr, device_cert.size())); | 130 d2i_X509(NULL, &device_cert_der_ptr, device_cert.size())); |
| 132 if (!device_cert_x509 || device_cert_der_ptr != device_cert_der_end) { | 131 if (!device_cert_x509 || device_cert_der_ptr != device_cert_der_end) { |
| 133 return VerificationResult("Failed to parse device certificate.", | 132 return VerificationResult("Failed to parse device certificate.", |
| 134 VerificationResult::ERROR_CERT_INVALID); | 133 VerificationResult::ERROR_CERT_INVALID); |
| 135 } | 134 } |
| 136 // Verify device certificate. | 135 // Verify device certificate. |
| 137 if (X509_verify(device_cert_x509.get(), ica_public_key_evp.get()) != 1) { | 136 if (X509_verify(device_cert_x509.get(), ica_public_key_evp.get()) != 1) { |
| 138 return VerificationResult( | 137 return VerificationResult( |
| 139 "Device certificate signature verification failed.", | 138 "Device certificate signature verification failed.", |
| 140 VerificationResult::ERROR_CERT_INVALID); | 139 VerificationResult::ERROR_CERT_INVALID); |
| 141 } | 140 } |
| 142 | 141 |
| 143 if (context) { | 142 if (context) { |
| 144 scoped_ptr<CertVerificationContext> tmp_context( | 143 scoped_ptr<CertVerificationContext> tmp_context( |
| 145 new CertVerificationContextOpenSSL(device_cert_x509.release())); | 144 new CertVerificationContextOpenSSL(device_cert_x509.release())); |
| 146 tmp_context.swap(*context); | 145 tmp_context.swap(*context); |
| 147 } | 146 } |
| 148 | 147 |
| 149 return VerificationResult(); | 148 return VerificationResult(); |
| 150 } | 149 } |
| 151 | 150 |
| 152 std::string VerificationResult::GetLogString() const { | 151 std::string VerificationResult::GetLogString() const { |
| 153 return error_message; | 152 return error_message; |
| 154 } | 153 } |
| 155 | 154 |
| 156 } // namespace cast_crypto | 155 } // namespace cast_crypto |
| 157 } // namespace core_api | 156 } // namespace core_api |
| 158 } // namespace extensions | 157 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 948543002:
Convert crypto::ScopedOpenSSL to type aliases. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master