Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(425)

Unified Diff: net/base/x509_certificate_nss.cc

Issue 10928107: Support x509 certificate on iOS. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Fix windows compilation Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/base/x509_certificate_ios.cc ('k') | net/base/x509_certificate_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/base/x509_certificate_nss.cc
diff --git a/net/base/x509_certificate_nss.cc b/net/base/x509_certificate_nss.cc
index 060f4f74602b464272a681c909a566df379e3267..54d2197e30ecd2db96f7d008a8c7442080e7a9fd 100644
--- a/net/base/x509_certificate_nss.cc
+++ b/net/base/x509_certificate_nss.cc
@@ -19,110 +19,21 @@
#include "base/time.h"
#include "crypto/nss_util.h"
#include "crypto/rsa_private_key.h"
-#include "crypto/scoped_nss_types.h"
#include "net/base/x509_util_nss.h"
namespace net {
-namespace {
-
-void ParsePrincipal(CERTName* name,
- CertPrincipal* principal) {
- typedef char* (*CERTGetNameFunc)(CERTName* name);
-
- // TODO(jcampan): add business_category and serial_number.
- // TODO(wtc): NSS has the CERT_GetOrgName, CERT_GetOrgUnitName, and
- // CERT_GetDomainComponentName functions, but they return only the most
- // general (the first) RDN. NSS doesn't have a function for the street
- // address.
- static const SECOidTag kOIDs[] = {
- SEC_OID_AVA_STREET_ADDRESS,
- SEC_OID_AVA_ORGANIZATION_NAME,
- SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
- SEC_OID_AVA_DC };
-
- std::vector<std::string>* values[] = {
- &principal->street_addresses,
- &principal->organization_names,
- &principal->organization_unit_names,
- &principal->domain_components };
- DCHECK(arraysize(kOIDs) == arraysize(values));
-
- CERTRDN** rdns = name->rdns;
- for (size_t rdn = 0; rdns[rdn]; ++rdn) {
- CERTAVA** avas = rdns[rdn]->avas;
- for (size_t pair = 0; avas[pair] != 0; ++pair) {
- SECOidTag tag = CERT_GetAVATag(avas[pair]);
- for (size_t oid = 0; oid < arraysize(kOIDs); ++oid) {
- if (kOIDs[oid] == tag) {
- SECItem* decode_item = CERT_DecodeAVAValue(&avas[pair]->value);
- if (!decode_item)
- break;
- // TODO(wtc): Pass decode_item to CERT_RFC1485_EscapeAndQuote.
- std::string value(reinterpret_cast<char*>(decode_item->data),
- decode_item->len);
- values[oid]->push_back(value);
- SECITEM_FreeItem(decode_item, PR_TRUE);
- break;
- }
- }
- }
- }
-
- // Get CN, L, S, and C.
- CERTGetNameFunc get_name_funcs[4] = {
- CERT_GetCommonName, CERT_GetLocalityName,
- CERT_GetStateName, CERT_GetCountryName };
- std::string* single_values[4] = {
- &principal->common_name, &principal->locality_name,
- &principal->state_or_province_name, &principal->country_name };
- for (size_t i = 0; i < arraysize(get_name_funcs); ++i) {
- char* value = get_name_funcs[i](name);
- if (value) {
- single_values[i]->assign(value);
- PORT_Free(value);
- }
- }
-}
-
-void ParseDate(SECItem* der_date, base::Time* result) {
- PRTime prtime;
- SECStatus rv = DER_DecodeTimeChoice(&prtime, der_date);
- DCHECK_EQ(SECSuccess, rv);
- *result = crypto::PRTimeToBaseTime(prtime);
-}
-
-SECStatus PR_CALLBACK
-CollectCertsCallback(void* arg, SECItem** certs, int num_certs) {
- X509Certificate::OSCertHandles* results =
- reinterpret_cast<X509Certificate::OSCertHandles*>(arg);
-
- for (int i = 0; i < num_certs; ++i) {
- X509Certificate::OSCertHandle handle =
- X509Certificate::CreateOSCertHandleFromBytes(
- reinterpret_cast<char*>(certs[i]->data), certs[i]->len);
- if (handle)
- results->push_back(handle);
- }
-
- return SECSuccess;
-}
-
-} // namespace
-
void X509Certificate::Initialize() {
- ParsePrincipal(&cert_handle_->subject, &subject_);
- ParsePrincipal(&cert_handle_->issuer, &issuer_);
+ x509_util::ParsePrincipal(&cert_handle_->subject, &subject_);
+ x509_util::ParsePrincipal(&cert_handle_->issuer, &issuer_);
- ParseDate(&cert_handle_->validity.notBefore, &valid_start_);
- ParseDate(&cert_handle_->validity.notAfter, &valid_expiry_);
+ x509_util::ParseDate(&cert_handle_->validity.notBefore, &valid_start_);
+ x509_util::ParseDate(&cert_handle_->validity.notAfter, &valid_expiry_);
fingerprint_ = CalculateFingerprint(cert_handle_);
ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_);
- serial_number_ = std::string(
- reinterpret_cast<char*>(cert_handle_->serialNumber.data),
- cert_handle_->serialNumber.len);
+ serial_number_ = x509_util::ParseSerialNumber(cert_handle_);
}
// static
@@ -216,7 +127,6 @@ X509Certificate* X509Certificate::CreateSelfSigned(
uint32 serial_number,
base::TimeDelta valid_duration) {
DCHECK(key);
-
base::Time not_valid_before = base::Time::Now();
base::Time not_valid_after = not_valid_before + valid_duration;
CERTCertificate* cert = x509_util::CreateSelfSignedCert(key->public_key(),
@@ -225,7 +135,6 @@ X509Certificate* X509Certificate::CreateSelfSigned(
serial_number,
not_valid_before,
not_valid_after);
-
if (!cert)
return NULL;
@@ -238,44 +147,7 @@ X509Certificate* X509Certificate::CreateSelfSigned(
void X509Certificate::GetSubjectAltName(
std::vector<std::string>* dns_names,
std::vector<std::string>* ip_addrs) const {
- if (dns_names)
- dns_names->clear();
- if (ip_addrs)
- ip_addrs->clear();
-
- SECItem alt_name;
- SECStatus rv = CERT_FindCertExtension(cert_handle_,
- SEC_OID_X509_SUBJECT_ALT_NAME,
- &alt_name);
- if (rv != SECSuccess)
- return;
-
- PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- DCHECK(arena != NULL);
-
- CERTGeneralName* alt_name_list;
- alt_name_list = CERT_DecodeAltNameExtension(arena, &alt_name);
- SECITEM_FreeItem(&alt_name, PR_FALSE);
-
- CERTGeneralName* name = alt_name_list;
- while (name) {
- // DNSName and IPAddress are encoded as IA5String and OCTET STRINGs
- // respectively, both of which can be byte copied from
- // SECItemType::data into the appropriate output vector.
- if (dns_names && name->type == certDNSName) {
- dns_names->push_back(std::string(
- reinterpret_cast<char*>(name->name.other.data),
- name->name.other.len));
- } else if (ip_addrs && name->type == certIPAddress) {
- ip_addrs->push_back(std::string(
- reinterpret_cast<char*>(name->name.other.data),
- name->name.other.len));
- }
- name = CERT_GetNextGeneralName(name);
- if (name == alt_name_list)
- break;
- }
- PORT_FreeArena(arena, PR_FALSE);
+ x509_util::GetSubjectAltName(cert_handle_, dns_names, ip_addrs);
}
bool X509Certificate::VerifyNameMatch(const std::string& hostname) const {
@@ -338,38 +210,7 @@ X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes(
const char* data,
int length,
Format format) {
- OSCertHandles results;
- if (length < 0)
- return results;
-
- crypto::EnsureNSSInit();
-
- if (!NSS_IsInitialized())
- return results;
-
- switch (format) {
- case FORMAT_SINGLE_CERTIFICATE: {
- OSCertHandle handle = CreateOSCertHandleFromBytes(data, length);
- if (handle)
- results.push_back(handle);
- break;
- }
- case FORMAT_PKCS7: {
- // Make a copy since CERT_DecodeCertPackage may modify it
- std::vector<char> data_copy(data, data + length);
-
- SECStatus result = CERT_DecodeCertPackage(&data_copy[0],
- length, CollectCertsCallback, &results);
- if (result != SECSuccess)
- results.clear();
- break;
- }
- default:
- NOTREACHED() << "Certificate format " << format << " unimplemented";
- break;
- }
-
- return results;
+ return x509_util::CreateOSCertHandlesFromBytes(data, length, format);
}
// static
@@ -423,12 +264,7 @@ SHA1HashValue X509Certificate::CalculateCAFingerprint(
// static
X509Certificate::OSCertHandle
X509Certificate::ReadOSCertHandleFromPickle(PickleIterator* pickle_iter) {
- const char* data;
- int length;
- if (!pickle_iter->ReadData(&data, &length))
- return NULL;
-
- return CreateOSCertHandleFromBytes(data, length);
+ return x509_util::ReadOSCertHandleFromPickle(pickle_iter);
}
// static
@@ -443,34 +279,7 @@ bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle,
void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,
size_t* size_bits,
PublicKeyType* type) {
- // Since we might fail, set the output parameters to default values first.
- *type = kPublicKeyTypeUnknown;
- *size_bits = 0;
-
- crypto::ScopedSECKEYPublicKey key(CERT_ExtractPublicKey(cert_handle));
- if (!key.get())
- return;
-
- *size_bits = SECKEY_PublicKeyStrengthInBits(key.get());
-
- switch (key->keyType) {
- case rsaKey:
- *type = kPublicKeyTypeRSA;
- break;
- case dsaKey:
- *type = kPublicKeyTypeDSA;
- break;
- case dhKey:
- *type = kPublicKeyTypeDH;
- break;
- case ecKey:
- *type = kPublicKeyTypeECDSA;
- break;
- default:
- *type = kPublicKeyTypeUnknown;
- *size_bits = 0;
- break;
- }
+ x509_util::GetPublicKeyInfo(cert_handle, size_bits, type);
}
} // namespace net
« no previous file with comments | « net/base/x509_certificate_ios.cc ('k') | net/base/x509_certificate_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698