Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(125)

Side by Side Diff: net/base/x509_certificate_mac.cc

Issue 11579002: Add X509Certificate::IsIssuedByEncoded() (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: fix bad indent Created 7 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #include <CommonCrypto/CommonDigest.h> 7 #include <CommonCrypto/CommonDigest.h>
8 #include <CoreServices/CoreServices.h> 8 #include <CoreServices/CoreServices.h>
9 #include <Security/Security.h> 9 #include <Security/Security.h>
10 #include <time.h> 10 #include <time.h>
11 11
12 #include <vector> 12 #include <vector>
13 13
14 #include "base/lazy_instance.h" 14 #include "base/lazy_instance.h"
15 #include "base/logging.h" 15 #include "base/logging.h"
16 #include "base/mac/mac_logging.h" 16 #include "base/mac/mac_logging.h"
17 #include "base/mac/scoped_cftyperef.h" 17 #include "base/mac/scoped_cftyperef.h"
18 #include "base/memory/singleton.h" 18 #include "base/memory/singleton.h"
19 #include "base/pickle.h" 19 #include "base/pickle.h"
20 #include "base/sha1.h" 20 #include "base/sha1.h"
21 #include "base/string_piece.h"
21 #include "base/synchronization/lock.h" 22 #include "base/synchronization/lock.h"
22 #include "base/sys_string_conversions.h" 23 #include "base/sys_string_conversions.h"
23 #include "crypto/cssm_init.h" 24 #include "crypto/cssm_init.h"
24 #include "crypto/mac_security_services_lock.h" 25 #include "crypto/mac_security_services_lock.h"
25 #include "crypto/nss_util.h" 26 #include "crypto/nss_util.h"
26 #include "crypto/rsa_private_key.h" 27 #include "crypto/rsa_private_key.h"
27 #include "net/base/x509_util_mac.h" 28 #include "net/base/x509_util_mac.h"
28 #include "third_party/nss/mozilla/security/nss/lib/certdb/cert.h" 29 #include "third_party/nss/mozilla/security/nss/lib/certdb/cert.h"
29 30
30 using base::mac::ScopedCFTypeRef; 31 using base::mac::ScopedCFTypeRef;
31 using base::Time; 32 using base::Time;
32 33
33 namespace net { 34 namespace net {
34 35
35 namespace { 36 namespace {
36 37
37 void GetCertDistinguishedName( 38 void GetCertDistinguishedName(
38 const x509_util::CSSMCachedCertificate& cached_cert, 39 const x509_util::CSSMCachedCertificate& cached_cert,
39 const CSSM_OID* oid, 40 const CSSM_OID* oid,
40 CertPrincipal* result) { 41 CertPrincipal* result) {
41 x509_util::CSSMFieldValue distinguished_name; 42 x509_util::CSSMFieldValue distinguished_name;
42 OSStatus status = cached_cert.GetField(oid, &distinguished_name); 43 OSStatus status = cached_cert.GetField(oid, &distinguished_name);
43 if (status || !distinguished_name.field()) 44 if (status || !distinguished_name.field())
44 return; 45 return;
45 result->ParseDistinguishedName(distinguished_name.field()->Data, 46 result->ParseDistinguishedName(distinguished_name.field()->Data,
46 distinguished_name.field()->Length); 47 distinguished_name.field()->Length);
47 } 48 }
48 49
50 bool IsCertIssuerInEncodedList(X509Certificate::OSCertHandle cert_handle,
51 const std::vector<std::string>& issuers) {
52 x509_util::CSSMCachedCertificate cached_cert;
53 if (cached_cert.Init(cert_handle) != CSSM_OK)
54 return false;
55
56 x509_util::CSSMFieldValue distinguished_name;
57 OSStatus status = cached_cert.GetField(&CSSMOID_X509V1IssuerNameStd,
58 &distinguished_name);
59 if (status || !distinguished_name.field())
60 return false;
61
62 base::StringPiece name_piece(
63 reinterpret_cast<const char*>(distinguished_name.field()->Data),
64 static_cast<size_t>(distinguished_name.field()->Length));
65
66 for (std::vector<std::string>::const_iterator it = issuers.begin();
67 it != issuers.end(); ++it) {
68 base::StringPiece issuer_piece(*it);
69 if (name_piece == issuer_piece)
70 return true;
71 }
72
73 return false;
74 }
75
49 void GetCertDateForOID(const x509_util::CSSMCachedCertificate& cached_cert, 76 void GetCertDateForOID(const x509_util::CSSMCachedCertificate& cached_cert,
50 const CSSM_OID* oid, 77 const CSSM_OID* oid,
51 Time* result) { 78 Time* result) {
52 *result = Time::Time(); 79 *result = Time::Time();
53 80
54 x509_util::CSSMFieldValue field; 81 x509_util::CSSMFieldValue field;
55 OSStatus status = cached_cert.GetField(oid, &field); 82 OSStatus status = cached_cert.GetField(oid, &field);
56 if (status) 83 if (status)
57 return; 84 return;
58 85
(...skipping 267 matching lines...) Expand 10 before | Expand all | Expand 10 after
326 &valid_start_); 353 &valid_start_);
327 GetCertDateForOID(cached_cert, &CSSMOID_X509V1ValidityNotAfter, 354 GetCertDateForOID(cached_cert, &CSSMOID_X509V1ValidityNotAfter,
328 &valid_expiry_); 355 &valid_expiry_);
329 serial_number_ = GetCertSerialNumber(cached_cert); 356 serial_number_ = GetCertSerialNumber(cached_cert);
330 } 357 }
331 358
332 fingerprint_ = CalculateFingerprint(cert_handle_); 359 fingerprint_ = CalculateFingerprint(cert_handle_);
333 ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_); 360 ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_);
334 } 361 }
335 362
363 bool X509Certificate::IsIssuedByEncoded(
364 const std::vector<std::string>& valid_issuers) {
365 if (IsCertIssuerInEncodedList(cert_handle_, valid_issuers))
366 return true;
367
368 for (OSCertHandles::iterator it = intermediate_ca_certs_.begin();
369 it != intermediate_ca_certs_.end(); ++it) {
370 if (IsCertIssuerInEncodedList(*it, valid_issuers))
371 return true;
372 }
373 return false;
374 }
375
336 // static 376 // static
337 X509Certificate* X509Certificate::CreateSelfSigned( 377 X509Certificate* X509Certificate::CreateSelfSigned(
338 crypto::RSAPrivateKey* key, 378 crypto::RSAPrivateKey* key,
339 const std::string& subject, 379 const std::string& subject,
340 uint32 serial_number, 380 uint32 serial_number,
341 base::TimeDelta valid_duration) { 381 base::TimeDelta valid_duration) {
342 DCHECK(key); 382 DCHECK(key);
343 DCHECK(!subject.empty()); 383 DCHECK(!subject.empty());
344 384
345 if (valid_duration.InSeconds() > kuint32max) { 385 if (valid_duration.InSeconds() > kuint32max) {
(...skipping 550 matching lines...) Expand 10 before | Expand all | Expand 10 after
896 *type = kPublicKeyTypeDH; 936 *type = kPublicKeyTypeDH;
897 break; 937 break;
898 default: 938 default:
899 *type = kPublicKeyTypeUnknown; 939 *type = kPublicKeyTypeUnknown;
900 *size_bits = 0; 940 *size_bits = 0;
901 break; 941 break;
902 } 942 }
903 } 943 }
904 944
905 } // namespace net 945 } // namespace net
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698