| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
| 8 #include <CoreServices/CoreServices.h> | 8 #include <CoreServices/CoreServices.h> |
| 9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
| 10 #include <time.h> | 10 #include <time.h> |
| 11 | 11 |
| 12 #include <vector> | 12 #include <vector> |
| 13 | 13 |
| 14 #include "base/lazy_instance.h" | 14 #include "base/lazy_instance.h" |
| 15 #include "base/logging.h" | 15 #include "base/logging.h" |
| 16 #include "base/mac/mac_logging.h" | 16 #include "base/mac/mac_logging.h" |
| 17 #include "base/mac/scoped_cftyperef.h" | 17 #include "base/mac/scoped_cftyperef.h" |
| 18 #include "base/memory/singleton.h" | 18 #include "base/memory/singleton.h" |
| 19 #include "base/pickle.h" | 19 #include "base/pickle.h" |
| 20 #include "base/sha1.h" | 20 #include "base/sha1.h" |
| 21 #include "base/string_piece.h" |
| 21 #include "base/synchronization/lock.h" | 22 #include "base/synchronization/lock.h" |
| 22 #include "base/sys_string_conversions.h" | 23 #include "base/sys_string_conversions.h" |
| 23 #include "crypto/cssm_init.h" | 24 #include "crypto/cssm_init.h" |
| 24 #include "crypto/mac_security_services_lock.h" | 25 #include "crypto/mac_security_services_lock.h" |
| 25 #include "crypto/nss_util.h" | 26 #include "crypto/nss_util.h" |
| 26 #include "crypto/rsa_private_key.h" | 27 #include "crypto/rsa_private_key.h" |
| 27 #include "net/base/x509_util_mac.h" | 28 #include "net/base/x509_util_mac.h" |
| 28 #include "third_party/nss/mozilla/security/nss/lib/certdb/cert.h" | 29 #include "third_party/nss/mozilla/security/nss/lib/certdb/cert.h" |
| 29 | 30 |
| 30 using base::mac::ScopedCFTypeRef; | 31 using base::mac::ScopedCFTypeRef; |
| 31 using base::Time; | 32 using base::Time; |
| 32 | 33 |
| 33 namespace net { | 34 namespace net { |
| 34 | 35 |
| 35 namespace { | 36 namespace { |
| 36 | 37 |
| 37 void GetCertDistinguishedName( | 38 void GetCertDistinguishedName( |
| 38 const x509_util::CSSMCachedCertificate& cached_cert, | 39 const x509_util::CSSMCachedCertificate& cached_cert, |
| 39 const CSSM_OID* oid, | 40 const CSSM_OID* oid, |
| 40 CertPrincipal* result) { | 41 CertPrincipal* result) { |
| 41 x509_util::CSSMFieldValue distinguished_name; | 42 x509_util::CSSMFieldValue distinguished_name; |
| 42 OSStatus status = cached_cert.GetField(oid, &distinguished_name); | 43 OSStatus status = cached_cert.GetField(oid, &distinguished_name); |
| 43 if (status || !distinguished_name.field()) | 44 if (status || !distinguished_name.field()) |
| 44 return; | 45 return; |
| 45 result->ParseDistinguishedName(distinguished_name.field()->Data, | 46 result->ParseDistinguishedName(distinguished_name.field()->Data, |
| 46 distinguished_name.field()->Length); | 47 distinguished_name.field()->Length); |
| 47 } | 48 } |
| 48 | 49 |
| 50 bool IsCertIssuerInEncodedList(X509Certificate::OSCertHandle cert_handle, |
| 51 const std::vector<std::string>& issuers) { |
| 52 x509_util::CSSMCachedCertificate cached_cert; |
| 53 if (cached_cert.Init(cert_handle) != CSSM_OK) |
| 54 return false; |
| 55 |
| 56 x509_util::CSSMFieldValue distinguished_name; |
| 57 OSStatus status = cached_cert.GetField(&CSSMOID_X509V1IssuerNameStd, |
| 58 &distinguished_name); |
| 59 if (status || !distinguished_name.field()) |
| 60 return false; |
| 61 |
| 62 base::StringPiece name_piece( |
| 63 reinterpret_cast<const char*>(distinguished_name.field()->Data), |
| 64 static_cast<size_t>(distinguished_name.field()->Length)); |
| 65 |
| 66 for (std::vector<std::string>::const_iterator it = issuers.begin(); |
| 67 it != issuers.end(); ++it) { |
| 68 base::StringPiece issuer_piece(*it); |
| 69 if (name_piece == issuer_piece) |
| 70 return true; |
| 71 } |
| 72 |
| 73 return false; |
| 74 } |
| 75 |
| 49 void GetCertDateForOID(const x509_util::CSSMCachedCertificate& cached_cert, | 76 void GetCertDateForOID(const x509_util::CSSMCachedCertificate& cached_cert, |
| 50 const CSSM_OID* oid, | 77 const CSSM_OID* oid, |
| 51 Time* result) { | 78 Time* result) { |
| 52 *result = Time::Time(); | 79 *result = Time::Time(); |
| 53 | 80 |
| 54 x509_util::CSSMFieldValue field; | 81 x509_util::CSSMFieldValue field; |
| 55 OSStatus status = cached_cert.GetField(oid, &field); | 82 OSStatus status = cached_cert.GetField(oid, &field); |
| 56 if (status) | 83 if (status) |
| 57 return; | 84 return; |
| 58 | 85 |
| (...skipping 267 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 326 &valid_start_); | 353 &valid_start_); |
| 327 GetCertDateForOID(cached_cert, &CSSMOID_X509V1ValidityNotAfter, | 354 GetCertDateForOID(cached_cert, &CSSMOID_X509V1ValidityNotAfter, |
| 328 &valid_expiry_); | 355 &valid_expiry_); |
| 329 serial_number_ = GetCertSerialNumber(cached_cert); | 356 serial_number_ = GetCertSerialNumber(cached_cert); |
| 330 } | 357 } |
| 331 | 358 |
| 332 fingerprint_ = CalculateFingerprint(cert_handle_); | 359 fingerprint_ = CalculateFingerprint(cert_handle_); |
| 333 ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_); | 360 ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_); |
| 334 } | 361 } |
| 335 | 362 |
| 363 bool X509Certificate::IsIssuedByEncoded( |
| 364 const std::vector<std::string>& valid_issuers) { |
| 365 if (IsCertIssuerInEncodedList(cert_handle_, valid_issuers)) |
| 366 return true; |
| 367 |
| 368 for (OSCertHandles::iterator it = intermediate_ca_certs_.begin(); |
| 369 it != intermediate_ca_certs_.end(); ++it) { |
| 370 if (IsCertIssuerInEncodedList(*it, valid_issuers)) |
| 371 return true; |
| 372 } |
| 373 return false; |
| 374 } |
| 375 |
| 336 // static | 376 // static |
| 337 X509Certificate* X509Certificate::CreateSelfSigned( | 377 X509Certificate* X509Certificate::CreateSelfSigned( |
| 338 crypto::RSAPrivateKey* key, | 378 crypto::RSAPrivateKey* key, |
| 339 const std::string& subject, | 379 const std::string& subject, |
| 340 uint32 serial_number, | 380 uint32 serial_number, |
| 341 base::TimeDelta valid_duration) { | 381 base::TimeDelta valid_duration) { |
| 342 DCHECK(key); | 382 DCHECK(key); |
| 343 DCHECK(!subject.empty()); | 383 DCHECK(!subject.empty()); |
| 344 | 384 |
| 345 if (valid_duration.InSeconds() > kuint32max) { | 385 if (valid_duration.InSeconds() > kuint32max) { |
| (...skipping 550 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 896 *type = kPublicKeyTypeDH; | 936 *type = kPublicKeyTypeDH; |
| 897 break; | 937 break; |
| 898 default: | 938 default: |
| 899 *type = kPublicKeyTypeUnknown; | 939 *type = kPublicKeyTypeUnknown; |
| 900 *size_bits = 0; | 940 *size_bits = 0; |
| 901 break; | 941 break; |
| 902 } | 942 } |
| 903 } | 943 } |
| 904 | 944 |
| 905 } // namespace net | 945 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11579002:
Add X509Certificate::IsIssuedByEncoded() (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master