diff options
Diffstat (limited to 'chrome')
6 files changed, 152 insertions, 72 deletions
diff --git a/chrome/common/net/x509_certificate_model.cc b/chrome/common/net/x509_certificate_model.cc index 5f39685..641e7c5d 100644 --- a/chrome/common/net/x509_certificate_model.cc +++ b/chrome/common/net/x509_certificate_model.cc @@ -49,5 +49,40 @@ std::string ProcessIDN(const std::string& input) { input16, output16); } +std::string ProcessRawBytesWithSeparators(const unsigned char* data, + size_t data_length, + char hex_separator, + char line_separator) { + static const char kHexChars[] = "0123456789ABCDEF"; + + // Each input byte creates two output hex characters + a space or newline, + // except for the last byte. + std::string ret; + size_t kMin = 0U; + ret.reserve(std::max(kMin, data_length * 3 - 1)); + + for (size_t i = 0; i < data_length; ++i) { + unsigned char b = data[i]; + ret.push_back(kHexChars[(b >> 4) & 0xf]); + ret.push_back(kHexChars[b & 0xf]); + if (i + 1 < data_length) { + if ((i + 1) % 16 == 0) + ret.push_back(line_separator); + else + ret.push_back(hex_separator); + } + } + return ret; +} + +std::string ProcessRawBytes(const unsigned char* data, size_t data_length) { + return ProcessRawBytesWithSeparators(data, data_length, ' ', '\n'); +} + +std::string ProcessRawBits(const unsigned char* data, size_t data_length) { + return ProcessRawBytesWithSeparators(data, (data_length + 7) / 8, ' ', '\n'); +} + + } // x509_certificate_model diff --git a/chrome/common/net/x509_certificate_model.h b/chrome/common/net/x509_certificate_model.h index 351f489..56bb0a75 100644 --- a/chrome/common/net/x509_certificate_model.h +++ b/chrome/common/net/x509_certificate_model.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef NET_BASE_X509_CERTIFICATE_MODEL_H_ -#define NET_BASE_X509_CERTIFICATE_MODEL_H_ +#ifndef CHROME_COMMON_NET_X509_CERTIFICATE_MODEL_H_ +#define CHROME_COMMON_NET_X509_CERTIFICATE_MODEL_H_ #pragma once #include "net/base/cert_database.h" @@ -123,6 +123,22 @@ std::string ProcessRawBitsSignatureWrap( void RegisterDynamicOids(); +// Format a buffer as |hex_separator| separated string, with 16 bytes on each +// line separated using |line_separator|. +std::string ProcessRawBytesWithSeparators(const unsigned char* data, + size_t data_length, + char hex_separator, + char line_separator); + +// Format a buffer as a space separated string, with 16 bytes on each line. +std::string ProcessRawBytes(const unsigned char* data, + size_t data_length); + +// Format a buffer as a space separated string, with 16 bytes on each line. +// |data_length| is the length in bits. +std::string ProcessRawBits(const unsigned char* data, + size_t data_length); + } // namespace x509_certificate_model -#endif // NET_BASE_X509_CERTIFICATE_MODEL_H_ +#endif // CHROME_COMMON_NET_X509_CERTIFICATE_MODEL_H_ diff --git a/chrome/common/net/x509_certificate_model_nss.cc b/chrome/common/net/x509_certificate_model_nss.cc index da17a60..4d46174 100644 --- a/chrome/common/net/x509_certificate_model_nss.cc +++ b/chrome/common/net/x509_certificate_model_nss.cc @@ -42,7 +42,6 @@ std::string Stringize(char* nss_text, const std::string& alternative_text) { // algorithm, but given the limited uses, not worth fixing.) std::string HashCert(CERTCertificate* cert, HASH_HashType algorithm, int len) { unsigned char fingerprint[HASH_LENGTH_MAX]; - SECItem fingerprint_item; DCHECK(NULL != cert->derCert.data); DCHECK_NE(0U, cert->derCert.len); @@ -51,9 +50,7 @@ std::string HashCert(CERTCertificate* cert, HASH_HashType algorithm, int len) { SECStatus rv = HASH_HashBuf(algorithm, fingerprint, cert->derCert.data, cert->derCert.len); DCHECK_EQ(rv, SECSuccess); - fingerprint_item.data = fingerprint; - fingerprint_item.len = len; - return psm::ProcessRawBytes(&fingerprint_item); + return x509_certificate_model::ProcessRawBytes(fingerprint, len); } std::string ProcessSecAlgorithmInternal(SECAlgorithmID* algorithm_id) { @@ -293,6 +290,7 @@ void DestroyCertChain(X509Certificate::OSCertHandles* cert_handles) { for (X509Certificate::OSCertHandles::iterator i(cert_handles->begin()); i != cert_handles->end(); ++i) CERT_DestroyCertificate(*i); + cert_handles->clear(); } string GetDerString(X509Certificate::OSCertHandle cert_handle) { @@ -372,7 +370,8 @@ string ProcessSubjectPublicKeyInfo(X509Certificate::OSCertHandle cert_handle) { } string ProcessRawBitsSignatureWrap(X509Certificate::OSCertHandle cert_handle) { - return psm::ProcessRawBits(&cert_handle->signatureWrap.signature); + return ProcessRawBits(cert_handle->signatureWrap.signature.data, + cert_handle->signatureWrap.signature.len); } void RegisterDynamicOids() { diff --git a/chrome/common/net/x509_certificate_model_openssl.cc b/chrome/common/net/x509_certificate_model_openssl.cc index 57670f1..7c4836f 100644 --- a/chrome/common/net/x509_certificate_model_openssl.cc +++ b/chrome/common/net/x509_certificate_model_openssl.cc @@ -2,11 +2,42 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +#include "chrome/common/net/x509_certificate_model.h" + +#include <openssl/obj_mac.h> +#include <openssl/sha.h> #include <openssl/x509v3.h> -#include "chrome/common/net/x509_certificate_model.h" +#include "base/logging.h" +#include "base/string_number_conversions.h" +#include "net/base/x509_openssl_util.h" + +namespace nxou = net::x509_openssl_util; + +namespace { + +std::string AlternativeWhenEmpty(const std::string& text, + const std::string& alternative) { + return text.empty() ? alternative : text; +} + +std::string GetKeyValuesFromName(X509_NAME* name) { + std::string ret; + int rdns = X509_NAME_entry_count(name) - 1; + for (int i = rdns; i >= 0; --i) { + std::string key; + std::string value; + if (!nxou::ParsePrincipalKeyAndValueByIndex(name, i, &key, &value)) + break; + ret += key; + ret += " = "; + ret += value; + ret += '\n'; + } + return ret; +} -#include "net/base/x509_certificate.h" +} // namepsace namespace x509_certificate_model { @@ -23,7 +54,9 @@ std::string GetTokenName(X509Certificate::OSCertHandle cert_handle) { } std::string GetVersion(net::X509Certificate::OSCertHandle cert_handle) { - // TODO(bulach): implement me. + unsigned long version = X509_get_version(cert_handle); + if (version != ULONG_MAX) + return base::UintToString(version + 1); return ""; } @@ -50,55 +83,70 @@ std::string GetKeyUsageString(X509Certificate::OSCertHandle cert_handle) { std::string GetSerialNumberHexified( X509Certificate::OSCertHandle cert_handle, const std::string& alternative_text) { - // TODO(bulach): implement me. - return ""; + ASN1_INTEGER* num = X509_get_serialNumber(cert_handle); + const char kSerialNumberSeparator = ':'; + std::string hex_string = ProcessRawBytesWithSeparators( + num->data, num->length, kSerialNumberSeparator, kSerialNumberSeparator); + return AlternativeWhenEmpty(hex_string, alternative_text); } std::string GetIssuerCommonName( X509Certificate::OSCertHandle cert_handle, const std::string& alternative_text) { - // TODO(bulach): implement me. - return ""; + std::string ret; + nxou::ParsePrincipalValueByNID(X509_get_issuer_name(cert_handle), + NID_commonName, &ret); + return AlternativeWhenEmpty(ret, alternative_text); } std::string GetIssuerOrgName( X509Certificate::OSCertHandle cert_handle, const std::string& alternative_text) { - // TODO(bulach): implement me. - return ""; + std::string ret; + nxou::ParsePrincipalValueByNID(X509_get_issuer_name(cert_handle), + NID_organizationName, &ret); + return AlternativeWhenEmpty(ret, alternative_text); } std::string GetIssuerOrgUnitName( X509Certificate::OSCertHandle cert_handle, const std::string& alternative_text) { - // TODO(bulach): implement me. - return ""; + std::string ret; + nxou::ParsePrincipalValueByNID(X509_get_issuer_name(cert_handle), + NID_organizationalUnitName, &ret); + return AlternativeWhenEmpty(ret, alternative_text); } std::string GetSubjectOrgName( X509Certificate::OSCertHandle cert_handle, const std::string& alternative_text) { - // TODO(bulach): implement me. - return ""; + std::string ret; + nxou::ParsePrincipalValueByNID(X509_get_subject_name(cert_handle), + NID_organizationName, &ret); + return AlternativeWhenEmpty(ret, alternative_text); } std::string GetSubjectOrgUnitName( X509Certificate::OSCertHandle cert_handle, const std::string& alternative_text) { - // TODO(bulach): implement me. - return ""; + std::string ret; + nxou::ParsePrincipalValueByNID(X509_get_subject_name(cert_handle), + NID_organizationalUnitName, &ret); + return AlternativeWhenEmpty(ret, alternative_text); } std::string GetSubjectCommonName(X509Certificate::OSCertHandle cert_handle, const std::string& alternative_text) { - // TODO(bulach): implement me. - return ""; + std::string ret; + nxou::ParsePrincipalValueByNID(X509_get_subject_name(cert_handle), + NID_commonName, &ret); + return AlternativeWhenEmpty(ret, alternative_text); } bool GetTimes(X509Certificate::OSCertHandle cert_handle, base::Time* issued, base::Time* expires) { - // TODO(bulach): implement me. - return false; + return nxou::ParseDate(X509_get_notBefore(cert_handle), issued) && + nxou::ParseDate(X509_get_notAfter(cert_handle), expires); } std::string GetTitle(net::X509Certificate::OSCertHandle cert_handle) { @@ -107,13 +155,11 @@ std::string GetTitle(net::X509Certificate::OSCertHandle cert_handle) { } std::string GetIssuerName(net::X509Certificate::OSCertHandle cert_handle) { - // TODO(bulach): implement me. - return ""; + return GetKeyValuesFromName(X509_get_issuer_name(cert_handle)); } std::string GetSubjectName(net::X509Certificate::OSCertHandle cert_handle) { - // TODO(bulach): implement me. - return ""; + return GetKeyValuesFromName(X509_get_subject_name(cert_handle)); } void GetEmailAddresses(net::X509Certificate::OSCertHandle cert_handle, @@ -138,22 +184,34 @@ void GetExtensions( } std::string HashCertSHA256(net::X509Certificate::OSCertHandle cert_handle) { - // TODO(bulach): implement me. - return ""; + unsigned char sha256_data[SHA256_DIGEST_LENGTH] = {0}; + unsigned int sha256_size = sizeof(sha256_data); + int ret = X509_digest(cert_handle, EVP_sha256(), sha256_data, &sha256_size); + CHECK(ret); + CHECK_EQ(sha256_size, sizeof(sha256_data)); + return ProcessRawBytes(sha256_data, sha256_size); } std::string HashCertSHA1(net::X509Certificate::OSCertHandle cert_handle) { - // TODO(bulach): implement me. - return ""; + unsigned char sha1_data[SHA_DIGEST_LENGTH] = {0}; + unsigned int sha1_size = sizeof(sha1_data); + int ret = X509_digest(cert_handle, EVP_sha1(), sha1_data, &sha1_size); + CHECK(ret); + CHECK_EQ(sha1_size, sizeof(sha1_data)); + return ProcessRawBytes(sha1_data, sha1_size); } void GetCertChainFromCert(net::X509Certificate::OSCertHandle cert_handle, net::X509Certificate::OSCertHandles* cert_handles) { - // TODO(bulach): implement me. + // TODO(bulach): how to get the chain out of a certificate? + cert_handles->push_back(net::X509Certificate::DupOSCertHandle(cert_handle)); } void DestroyCertChain(net::X509Certificate::OSCertHandles* cert_handles) { - // TODO(bulach): implement me. + for (net::X509Certificate::OSCertHandles::iterator i = cert_handles->begin(); + i != cert_handles->end(); ++i) + X509_free(*i); + cert_handles->clear(); } std::string GetDerString(net::X509Certificate::OSCertHandle cert_handle) { diff --git a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp index 6fceac8..6e8b54d 100644 --- a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp +++ b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp @@ -88,6 +88,11 @@ SECOidTag RegisterDynamicOid(const char* oid_string) { return rv; } +// Format a SECItem as a space separated string, with 16 bytes on each line. +std::string ProcessRawBytes(SECItem* data) { + return x509_certificate_model::ProcessRawBytes(data->data, data->len); +} + } // namespace namespace mozilla_security_manager { @@ -141,34 +146,6 @@ void RegisterDynamicOids() { "2.16.840.1.113730.4.1"); } -std::string ProcessRawBytes(SECItem* data) { - static const char kHexChars[] = "0123456789ABCDEF"; - - // Each input byte creates two output hex characters + a space or newline, - // except for the last byte. - std::string ret(std::max(0u, data->len * 3 - 1), '\0'); - - for (size_t i = 0; i < data->len; ++i) { - unsigned char b = data->data[i]; - ret[i * 3] = kHexChars[(b >> 4) & 0xf]; - ret[i * 3 + 1] = kHexChars[b & 0xf]; - if (i + 1 < data->len) { - if ((i + 1) % 16 == 0) - ret[i * 3 + 2] = '\n'; - else - ret[i * 3 + 2] = ' '; - } - } - return ret; -} - -std::string ProcessRawBits(SECItem* data) { - SECItem bytedata; - bytedata.data = data->data; - bytedata.len = data->len / 8; - return ProcessRawBytes(&bytedata); -} - std::string DumpOidString(SECItem* oid) { char* pr_string = CERT_GetOidString(oid); if (pr_string) { @@ -1045,7 +1022,8 @@ std::string ProcessSubjectPublicKeyInfo(CERTSubjectPublicKeyInfo* spki) { break; } default: - rv = ProcessRawBits(&spki->subjectPublicKey); + rv = x509_certificate_model::ProcessRawBits( + spki->subjectPublicKey.data, spki->subjectPublicKey.len); break; } SECKEY_DestroyPublicKey(key); diff --git a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h index 0022a5da..2c4253c 100644 --- a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h +++ b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h @@ -65,12 +65,6 @@ extern SECOidTag ms_ntds_replication; void RegisterDynamicOids(); -// Format a SECItem as a space separated string, with 16 bytes on each line. -std::string ProcessRawBytes(SECItem* data); - -// For fields which have the length specified in bits, rather than bytes. -std::string ProcessRawBits(SECItem* data); - std::string DumpOidString(SECItem* oid); std::string GetOIDText(SECItem* oid); |