OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
8 #include <CoreServices/CoreServices.h> | 8 #include <CoreServices/CoreServices.h> |
9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
10 #include <time.h> | 10 #include <time.h> |
11 | 11 |
12 #include <vector> | 12 #include <vector> |
13 | 13 |
14 #include "base/lazy_instance.h" | 14 #include "base/lazy_instance.h" |
15 #include "base/logging.h" | 15 #include "base/logging.h" |
16 #include "base/mac/mac_logging.h" | 16 #include "base/mac/mac_logging.h" |
17 #include "base/mac/scoped_cftyperef.h" | 17 #include "base/mac/scoped_cftyperef.h" |
18 #include "base/memory/singleton.h" | 18 #include "base/memory/singleton.h" |
19 #include "base/pickle.h" | 19 #include "base/pickle.h" |
20 #include "base/sha1.h" | 20 #include "base/sha1.h" |
21 #include "base/string_piece.h" | |
21 #include "base/synchronization/lock.h" | 22 #include "base/synchronization/lock.h" |
22 #include "base/sys_string_conversions.h" | 23 #include "base/sys_string_conversions.h" |
23 #include "crypto/cssm_init.h" | 24 #include "crypto/cssm_init.h" |
24 #include "crypto/mac_security_services_lock.h" | 25 #include "crypto/mac_security_services_lock.h" |
25 #include "crypto/nss_util.h" | 26 #include "crypto/nss_util.h" |
26 #include "crypto/rsa_private_key.h" | 27 #include "crypto/rsa_private_key.h" |
27 #include "net/base/x509_util_mac.h" | 28 #include "net/base/x509_util_mac.h" |
28 #include "third_party/nss/mozilla/security/nss/lib/certdb/cert.h" | 29 #include "third_party/nss/mozilla/security/nss/lib/certdb/cert.h" |
29 | 30 |
30 using base::mac::ScopedCFTypeRef; | 31 using base::mac::ScopedCFTypeRef; |
31 using base::Time; | 32 using base::Time; |
32 | 33 |
33 namespace net { | 34 namespace net { |
34 | 35 |
35 namespace { | 36 namespace { |
36 | 37 |
37 void GetCertDistinguishedName( | 38 void GetCertDistinguishedName( |
38 const x509_util::CSSMCachedCertificate& cached_cert, | 39 const x509_util::CSSMCachedCertificate& cached_cert, |
39 const CSSM_OID* oid, | 40 const CSSM_OID* oid, |
40 CertPrincipal* result) { | 41 CertPrincipal* result) { |
41 x509_util::CSSMFieldValue distinguished_name; | 42 x509_util::CSSMFieldValue distinguished_name; |
42 OSStatus status = cached_cert.GetField(oid, &distinguished_name); | 43 OSStatus status = cached_cert.GetField(oid, &distinguished_name); |
43 if (status || !distinguished_name.field()) | 44 if (status || !distinguished_name.field()) |
44 return; | 45 return; |
45 result->ParseDistinguishedName(distinguished_name.field()->Data, | 46 result->ParseDistinguishedName(distinguished_name.field()->Data, |
46 distinguished_name.field()->Length); | 47 distinguished_name.field()->Length); |
47 } | 48 } |
48 | 49 |
50 bool IsCertDistinguishedNameInList( | |
51 OSCertHandle* cert, | |
52 const CSSM_OID* oid, | |
53 const std::vector<std::string>& valid_issuers) { | |
54 x509_util::CSSCachedCertificate cached_cert; | |
55 if (cached_cert.Init(cert_handle) != CSSM_OK) | |
56 return false; | |
57 | |
58 OSStatus status = cached_cert.GetField(oid, &distinguished_name); | |
59 if (status || !distinguished_name.field()) | |
60 return false; | |
61 | |
62 base::StringPiece name_piece( | |
63 distinguished_name.field()->Data, | |
64 distinguished_name.field()->Length); | |
65 | |
66 for (std::vector<std::string>::const_iterator it = issuers.begin(); | |
67 it != issuers.end(); ++it) { | |
68 base::StringPiece issuer_piece(*it); | |
69 if (name_piece == issuer_piece) | |
70 return true; | |
71 } | |
72 | |
73 return false; | |
74 } | |
75 | |
49 void GetCertDateForOID(const x509_util::CSSMCachedCertificate& cached_cert, | 76 void GetCertDateForOID(const x509_util::CSSMCachedCertificate& cached_cert, |
50 const CSSM_OID* oid, | 77 const CSSM_OID* oid, |
51 Time* result) { | 78 Time* result) { |
52 *result = Time::Time(); | 79 *result = Time::Time(); |
53 | 80 |
54 x509_util::CSSMFieldValue field; | 81 x509_util::CSSMFieldValue field; |
55 OSStatus status = cached_cert.GetField(oid, &field); | 82 OSStatus status = cached_cert.GetField(oid, &field); |
56 if (status) | 83 if (status) |
57 return; | 84 return; |
58 | 85 |
(...skipping 267 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
326 &valid_start_); | 353 &valid_start_); |
327 GetCertDateForOID(cached_cert, &CSSMOID_X509V1ValidityNotAfter, | 354 GetCertDateForOID(cached_cert, &CSSMOID_X509V1ValidityNotAfter, |
328 &valid_expiry_); | 355 &valid_expiry_); |
329 serial_number_ = GetCertSerialNumber(cached_cert); | 356 serial_number_ = GetCertSerialNumber(cached_cert); |
330 } | 357 } |
331 | 358 |
332 fingerprint_ = CalculateFingerprint(cert_handle_); | 359 fingerprint_ = CalculateFingerprint(cert_handle_); |
333 ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_); | 360 ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_); |
334 } | 361 } |
335 | 362 |
363 bool X509Certificate::IsIssuedByEncoded( | |
364 const std::vector<std::string>& valid_issuers) { | |
365 { | |
366 if (IsCertDistinguishedNameInList(cert_handle_, | |
367 &CSSMOID_X509V1IssuerNameStd, | |
368 valid_issuers)) | |
Ryan Sleevi
2012/12/13 19:49:05
STYLE: multi-line conditionals should have braces
digit1
2012/12/14 17:54:33
Done.
| |
369 return true; | |
370 | |
371 for (OSCertHandles::iterator it = intermediate_ca_certs_.begin(); | |
372 it != intermediate_ca_certs_.end(); ++it) { | |
373 if (IsCertDistinguishedNameInList(*it, &CSSMOID_X509V1SubjectNameStd, | |
374 valid_issuers)) | |
375 return true; | |
376 } | |
377 return false; | |
378 } | |
379 | |
336 // static | 380 // static |
337 X509Certificate* X509Certificate::CreateSelfSigned( | 381 X509Certificate* X509Certificate::CreateSelfSigned( |
338 crypto::RSAPrivateKey* key, | 382 crypto::RSAPrivateKey* key, |
339 const std::string& subject, | 383 const std::string& subject, |
340 uint32 serial_number, | 384 uint32 serial_number, |
341 base::TimeDelta valid_duration) { | 385 base::TimeDelta valid_duration) { |
342 DCHECK(key); | 386 DCHECK(key); |
343 DCHECK(!subject.empty()); | 387 DCHECK(!subject.empty()); |
344 | 388 |
345 if (valid_duration.InSeconds() > kuint32max) { | 389 if (valid_duration.InSeconds() > kuint32max) { |
(...skipping 550 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
896 *type = kPublicKeyTypeDH; | 940 *type = kPublicKeyTypeDH; |
897 break; | 941 break; |
898 default: | 942 default: |
899 *type = kPublicKeyTypeUnknown; | 943 *type = kPublicKeyTypeUnknown; |
900 *size_bits = 0; | 944 *size_bits = 0; |
901 break; | 945 break; |
902 } | 946 } |
903 } | 947 } |
904 | 948 |
905 } // namespace net | 949 } // namespace net |
OLD | NEW |