OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
6 | 6 |
7 #include <openssl/asn1.h> | 7 #include <openssl/asn1.h> |
8 #include <openssl/bytestring.h> | 8 #include <openssl/bytestring.h> |
9 #include <openssl/crypto.h> | 9 #include <openssl/crypto.h> |
10 #include <openssl/obj_mac.h> | 10 #include <openssl/obj_mac.h> |
11 #include <openssl/pem.h> | 11 #include <openssl/pem.h> |
12 #include <openssl/sha.h> | 12 #include <openssl/sha.h> |
13 #include <openssl/ssl.h> | 13 #include <openssl/ssl.h> |
14 #include <openssl/x509v3.h> | 14 #include <openssl/x509v3.h> |
15 | 15 |
16 #include "base/macros.h" | 16 #include "base/macros.h" |
17 #include "base/memory/singleton.h" | 17 #include "base/memory/singleton.h" |
18 #include "base/numerics/safe_conversions.h" | 18 #include "base/numerics/safe_conversions.h" |
19 #include "base/pickle.h" | 19 #include "base/pickle.h" |
20 #include "base/sha1.h" | 20 #include "base/sha1.h" |
21 #include "base/strings/string_number_conversions.h" | 21 #include "base/strings/string_number_conversions.h" |
22 #include "base/strings/string_piece.h" | 22 #include "base/strings/string_piece.h" |
23 #include "base/strings/string_util.h" | 23 #include "base/strings/string_util.h" |
24 #include "crypto/openssl_util.h" | 24 #include "crypto/openssl_util.h" |
25 #include "crypto/scoped_openssl_types.h" | 25 #include "crypto/scoped_openssl_types.h" |
26 #include "net/base/ip_address_number.h" | 26 #include "net/base/ip_address.h" |
27 #include "net/base/net_errors.h" | 27 #include "net/base/net_errors.h" |
28 #include "net/cert/x509_util_openssl.h" | 28 #include "net/cert/x509_util_openssl.h" |
29 | 29 |
30 #if defined(OS_ANDROID) | 30 #if defined(OS_ANDROID) |
31 #include "base/logging.h" | 31 #include "base/logging.h" |
32 #include "net/android/network_library.h" | 32 #include "net/android/network_library.h" |
33 #endif | 33 #endif |
34 | 34 |
35 namespace net { | 35 namespace net { |
36 | 36 |
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
118 if (!dns_name) | 118 if (!dns_name) |
119 continue; | 119 continue; |
120 int dns_name_len = ASN1_STRING_length(name->d.dNSName); | 120 int dns_name_len = ASN1_STRING_length(name->d.dNSName); |
121 dns_names->push_back( | 121 dns_names->push_back( |
122 std::string(reinterpret_cast<const char*>(dns_name), dns_name_len)); | 122 std::string(reinterpret_cast<const char*>(dns_name), dns_name_len)); |
123 } else if (name->type == GEN_IPADD && ip_addresses) { | 123 } else if (name->type == GEN_IPADD && ip_addresses) { |
124 const unsigned char* ip_addr = name->d.iPAddress->data; | 124 const unsigned char* ip_addr = name->d.iPAddress->data; |
125 if (!ip_addr) | 125 if (!ip_addr) |
126 continue; | 126 continue; |
127 int ip_addr_len = name->d.iPAddress->length; | 127 int ip_addr_len = name->d.iPAddress->length; |
128 if (ip_addr_len != static_cast<int>(kIPv4AddressSize) && | 128 if (ip_addr_len != static_cast<int>(IPAddress::kIPv4AddressSize) && |
129 ip_addr_len != static_cast<int>(kIPv6AddressSize)) { | 129 ip_addr_len != static_cast<int>(IPAddress::kIPv6AddressSize)) { |
130 // http://www.ietf.org/rfc/rfc3280.txt requires subjectAltName iPAddress | 130 // http://www.ietf.org/rfc/rfc3280.txt requires subjectAltName iPAddress |
131 // to have 4 or 16 bytes, whereas in a name constraint it includes a | 131 // to have 4 or 16 bytes, whereas in a name constraint it includes a |
132 // net mask hence 8 or 32 bytes. Logging to help diagnose any mixup. | 132 // net mask hence 8 or 32 bytes. Logging to help diagnose any mixup. |
133 LOG(WARNING) << "Bad sized IP Address in cert: " << ip_addr_len; | 133 LOG(WARNING) << "Bad sized IP Address in cert: " << ip_addr_len; |
134 continue; | 134 continue; |
135 } | 135 } |
136 ip_addresses->push_back( | 136 ip_addresses->push_back( |
137 std::string(reinterpret_cast<const char*>(ip_addr), ip_addr_len)); | 137 std::string(reinterpret_cast<const char*>(ip_addr), ip_addr_len)); |
138 } | 138 } |
139 } | 139 } |
(...skipping 315 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
455 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) { | 455 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) { |
456 crypto::ScopedEVP_PKEY scoped_key(X509_get_pubkey(cert_handle)); | 456 crypto::ScopedEVP_PKEY scoped_key(X509_get_pubkey(cert_handle)); |
457 if (!scoped_key) | 457 if (!scoped_key) |
458 return false; | 458 return false; |
459 | 459 |
460 // NOTE: X509_verify() returns 1 in case of success, 0 or -1 on error. | 460 // NOTE: X509_verify() returns 1 in case of success, 0 or -1 on error. |
461 return X509_verify(cert_handle, scoped_key.get()) == 1; | 461 return X509_verify(cert_handle, scoped_key.get()) == 1; |
462 } | 462 } |
463 | 463 |
464 } // namespace net | 464 } // namespace net |
OLD | NEW |