diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-10-02 01:59:03 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-10-02 01:59:03 +0000 |
| commit | 7b7c561163aaa7fd98979fee905a62615f256f0e (patch) | |
| tree | 1e4920b2e91cf6319bab8758aa7b13e663fa4ce4 /net/base/x509_certificate_nss.cc | |
| parent | 468a82d9381d6787d603b42b6427a65b35694b90 (diff) | |
| download | chromium_src-7b7c561163aaa7fd98979fee905a62615f256f0e.zip chromium_src-7b7c561163aaa7fd98979fee905a62615f256f0e.tar.gz chromium_src-7b7c561163aaa7fd98979fee905a62615f256f0e.tar.bz2 | |
Revert r27819 because it causes net_unittests to crash in the
HTTPSRequestTest.HTTPSGetTest test.
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@27821 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/x509_certificate_nss.cc')
| -rw-r--r-- | net/base/x509_certificate_nss.cc | 58 |
1 files changed, 38 insertions, 20 deletions
diff --git a/net/base/x509_certificate_nss.cc b/net/base/x509_certificate_nss.cc index 84fc8f5..9b63b1e 100644 --- a/net/base/x509_certificate_nss.cc +++ b/net/base/x509_certificate_nss.cc @@ -156,7 +156,6 @@ int MapCertErrorToCertStatus(int err) { case SEC_ERROR_CA_CERT_INVALID: return CERT_STATUS_AUTHORITY_INVALID; // TODO(port): map CERT_STATUS_NO_REVOCATION_MECHANISM. - case SEC_ERROR_OCSP_BAD_HTTP_RESPONSE: case SEC_ERROR_OCSP_SERVER_ERROR: return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; case SEC_ERROR_REVOKED_CERTIFICATE: @@ -228,29 +227,49 @@ base::Time PRTimeToBaseTime(PRTime prtime) { return base::Time::FromUTCExploded(exploded); } -typedef char* (*CERTGetNameFunc)(CERTName* name); - -void ParsePrincipal(CERTName* name, +void ParsePrincipal(SECItem* der_name, X509Certificate::Principal* principal) { + CERTName name; + PRArenaPool* arena = NULL; + + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + DCHECK(arena != NULL); + if (arena == NULL) + return; + + // TODO(dkegel): is CERT_NameTemplate what we always want here? + SECStatus rv; + rv = SEC_QuickDERDecodeItem(arena, &name, CERT_NameTemplate, der_name); + DCHECK(rv == SECSuccess); + if ( rv != SECSuccess ) { + PORT_FreeArena(arena, PR_FALSE); + return; + } + + std::vector<std::string> common_names, locality_names, state_names, + country_names; + // TODO(jcampan): add business_category and serial_number. - // TODO(wtc): NSS has the CERT_GetOrgName, CERT_GetOrgUnitName, and - // CERT_GetDomainComponentName functions, but they return only the most - // general (the first) RDN. NSS doesn't have a function for the street - // address. static const SECOidTag kOIDs[] = { + SEC_OID_AVA_COMMON_NAME, + SEC_OID_AVA_LOCALITY, + SEC_OID_AVA_STATE_OR_PROVINCE, + SEC_OID_AVA_COUNTRY_NAME, SEC_OID_AVA_STREET_ADDRESS, SEC_OID_AVA_ORGANIZATION_NAME, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME, SEC_OID_AVA_DC }; std::vector<std::string>* values[] = { + &common_names, &locality_names, + &state_names, &country_names, &principal->street_addresses, &principal->organization_names, &principal->organization_unit_names, &principal->domain_components }; DCHECK(arraysize(kOIDs) == arraysize(values)); - CERTRDN** rdns = name->rdns; + CERTRDN** rdns = name.rdns; for (size_t rdn = 0; rdns[rdn]; ++rdn) { CERTAVA** avas = rdns[rdn]->avas; for (size_t pair = 0; avas[pair] != 0; ++pair) { @@ -260,7 +279,6 @@ void ParsePrincipal(CERTName* name, SECItem* decode_item = CERT_DecodeAVAValue(&avas[pair]->value); if (!decode_item) break; - // TODO(wtc): Pass decode_item to CERT_RFC1485_EscapeAndQuote. std::string value(reinterpret_cast<char*>(decode_item->data), decode_item->len); values[oid]->push_back(value); @@ -271,18 +289,18 @@ void ParsePrincipal(CERTName* name, } } - // CN, L, S, and C. - CERTGetNameFunc get_name_funcs[4] = { - CERT_GetCommonName, CERT_GetLocalityName, - CERT_GetStateName, CERT_GetCountryName }; + // We don't expect to have more than one CN, L, S, and C. + std::vector<std::string>* single_value_lists[4] = { + &common_names, &locality_names, &state_names, &country_names }; std::string* single_values[4] = { &principal->common_name, &principal->locality_name, &principal->state_or_province_name, &principal->country_name }; - for (size_t i = 0; i < arraysize(get_name_funcs); ++i) { - char* value = get_name_funcs[i](name); - single_values[i]->assign(value); - PORT_Free(value); + for (size_t i = 0; i < arraysize(single_value_lists); ++i) { + DCHECK(single_value_lists[i]->size() <= 1); + if (single_value_lists[i]->size() > 0) + *(single_values[i]) = (*(single_value_lists[i]))[0]; } + PORT_FreeArena(arena, PR_FALSE); } void ParseDate(SECItem* der_date, base::Time* result) { @@ -453,8 +471,8 @@ bool CheckCertPolicies(X509Certificate::OSCertHandle cert_handle, } // namespace void X509Certificate::Initialize() { - ParsePrincipal(&cert_handle_->subject, &subject_); - ParsePrincipal(&cert_handle_->issuer, &issuer_); + ParsePrincipal(&cert_handle_->derSubject, &subject_); + ParsePrincipal(&cert_handle_->derIssuer, &issuer_); ParseDate(&cert_handle_->validity.notBefore, &valid_start_); ParseDate(&cert_handle_->validity.notAfter, &valid_expiry_); |