net/base/x509_certificate_mac.cc - Issue 11579002: Add X509Certificate::IsIssuedByEncoded()

Side by Side Diff: net/base/x509_certificate_mac.cc

Issue 11579002: Add X509Certificate::IsIssuedByEncoded() (Closed) Base URL: http://git.chromium.org/chromium/src.git@master

Patch Set: Add missing base files (damn you git cl upload) Created 8 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/base/x509_certificate.h"	5 #include "net/base/x509_certificate.h"

6	6

7 #include <CommonCrypto/CommonDigest.h>	7 #include <CommonCrypto/CommonDigest.h>

8 #include <CoreServices/CoreServices.h>	8 #include <CoreServices/CoreServices.h>

9 #include <Security/Security.h>	9 #include <Security/Security.h>

10 #include <time.h>	10 #include <time.h>

11	11

12 #include <vector>	12 #include <vector>

13	13

14 #include "base/lazy_instance.h"	14 #include "base/lazy_instance.h"

15 #include "base/logging.h"	15 #include "base/logging.h"

16 #include "base/mac/mac_logging.h"	16 #include "base/mac/mac_logging.h"

17 #include "base/mac/scoped_cftyperef.h"	17 #include "base/mac/scoped_cftyperef.h"

18 #include "base/memory/singleton.h"	18 #include "base/memory/singleton.h"

19 #include "base/pickle.h"	19 #include "base/pickle.h"

20 #include "base/sha1.h"	20 #include "base/sha1.h"

	21 #include "base/string_piece.h"

21 #include "base/synchronization/lock.h"	22 #include "base/synchronization/lock.h"

22 #include "base/sys_string_conversions.h"	23 #include "base/sys_string_conversions.h"

23 #include "crypto/cssm_init.h"	24 #include "crypto/cssm_init.h"

24 #include "crypto/mac_security_services_lock.h"	25 #include "crypto/mac_security_services_lock.h"

25 #include "crypto/nss_util.h"	26 #include "crypto/nss_util.h"

26 #include "crypto/rsa_private_key.h"	27 #include "crypto/rsa_private_key.h"

27 #include "net/base/x509_util_mac.h"	28 #include "net/base/x509_util_mac.h"

28 #include "third_party/nss/mozilla/security/nss/lib/certdb/cert.h"	29 #include "third_party/nss/mozilla/security/nss/lib/certdb/cert.h"

29	30

30 using base::mac::ScopedCFTypeRef;	31 using base::mac::ScopedCFTypeRef;

31 using base::Time;	32 using base::Time;

32	33

33 namespace net {	34 namespace net {

34	35

35 namespace {	36 namespace {

36	37

37 void GetCertDistinguishedName(	38 void GetCertDistinguishedName(

38 const x509_util::CSSMCachedCertificate& cached_cert,	39 const x509_util::CSSMCachedCertificate& cached_cert,

39 const CSSM_OID* oid,	40 const CSSM_OID* oid,

40 CertPrincipal* result) {	41 CertPrincipal* result) {

41 x509_util::CSSMFieldValue distinguished_name;	42 x509_util::CSSMFieldValue distinguished_name;

42 OSStatus status = cached_cert.GetField(oid, &distinguished_name);	43 OSStatus status = cached_cert.GetField(oid, &distinguished_name);

43 if (status \|\| !distinguished_name.field())	44 if (status \|\| !distinguished_name.field())

44 return;	45 return;

45 result->ParseDistinguishedName(distinguished_name.field()->Data,	46 result->ParseDistinguishedName(distinguished_name.field()->Data,

46 distinguished_name.field()->Length);	47 distinguished_name.field()->Length);

47 }	48 }

48	49

	50 bool IsCertDistinguishedNameInList(

	51 OSCertHandle* cert,

	52 const CSSM_OID* oid,

	53 const std::vector<std::string>& valid_issuers) {

	54 x509_util::CSSCachedCertificate cached_cert;

	55 if (cached_cert.Init(cert_handle) != CSSM_OK)

	56 return false;

	57

	58 OSStatus status = cached_cert.GetField(oid, &distinguished_name);

	59 if (status \|\| !distinguished_name.field())

	60 return false;

	61

	62 base::StringPiece name_piece(

	63 distinguished_name.field()->Data,

	64 distinguished_name.field()->Length);

	65

	66 for (std::vector<std::string>::const_iterator it = issuers.begin();

	67 it != issuers.end(); ++it) {

	68 base::StringPiece issuer_piece(*it);

	69 if (name_piece == issuer_piece)

	70 return true;

	71 }

	72

	73 return false;

	74 }

	75

49 void GetCertDateForOID(const x509_util::CSSMCachedCertificate& cached_cert,	76 void GetCertDateForOID(const x509_util::CSSMCachedCertificate& cached_cert,

50 const CSSM_OID* oid,	77 const CSSM_OID* oid,

51 Time* result) {	78 Time* result) {

52 *result = Time::Time();	79 *result = Time::Time();

53	80

54 x509_util::CSSMFieldValue field;	81 x509_util::CSSMFieldValue field;

55 OSStatus status = cached_cert.GetField(oid, &field);	82 OSStatus status = cached_cert.GetField(oid, &field);

56 if (status)	83 if (status)

57 return;	84 return;

58	85

(...skipping 267 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
326 &valid_start_);	353 &valid_start_);

327 GetCertDateForOID(cached_cert, &CSSMOID_X509V1ValidityNotAfter,	354 GetCertDateForOID(cached_cert, &CSSMOID_X509V1ValidityNotAfter,

328 &valid_expiry_);	355 &valid_expiry_);

329 serial_number_ = GetCertSerialNumber(cached_cert);	356 serial_number_ = GetCertSerialNumber(cached_cert);

330 }	357 }

331	358

332 fingerprint_ = CalculateFingerprint(cert_handle_);	359 fingerprint_ = CalculateFingerprint(cert_handle_);

333 ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_);	360 ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_);

334 }	361 }

335	362

	363 bool X509Certificate::IsIssuedByEncoded(

	364 const std::vector<std::string>& valid_issuers) {

	365 {

	366 if (IsCertDistinguishedNameInList(cert_handle_,

	367 &CSSMOID_X509V1IssuerNameStd,

	368 valid_issuers))
	Ryan Sleevi 2012/12/13 19:49:05 STYLE: multi-line conditionals should have braces STYLE: multi-line conditionals should have braces (also lines 373-375) BUG: See IOS bug about subject vs ISSUER digit1 2012/12/14 17:54:33 Done. Show quoted text On 2012/12/13 19:49:05, Ryan Sleevi wrote: > STYLE: multi-line conditionals should have braces (also lines 373-375) > > BUG: See IOS bug about subject vs ISSUER Done.
	369 return true;

	370

	371 for (OSCertHandles::iterator it = intermediate_ca_certs_.begin();

	372 it != intermediate_ca_certs_.end(); ++it) {

	373 if (IsCertDistinguishedNameInList(*it, &CSSMOID_X509V1SubjectNameStd,

	374 valid_issuers))

	375 return true;

	376 }

	377 return false;

	378 }

	379

336 // static	380 // static

337 X509Certificate* X509Certificate::CreateSelfSigned(	381 X509Certificate* X509Certificate::CreateSelfSigned(

338 crypto::RSAPrivateKey* key,	382 crypto::RSAPrivateKey* key,

339 const std::string& subject,	383 const std::string& subject,

340 uint32 serial_number,	384 uint32 serial_number,

341 base::TimeDelta valid_duration) {	385 base::TimeDelta valid_duration) {

342 DCHECK(key);	386 DCHECK(key);

343 DCHECK(!subject.empty());	387 DCHECK(!subject.empty());

344	388

345 if (valid_duration.InSeconds() > kuint32max) {	389 if (valid_duration.InSeconds() > kuint32max) {

(...skipping 550 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
896 *type = kPublicKeyTypeDH;	940 *type = kPublicKeyTypeDH;

897 break;	941 break;

898 default:	942 default:

899 *type = kPublicKeyTypeUnknown;	943 *type = kPublicKeyTypeUnknown;

900 *size_bits = 0;	944 *size_bits = 0;

901 break;	945 break;

902 }	946 }

903 }	947 }

904	948

905 } // namespace net	949 } // namespace net

OLD	NEW

« net/base/x509_certificate_ios.cc ('K') | « net/base/x509_certificate_ios.cc ('k') | net/base/x509_certificate_nss.cc » ('j') | net/base/x509_certificate_nss.cc » ('J')