More UI-related OpenSSL support.

Refactors a few functions from nsNSSCertHelper into common.
(no functional change when using NSS).
Implements some of the x509_certificate_model functions for OpenSSL.

BUG=none
TEST=Compile w/ use_openssl=1, check that the fields in certificate viewer are displayed.

Review URL: http://codereview.chromium.org/3815012

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@63723 0039d316-1c4b-4281-b951-d872f2087c98

6 files changed, 152 insertions, 72 deletions

diff --git a/chrome/common/net/x509_certificate_model.cc b/chrome/common/net/x509_certificate_model.cc
index 5f39685..641e7c5d 100644
--- a/chrome/common/net/x509_certificate_model.cc
+++ b/chrome/common/net/x509_certificate_model.cc
@@ -49,5 +49,40 @@ std::string ProcessIDN(const std::string& input) {
                                    input16, output16);
 }
 
+std::string ProcessRawBytesWithSeparators(const unsigned char* data,
+                                          size_t data_length,
+                                          char hex_separator,
+                                          char line_separator) {
+  static const char kHexChars[] = "0123456789ABCDEF";
+
+  // Each input byte creates two output hex characters + a space or newline,
+  // except for the last byte.
+  std::string ret;
+  size_t kMin = 0U;
+  ret.reserve(std::max(kMin, data_length * 3 - 1));
+
+  for (size_t i = 0; i < data_length; ++i) {
+    unsigned char b = data[i];
+    ret.push_back(kHexChars[(b >> 4) & 0xf]);
+    ret.push_back(kHexChars[b & 0xf]);
+    if (i + 1 < data_length) {
+      if ((i + 1) % 16 == 0)
+        ret.push_back(line_separator);
+      else
+        ret.push_back(hex_separator);
+    }
+  }
+  return ret;
+}
+
+std::string ProcessRawBytes(const unsigned char* data, size_t data_length) {
+  return ProcessRawBytesWithSeparators(data, data_length, ' ', '\n');
+}
+
+std::string ProcessRawBits(const unsigned char* data, size_t data_length) {
+  return ProcessRawBytesWithSeparators(data, (data_length + 7) / 8, ' ', '\n');
+}
+
+
 }  // x509_certificate_model
 
diff --git a/chrome/common/net/x509_certificate_model.h b/chrome/common/net/x509_certificate_model.h
index 351f489..56bb0a75 100644
--- a/chrome/common/net/x509_certificate_model.h
+++ b/chrome/common/net/x509_certificate_model.h
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef NET_BASE_X509_CERTIFICATE_MODEL_H_
-#define NET_BASE_X509_CERTIFICATE_MODEL_H_
+#ifndef CHROME_COMMON_NET_X509_CERTIFICATE_MODEL_H_
+#define CHROME_COMMON_NET_X509_CERTIFICATE_MODEL_H_
 #pragma once
 
 #include "net/base/cert_database.h"
@@ -123,6 +123,22 @@ std::string ProcessRawBitsSignatureWrap(
 
 void RegisterDynamicOids();
 
+// Format a buffer as |hex_separator| separated string, with 16 bytes on each
+// line separated using |line_separator|.
+std::string ProcessRawBytesWithSeparators(const unsigned char* data,
+                                          size_t data_length,
+                                          char hex_separator,
+                                          char line_separator);
+
+// Format a buffer as a space separated string, with 16 bytes on each line.
+std::string ProcessRawBytes(const unsigned char* data,
+                            size_t data_length);
+
+// Format a buffer as a space separated string, with 16 bytes on each line.
+// |data_length| is the length in bits.
+std::string ProcessRawBits(const unsigned char* data,
+                           size_t data_length);
+
 }  // namespace x509_certificate_model
 
-#endif  // NET_BASE_X509_CERTIFICATE_MODEL_H_
+#endif  // CHROME_COMMON_NET_X509_CERTIFICATE_MODEL_H_
diff --git a/chrome/common/net/x509_certificate_model_nss.cc b/chrome/common/net/x509_certificate_model_nss.cc
index da17a60..4d46174 100644
--- a/chrome/common/net/x509_certificate_model_nss.cc
+++ b/chrome/common/net/x509_certificate_model_nss.cc
@@ -42,7 +42,6 @@ std::string Stringize(char* nss_text, const std::string& alternative_text) {
 // algorithm, but given the limited uses, not worth fixing.)
 std::string HashCert(CERTCertificate* cert, HASH_HashType algorithm, int len) {
   unsigned char fingerprint[HASH_LENGTH_MAX];
-  SECItem fingerprint_item;
 
   DCHECK(NULL != cert->derCert.data);
   DCHECK_NE(0U, cert->derCert.len);
@@ -51,9 +50,7 @@ std::string HashCert(CERTCertificate* cert, HASH_HashType algorithm, int len) {
   SECStatus rv = HASH_HashBuf(algorithm, fingerprint, cert->derCert.data,
                               cert->derCert.len);
   DCHECK_EQ(rv, SECSuccess);
-  fingerprint_item.data = fingerprint;
-  fingerprint_item.len = len;
-  return psm::ProcessRawBytes(&fingerprint_item);
+  return x509_certificate_model::ProcessRawBytes(fingerprint, len);
 }
 
 std::string ProcessSecAlgorithmInternal(SECAlgorithmID* algorithm_id) {
@@ -293,6 +290,7 @@ void DestroyCertChain(X509Certificate::OSCertHandles* cert_handles) {
   for (X509Certificate::OSCertHandles::iterator i(cert_handles->begin());
        i != cert_handles->end(); ++i)
     CERT_DestroyCertificate(*i);
+  cert_handles->clear();
 }
 
 string GetDerString(X509Certificate::OSCertHandle cert_handle) {
@@ -372,7 +370,8 @@ string ProcessSubjectPublicKeyInfo(X509Certificate::OSCertHandle cert_handle) {
 }
 
 string ProcessRawBitsSignatureWrap(X509Certificate::OSCertHandle cert_handle) {
-  return psm::ProcessRawBits(&cert_handle->signatureWrap.signature);
+  return ProcessRawBits(cert_handle->signatureWrap.signature.data,
+                        cert_handle->signatureWrap.signature.len);
 }
 
 void RegisterDynamicOids() {
diff --git a/chrome/common/net/x509_certificate_model_openssl.cc b/chrome/common/net/x509_certificate_model_openssl.cc
index 57670f1..7c4836f 100644
--- a/chrome/common/net/x509_certificate_model_openssl.cc
+++ b/chrome/common/net/x509_certificate_model_openssl.cc
@@ -2,11 +2,42 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "chrome/common/net/x509_certificate_model.h"
+
+#include <openssl/obj_mac.h>
+#include <openssl/sha.h>
 #include <openssl/x509v3.h>
 
-#include "chrome/common/net/x509_certificate_model.h"
+#include "base/logging.h"
+#include "base/string_number_conversions.h"
+#include "net/base/x509_openssl_util.h"
+
+namespace nxou = net::x509_openssl_util;
+
+namespace {
+
+std::string AlternativeWhenEmpty(const std::string& text,
+                                 const std::string& alternative) {
+  return text.empty() ? alternative : text;
+}
+
+std::string GetKeyValuesFromName(X509_NAME* name) {
+  std::string ret;
+  int rdns = X509_NAME_entry_count(name) - 1;
+  for (int i = rdns; i >= 0; --i) {
+    std::string key;
+    std::string value;
+    if (!nxou::ParsePrincipalKeyAndValueByIndex(name, i, &key, &value))
+      break;
+    ret += key;
+    ret += " = ";
+    ret += value;
+    ret += '\n';
+  }
+  return ret;
+}
 
-#include "net/base/x509_certificate.h"
+}  // namepsace
 
 namespace x509_certificate_model {
 
@@ -23,7 +54,9 @@ std::string GetTokenName(X509Certificate::OSCertHandle cert_handle) {
 }
 
 std::string GetVersion(net::X509Certificate::OSCertHandle cert_handle) {
-  // TODO(bulach): implement me.
+  unsigned long version = X509_get_version(cert_handle);
+  if (version != ULONG_MAX)
+    return base::UintToString(version + 1);
   return "";
 }
 
@@ -50,55 +83,70 @@ std::string GetKeyUsageString(X509Certificate::OSCertHandle cert_handle) {
 std::string GetSerialNumberHexified(
     X509Certificate::OSCertHandle cert_handle,
     const std::string& alternative_text) {
-  // TODO(bulach): implement me.
-  return "";
+  ASN1_INTEGER* num = X509_get_serialNumber(cert_handle);
+  const char kSerialNumberSeparator = ':';
+  std::string hex_string = ProcessRawBytesWithSeparators(
+      num->data, num->length, kSerialNumberSeparator, kSerialNumberSeparator);
+  return AlternativeWhenEmpty(hex_string, alternative_text);
 }
 
 std::string GetIssuerCommonName(
     X509Certificate::OSCertHandle cert_handle,
     const std::string& alternative_text) {
-  // TODO(bulach): implement me.
-  return "";
+  std::string ret;
+  nxou::ParsePrincipalValueByNID(X509_get_issuer_name(cert_handle),
+                                 NID_commonName, &ret);
+  return AlternativeWhenEmpty(ret, alternative_text);
 }
 
 std::string GetIssuerOrgName(
     X509Certificate::OSCertHandle cert_handle,
     const std::string& alternative_text) {
-  // TODO(bulach): implement me.
-  return "";
+  std::string ret;
+  nxou::ParsePrincipalValueByNID(X509_get_issuer_name(cert_handle),
+                                 NID_organizationName, &ret);
+  return AlternativeWhenEmpty(ret, alternative_text);
 }
 
 std::string GetIssuerOrgUnitName(
     X509Certificate::OSCertHandle cert_handle,
     const std::string& alternative_text) {
-  // TODO(bulach): implement me.
-  return "";
+  std::string ret;
+  nxou::ParsePrincipalValueByNID(X509_get_issuer_name(cert_handle),
+                                 NID_organizationalUnitName, &ret);
+  return AlternativeWhenEmpty(ret, alternative_text);
 }
 
 std::string GetSubjectOrgName(
     X509Certificate::OSCertHandle cert_handle,
     const std::string& alternative_text) {
-  // TODO(bulach): implement me.
-  return "";
+  std::string ret;
+  nxou::ParsePrincipalValueByNID(X509_get_subject_name(cert_handle),
+                                 NID_organizationName, &ret);
+  return AlternativeWhenEmpty(ret, alternative_text);
 }
 
 std::string GetSubjectOrgUnitName(
     X509Certificate::OSCertHandle cert_handle,
     const std::string& alternative_text) {
-  // TODO(bulach): implement me.
-  return "";
+  std::string ret;
+  nxou::ParsePrincipalValueByNID(X509_get_subject_name(cert_handle),
+                                 NID_organizationalUnitName, &ret);
+  return AlternativeWhenEmpty(ret, alternative_text);
 }
 
 std::string GetSubjectCommonName(X509Certificate::OSCertHandle cert_handle,
                                  const std::string& alternative_text) {
-  // TODO(bulach): implement me.
-  return "";
+  std::string ret;
+  nxou::ParsePrincipalValueByNID(X509_get_subject_name(cert_handle),
+                                 NID_commonName, &ret);
+  return AlternativeWhenEmpty(ret, alternative_text);
 }
 
 bool GetTimes(X509Certificate::OSCertHandle cert_handle,
               base::Time* issued, base::Time* expires) {
-  // TODO(bulach): implement me.
-  return false;
+  return nxou::ParseDate(X509_get_notBefore(cert_handle), issued) &&
+         nxou::ParseDate(X509_get_notAfter(cert_handle), expires);
 }
 
 std::string GetTitle(net::X509Certificate::OSCertHandle cert_handle) {
@@ -107,13 +155,11 @@ std::string GetTitle(net::X509Certificate::OSCertHandle cert_handle) {
 }
 
 std::string GetIssuerName(net::X509Certificate::OSCertHandle cert_handle) {
-  // TODO(bulach): implement me.
-  return "";
+  return GetKeyValuesFromName(X509_get_issuer_name(cert_handle));
 }
 
 std::string GetSubjectName(net::X509Certificate::OSCertHandle cert_handle) {
-  // TODO(bulach): implement me.
-  return "";
+  return GetKeyValuesFromName(X509_get_subject_name(cert_handle));
 }
 
 void GetEmailAddresses(net::X509Certificate::OSCertHandle cert_handle,
@@ -138,22 +184,34 @@ void GetExtensions(
 }
 
 std::string HashCertSHA256(net::X509Certificate::OSCertHandle cert_handle) {
-  // TODO(bulach): implement me.
-  return "";
+  unsigned char sha256_data[SHA256_DIGEST_LENGTH] = {0};
+  unsigned int sha256_size = sizeof(sha256_data);
+  int ret = X509_digest(cert_handle, EVP_sha256(), sha256_data, &sha256_size);
+  CHECK(ret);
+  CHECK_EQ(sha256_size, sizeof(sha256_data));
+  return ProcessRawBytes(sha256_data, sha256_size);
 }
 
 std::string HashCertSHA1(net::X509Certificate::OSCertHandle cert_handle) {
-  // TODO(bulach): implement me.
-  return "";
+  unsigned char sha1_data[SHA_DIGEST_LENGTH] = {0};
+  unsigned int sha1_size = sizeof(sha1_data);
+  int ret = X509_digest(cert_handle, EVP_sha1(), sha1_data, &sha1_size);
+  CHECK(ret);
+  CHECK_EQ(sha1_size, sizeof(sha1_data));
+  return ProcessRawBytes(sha1_data, sha1_size);
 }
 
 void GetCertChainFromCert(net::X509Certificate::OSCertHandle cert_handle,
                           net::X509Certificate::OSCertHandles* cert_handles) {
-  // TODO(bulach): implement me.
+  // TODO(bulach): how to get the chain out of a certificate?
+  cert_handles->push_back(net::X509Certificate::DupOSCertHandle(cert_handle));
 }
 
 void DestroyCertChain(net::X509Certificate::OSCertHandles* cert_handles) {
-  // TODO(bulach): implement me.
+  for (net::X509Certificate::OSCertHandles::iterator i = cert_handles->begin();
+       i != cert_handles->end(); ++i)
+    X509_free(*i);
+  cert_handles->clear();
 }
 
 std::string GetDerString(net::X509Certificate::OSCertHandle cert_handle) {
diff --git a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
index 6fceac8..6e8b54d 100644
--- a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
+++ b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
@@ -88,6 +88,11 @@ SECOidTag RegisterDynamicOid(const char* oid_string) {
   return rv;
 }
 
+// Format a SECItem as a space separated string, with 16 bytes on each line.
+std::string ProcessRawBytes(SECItem* data) {
+  return x509_certificate_model::ProcessRawBytes(data->data, data->len);
+}
+
 }  // namespace
 
 namespace mozilla_security_manager {
@@ -141,34 +146,6 @@ void RegisterDynamicOids() {
       "2.16.840.1.113730.4.1");
 }
 
-std::string ProcessRawBytes(SECItem* data) {
-  static const char kHexChars[] = "0123456789ABCDEF";
-
-  // Each input byte creates two output hex characters + a space or newline,
-  // except for the last byte.
-  std::string ret(std::max(0u, data->len * 3 - 1), '\0');
-
-  for (size_t i = 0; i < data->len; ++i) {
-    unsigned char b = data->data[i];
-    ret[i * 3] = kHexChars[(b >> 4) & 0xf];
-    ret[i * 3 + 1] = kHexChars[b & 0xf];
-    if (i + 1 < data->len) {
-      if ((i + 1) % 16 == 0)
-        ret[i * 3 + 2] = '\n';
-      else
-        ret[i * 3 + 2] = ' ';
-    }
-  }
-  return ret;
-}
-
-std::string ProcessRawBits(SECItem* data) {
-  SECItem bytedata;
-  bytedata.data = data->data;
-  bytedata.len = data->len / 8;
-  return ProcessRawBytes(&bytedata);
-}
-
 std::string DumpOidString(SECItem* oid) {
   char* pr_string = CERT_GetOidString(oid);
   if (pr_string) {
@@ -1045,7 +1022,8 @@ std::string ProcessSubjectPublicKeyInfo(CERTSubjectPublicKeyInfo* spki) {
         break;
       }
       default:
-        rv = ProcessRawBits(&spki->subjectPublicKey);
+        rv = x509_certificate_model::ProcessRawBits(
+            spki->subjectPublicKey.data, spki->subjectPublicKey.len);
         break;
     }
     SECKEY_DestroyPublicKey(key);
diff --git a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h
index 0022a5da..2c4253c 100644
--- a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h
+++ b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h
@@ -65,12 +65,6 @@ extern SECOidTag ms_ntds_replication;
 
 void RegisterDynamicOids();
 
-// Format a SECItem as a space separated string, with 16 bytes on each line.
-std::string ProcessRawBytes(SECItem* data);
-
-// For fields which have the length specified in bits, rather than bytes.
-std::string ProcessRawBits(SECItem* data);
-
 std::string DumpOidString(SECItem* oid);
 std::string GetOIDText(SECItem* oid);