diff options
Diffstat (limited to 'chrome/common/net')
| -rw-r--r-- | chrome/common/net/gaia/gaia_authenticator2.cc | 51 | ||||
| -rw-r--r-- | chrome/common/net/gaia/gaia_authenticator2_unittest.cc | 6 | ||||
| -rw-r--r-- | chrome/common/net/gaia/gaia_constants.cc | 4 | ||||
| -rw-r--r-- | chrome/common/net/gaia/gaia_constants.h | 2 | ||||
| -rw-r--r-- | chrome/common/net/gaia/google_service_auth_error.h | 4 | ||||
| -rw-r--r-- | chrome/common/net/raw_host_resolver_proc.cc | 28 | ||||
| -rw-r--r-- | chrome/common/net/raw_host_resolver_proc.h | 40 | ||||
| -rw-r--r-- | chrome/common/net/test_url_fetcher_factory.cc | 14 | ||||
| -rw-r--r-- | chrome/common/net/test_url_fetcher_factory.h | 19 | ||||
| -rw-r--r-- | chrome/common/net/url_fetcher.cc | 14 | ||||
| -rw-r--r-- | chrome/common/net/url_fetcher_unittest.cc | 23 | ||||
| -rw-r--r-- | chrome/common/net/url_request_context_getter.cc | 2 | ||||
| -rw-r--r-- | chrome/common/net/url_request_context_getter.h | 9 | ||||
| -rw-r--r-- | chrome/common/net/x509_certificate_model.cc | 36 | ||||
| -rw-r--r-- | chrome/common/net/x509_certificate_model.h | 24 | ||||
| -rw-r--r-- | chrome/common/net/x509_certificate_model_nss.cc | 9 | ||||
| -rw-r--r-- | chrome/common/net/x509_certificate_model_openssl.cc | 116 |
17 files changed, 307 insertions, 94 deletions
diff --git a/chrome/common/net/gaia/gaia_authenticator2.cc b/chrome/common/net/gaia/gaia_authenticator2.cc index 108d76c..21b8190 100644 --- a/chrome/common/net/gaia/gaia_authenticator2.cc +++ b/chrome/common/net/gaia/gaia_authenticator2.cc @@ -11,6 +11,7 @@ #include "base/string_split.h" #include "base/string_util.h" #include "chrome/common/net/gaia/gaia_auth_consumer.h" +#include "chrome/common/net/gaia/gaia_constants.h" #include "chrome/common/net/gaia/google_service_auth_error.h" #include "chrome/common/net/http_return.h" #include "chrome/common/net/url_request_context_getter.h" @@ -42,7 +43,7 @@ const char GaiaAuthenticator2::kIssueAuthTokenFormat[] = "SID=%s&" "LSID=%s&" "service=%s&" - "Session=true"; + "Session=%s"; // static const char GaiaAuthenticator2::kGetUserInfoFormat[] = "LSID=%s"; @@ -149,24 +150,24 @@ std::string GaiaAuthenticator2::MakeClientLoginBody( kAccountTypeGoogle; if (login_token.empty() || login_captcha.empty()) { - return StringPrintf(kClientLoginFormat, - encoded_username.c_str(), - encoded_password.c_str(), - kCookiePersistence, - account_type, - source.c_str(), - service); + return base::StringPrintf(kClientLoginFormat, + encoded_username.c_str(), + encoded_password.c_str(), + kCookiePersistence, + account_type, + source.c_str(), + service); } - return StringPrintf(kClientLoginCaptchaFormat, - encoded_username.c_str(), - encoded_password.c_str(), - kCookiePersistence, - account_type, - source.c_str(), - service, - encoded_login_token.c_str(), - encoded_login_captcha.c_str()); + return base::StringPrintf(kClientLoginCaptchaFormat, + encoded_username.c_str(), + encoded_password.c_str(), + kCookiePersistence, + account_type, + source.c_str(), + service, + encoded_login_token.c_str(), + encoded_login_captcha.c_str()); } @@ -178,16 +179,22 @@ std::string GaiaAuthenticator2::MakeIssueAuthTokenBody( std::string encoded_sid = UrlEncodeString(sid); std::string encoded_lsid = UrlEncodeString(lsid); - return StringPrintf(kIssueAuthTokenFormat, - encoded_sid.c_str(), - encoded_lsid.c_str(), - service); + // All tokens should be session tokens except the gaia auth token. + bool session = true; + if (!strcmp(service, GaiaConstants::kGaiaService)) + session = false; + + return base::StringPrintf(kIssueAuthTokenFormat, + encoded_sid.c_str(), + encoded_lsid.c_str(), + service, + session ? "true" : "false"); } // static std::string GaiaAuthenticator2::MakeGetUserInfoBody(const std::string& lsid) { std::string encoded_lsid = UrlEncodeString(lsid); - return StringPrintf(kGetUserInfoFormat, encoded_lsid.c_str()); + return base::StringPrintf(kGetUserInfoFormat, encoded_lsid.c_str()); } // Helper method that extracts tokens from a successful reply. diff --git a/chrome/common/net/gaia/gaia_authenticator2_unittest.cc b/chrome/common/net/gaia/gaia_authenticator2_unittest.cc index 44d1a17..6ef0a51 100644 --- a/chrome/common/net/gaia/gaia_authenticator2_unittest.cc +++ b/chrome/common/net/gaia/gaia_authenticator2_unittest.cc @@ -245,8 +245,8 @@ TEST_F(GaiaAuthenticator2Test, WorkingIssueAuthToken) { TEST_F(GaiaAuthenticator2Test, CheckTwoFactorResponse) { std::string response = - StringPrintf("Error=BadAuthentication\n%s\n", - GaiaAuthenticator2::kSecondFactor); + base::StringPrintf("Error=BadAuthentication\n%s\n", + GaiaAuthenticator2::kSecondFactor); EXPECT_TRUE(GaiaAuthenticator2::IsSecondFactorSuccess(response)); } @@ -256,7 +256,7 @@ TEST_F(GaiaAuthenticator2Test, CheckNormalErrorCode) { } TEST_F(GaiaAuthenticator2Test, TwoFactorLogin) { - std::string response = StringPrintf("Error=BadAuthentication\n%s\n", + std::string response = base::StringPrintf("Error=BadAuthentication\n%s\n", GaiaAuthenticator2::kSecondFactor); GoogleServiceAuthError error = diff --git a/chrome/common/net/gaia/gaia_constants.cc b/chrome/common/net/gaia/gaia_constants.cc index 810055e..addd468 100644 --- a/chrome/common/net/gaia/gaia_constants.cc +++ b/chrome/common/net/gaia/gaia_constants.cc @@ -12,6 +12,8 @@ namespace GaiaConstants { const char kChromeOSSource[] = "chromeos"; const char kChromeSource[] = "ChromiumBrowser"; +// Service name for Gaia. Used to convert to cookie auth. +const char kGaiaService[] = "gaia"; // Service name for Gaia Contacts API. API is used to get user's image. const char kContactsService[] = "cp"; // Service name for sync. @@ -22,5 +24,7 @@ const char kTalkService[] = "talk"; const char kRemotingService[] = "chromoting"; // Service name for cloud print. const char kCloudPrintService[] = "cloudprint"; +// Service name for device management (cloud-based policy) server. +const char kDeviceManagementService[] = "mobilesync"; } // namespace GaiaConstants diff --git a/chrome/common/net/gaia/gaia_constants.h b/chrome/common/net/gaia/gaia_constants.h index b1a2617..d0f3b10 100644 --- a/chrome/common/net/gaia/gaia_constants.h +++ b/chrome/common/net/gaia/gaia_constants.h @@ -14,11 +14,13 @@ extern const char kChromeOSSource[]; extern const char kChromeSource[]; // Gaia services for requesting +extern const char kGaiaService[]; // uber token extern const char kContactsService[]; extern const char kTalkService[]; extern const char kSyncService[]; extern const char kRemotingService[]; extern const char kCloudPrintService[]; +extern const char kDeviceManagementService[]; } // namespace GaiaConstants diff --git a/chrome/common/net/gaia/google_service_auth_error.h b/chrome/common/net/gaia/google_service_auth_error.h index fa6f76b..032f59f 100644 --- a/chrome/common/net/gaia/google_service_auth_error.h +++ b/chrome/common/net/gaia/google_service_auth_error.h @@ -71,6 +71,10 @@ class GoogleServiceAuthError { // The requestor of the authentication step cancelled the request // prior to completion. REQUEST_CANCELED = 9, + + // The user has provided a HOSTED account, when this service requires + // a GOOGLE account. + HOSTED_NOT_ALLOWED = 10, }; // Additional data for CAPTCHA_REQUIRED errors. diff --git a/chrome/common/net/raw_host_resolver_proc.cc b/chrome/common/net/raw_host_resolver_proc.cc new file mode 100644 index 0000000..474afa2 --- /dev/null +++ b/chrome/common/net/raw_host_resolver_proc.cc @@ -0,0 +1,28 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "chrome/common/net/raw_host_resolver_proc.h" + +#include "base/logging.h" +#include "net/base/net_errors.h" + +namespace chrome_common_net { + +RawHostResolverProc::RawHostResolverProc(const net::IPAddressNumber& dns_server, + net::HostResolverProc* previous) + : HostResolverProc(previous), dns_server_(dns_server) {} + +int RawHostResolverProc::Resolve(const std::string& host, + net::AddressFamily address_family, + net::HostResolverFlags host_resolver_flags, + net::AddressList* addrlist, + int* os_error) { + // TODO(agayev): Implement raw DNS resolution. + LOG(INFO) << "trying to resolve " << host; + return net::ERR_NAME_NOT_RESOLVED; +} + +RawHostResolverProc::~RawHostResolverProc() {} + +} // namespace chrome_common_net diff --git a/chrome/common/net/raw_host_resolver_proc.h b/chrome/common/net/raw_host_resolver_proc.h new file mode 100644 index 0000000..7ec751a --- /dev/null +++ b/chrome/common/net/raw_host_resolver_proc.h @@ -0,0 +1,40 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CHROME_COMMON_NET_RAW_HOST_RESOLVER_PROC_H_ +#define CHROME_COMMON_NET_RAW_HOST_RESOLVER_PROC_H_ +#pragma once + +// RawHostResolverProc will eventually be a getaddrinfo() replacement. It +// will construct and send DNS queries to the DNS server specified via +// --dns-server flag and will parse the responses and put it into a cache +// together with the TTL. Necessary amendments will be made to cache and +// HostResolverProc interface to accomodate these. + +#include <string> + +#include "net/base/host_resolver_proc.h" +#include "net/base/net_util.h" + +namespace chrome_common_net { + +class RawHostResolverProc : public net::HostResolverProc { + public: + RawHostResolverProc(const net::IPAddressNumber& dns_server, + net::HostResolverProc* previous); + + virtual int Resolve(const std::string& host, + net::AddressFamily address_family, + net::HostResolverFlags host_resolver_flags, + net::AddressList* addrlist, + int* os_error); + private: + virtual ~RawHostResolverProc(); + + net::IPAddressNumber dns_server_; +}; + +} // namespace chrome_common_net + +#endif // CHROME_COMMON_NET_RAW_HOST_RESOLVER_PROC_H_ diff --git a/chrome/common/net/test_url_fetcher_factory.cc b/chrome/common/net/test_url_fetcher_factory.cc index 6ab3a49..635319f 100644 --- a/chrome/common/net/test_url_fetcher_factory.cc +++ b/chrome/common/net/test_url_fetcher_factory.cc @@ -1,13 +1,15 @@ -// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Copyright (c) 2010 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "chrome/common/net/test_url_fetcher_factory.h" -TestURLFetcher::TestURLFetcher(const GURL& url, +TestURLFetcher::TestURLFetcher(int id, + const GURL& url, URLFetcher::RequestType request_type, URLFetcher::Delegate* d) : URLFetcher(url, request_type, d), + id_(id), original_url_(url) { } @@ -16,7 +18,7 @@ URLFetcher* TestURLFetcherFactory::CreateURLFetcher( const GURL& url, URLFetcher::RequestType request_type, URLFetcher::Delegate* d) { - TestURLFetcher* fetcher = new TestURLFetcher(url, request_type, d); + TestURLFetcher* fetcher = new TestURLFetcher(id, url, request_type, d); fetchers_[id] = fetcher; return fetcher; } @@ -25,3 +27,9 @@ TestURLFetcher* TestURLFetcherFactory::GetFetcherByID(int id) const { Fetchers::const_iterator i = fetchers_.find(id); return i == fetchers_.end() ? NULL : i->second; } + +void TestURLFetcherFactory::RemoveFetcherFromMap(int id) { + Fetchers::iterator i = fetchers_.find(id); + DCHECK(i != fetchers_.end()); + fetchers_.erase(i); +} diff --git a/chrome/common/net/test_url_fetcher_factory.h b/chrome/common/net/test_url_fetcher_factory.h index a831e3a..3afa19e 100644 --- a/chrome/common/net/test_url_fetcher_factory.h +++ b/chrome/common/net/test_url_fetcher_factory.h @@ -1,4 +1,4 @@ -// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Copyright (c) 2010 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -39,14 +39,17 @@ class TestURLFetcher : public URLFetcher { public: - TestURLFetcher(const GURL& url, RequestType request_type, Delegate* d); - - // Returns the delegate installed on the URLFetcher. - Delegate* delegate() const { return URLFetcher::delegate(); } + TestURLFetcher(int id, + const GURL& url, + RequestType request_type, + Delegate* d); // Overriden to do nothing. It is assumed the caller will notify the delegate. virtual void Start() {} + // Unique ID in our factory. + int id() const { return id_; } + // URL we were created with. Because of how we're using URLFetcher url() // always returns an empty URL. Chances are you'll want to use original_url() // in your tests. @@ -55,7 +58,11 @@ class TestURLFetcher : public URLFetcher { // Returns the data uploaded on this URLFetcher. const std::string& upload_data() const { return URLFetcher::upload_data(); } + // Returns the delegate installed on the URLFetcher. + Delegate* delegate() const { return URLFetcher::delegate(); } + private: + const int id_; const GURL original_url_; DISALLOW_COPY_AND_ASSIGN(TestURLFetcher); @@ -71,8 +78,8 @@ class TestURLFetcherFactory : public URLFetcher::Factory { const GURL& url, URLFetcher::RequestType request_type, URLFetcher::Delegate* d); - TestURLFetcher* GetFetcherByID(int id) const; + void RemoveFetcherFromMap(int id); private: // Maps from id passed to create to the returned URLFetcher. diff --git a/chrome/common/net/url_fetcher.cc b/chrome/common/net/url_fetcher.cc index 4bfd8c7..9551255 100644 --- a/chrome/common/net/url_fetcher.cc +++ b/chrome/common/net/url_fetcher.cc @@ -34,7 +34,6 @@ bool URLFetcher::g_interception_enabled = false; class URLFetcher::Core : public base::RefCountedThreadSafe<URLFetcher::Core>, - public MessageLoop::DestructionObserver, public URLRequest::Delegate { public: // For POST requests, set |content_type| to the MIME type of the content @@ -58,10 +57,6 @@ class URLFetcher::Core // safe to call this multiple times. void Stop(); - // MessageLoop::DestructionObserver implementation. We are only registered as - // a DestructionObserver when |request_| exists. - virtual void WillDestroyCurrentMessageLoop(); - // URLRequest::Delegate implementation. virtual void OnResponseStarted(URLRequest* request); virtual void OnReadCompleted(URLRequest* request, int bytes_read); @@ -244,13 +239,6 @@ void URLFetcher::Core::Stop() { } } -void URLFetcher::Core::WillDestroyCurrentMessageLoop() { - CancelURLRequest(); - // Don't bother to try and notify the delegate thread portion of this object, - // since if the IO thread is shutting down, everything is shutting down, and - // we just want to avoid leaks. -} - void URLFetcher::Core::CancelAll() { g_registry.Get().CancelAll(); } @@ -308,7 +296,6 @@ void URLFetcher::Core::StartURLRequest() { CHECK(request_context_getter_); DCHECK(!request_.get()); - MessageLoop::current()->AddDestructionObserver(this); g_registry.Get().AddURLFetcherCore(this); request_.reset(new URLRequest(original_url_, this)); int flags = request_->load_flags() | load_flags_; @@ -401,7 +388,6 @@ void URLFetcher::Core::OnCompletedURLRequest(const URLRequestStatus& status) { void URLFetcher::Core::ReleaseRequest() { request_.reset(); g_registry.Get().RemoveURLFetcherCore(this); - MessageLoop::current()->RemoveDestructionObserver(this); } void URLFetcher::set_upload_data(const std::string& upload_content_type, diff --git a/chrome/common/net/url_fetcher_unittest.cc b/chrome/common/net/url_fetcher_unittest.cc index 3fc8469..466d8e6 100644 --- a/chrome/common/net/url_fetcher_unittest.cc +++ b/chrome/common/net/url_fetcher_unittest.cc @@ -5,6 +5,7 @@ #include "base/message_loop_proxy.h" #include "base/thread.h" #include "base/waitable_event.h" +#include "build/build_config.h" #include "chrome/common/chrome_plugin_lib.h" #include "chrome/common/net/url_fetcher.h" #include "chrome/common/net/url_fetcher_protect.h" @@ -14,6 +15,10 @@ #include "net/test/test_server.h" #include "testing/gtest/include/gtest/gtest.h" +#if defined(OS_LINUX) +#include "net/ocsp/nss_ocsp.h" +#endif + using base::Time; using base::TimeDelta; @@ -34,7 +39,7 @@ class TestURLRequestContextGetter : public URLRequestContextGetter { context_ = new TestURLRequestContext(); return context_; } - virtual scoped_refptr<base::MessageLoopProxy> GetIOMessageLoopProxy() { + virtual scoped_refptr<base::MessageLoopProxy> GetIOMessageLoopProxy() const { return io_message_loop_proxy_; } @@ -74,6 +79,15 @@ class URLFetcherTest : public testing::Test, public URLFetcher::Delegate { // Ensure that any plugin operations done by other tests are cleaned up. ChromePluginLib::UnloadAllPlugins(); +#if defined(OS_LINUX) + net::EnsureOCSPInit(); +#endif + } + + virtual void TearDown() { +#if defined(OS_LINUX) + net::ShutdownOCSP(); +#endif } // URLFetcher is designed to run on the main UI thread, but in our tests @@ -199,7 +213,7 @@ class CancelTestURLRequestContextGetter : public URLRequestContextGetter { } return context_; } - virtual scoped_refptr<base::MessageLoopProxy> GetIOMessageLoopProxy() { + virtual scoped_refptr<base::MessageLoopProxy> GetIOMessageLoopProxy() const { return io_message_loop_proxy_; } void WaitForContextCreation() { @@ -540,8 +554,9 @@ TEST_F(URLFetcherProtectTestPassedThrough, ServerUnavailablePropagateResponse) { TEST_F(URLFetcherBadHTTPSTest, BadHTTPSTest) { - net::TestServer test_server(net::TestServer::TYPE_HTTPS_EXPIRED_CERTIFICATE, - FilePath(kDocRoot)); + net::TestServer::HTTPSOptions https_options( + net::TestServer::HTTPSOptions::CERT_EXPIRED); + net::TestServer test_server(https_options, FilePath(kDocRoot)); ASSERT_TRUE(test_server.Start()); CreateFetcher(test_server.GetURL("defaultresponse")); diff --git a/chrome/common/net/url_request_context_getter.cc b/chrome/common/net/url_request_context_getter.cc index 57feb0e..08b5368 100644 --- a/chrome/common/net/url_request_context_getter.cc +++ b/chrome/common/net/url_request_context_getter.cc @@ -14,7 +14,7 @@ URLRequestContextGetter::URLRequestContextGetter() : is_main_(false) {} URLRequestContextGetter::~URLRequestContextGetter() {} -void URLRequestContextGetter::OnDestruct() { +void URLRequestContextGetter::OnDestruct() const { scoped_refptr<base::MessageLoopProxy> io_message_loop_proxy = GetIOMessageLoopProxy(); DCHECK(io_message_loop_proxy); diff --git a/chrome/common/net/url_request_context_getter.h b/chrome/common/net/url_request_context_getter.h index 2b6ea82..ade5e1a 100644 --- a/chrome/common/net/url_request_context_getter.h +++ b/chrome/common/net/url_request_context_getter.h @@ -33,7 +33,8 @@ class URLRequestContextGetter // Returns a MessageLoopProxy corresponding to the thread on which the // request IO happens (the thread on which the returned URLRequestContext // may be used). - virtual scoped_refptr<base::MessageLoopProxy> GetIOMessageLoopProxy() = 0; + virtual scoped_refptr<base::MessageLoopProxy> + GetIOMessageLoopProxy() const = 0; // Controls whether or not the URLRequestContextGetter considers itself to be // the the "main" URLRequestContextGetter. Note that each Profile will have a @@ -44,7 +45,7 @@ class URLRequestContextGetter void set_is_main(bool is_main) { is_main_ = is_main; } protected: - friend class DeleteTask<URLRequestContextGetter>; + friend class DeleteTask<const URLRequestContextGetter>; friend struct URLRequestContextGetterTraits; URLRequestContextGetter(); @@ -55,7 +56,7 @@ class URLRequestContextGetter private: // OnDestruct is meant to ensure deletion on the thread on which the request // IO happens. - void OnDestruct(); + void OnDestruct() const; // Indicates whether or not this is the default URLRequestContextGetter for // the main Profile. @@ -63,7 +64,7 @@ class URLRequestContextGetter }; struct URLRequestContextGetterTraits { - static void Destruct(URLRequestContextGetter* context_getter) { + static void Destruct(const URLRequestContextGetter* context_getter) { context_getter->OnDestruct(); } }; diff --git a/chrome/common/net/x509_certificate_model.cc b/chrome/common/net/x509_certificate_model.cc index 5f39685..0ec2bff 100644 --- a/chrome/common/net/x509_certificate_model.cc +++ b/chrome/common/net/x509_certificate_model.cc @@ -49,5 +49,41 @@ std::string ProcessIDN(const std::string& input) { input16, output16); } +std::string ProcessRawBytesWithSeparators(const unsigned char* data, + size_t data_length, + char hex_separator, + char line_separator) { + static const char kHexChars[] = "0123456789ABCDEF"; + + // Each input byte creates two output hex characters + a space or newline, + // except for the last byte. + std::string ret; + size_t kMin = 0U; + ret.reserve(std::max(kMin, data_length * 3 - 1)); + + for (size_t i = 0; i < data_length; ++i) { + unsigned char b = data[i]; + ret.push_back(kHexChars[(b >> 4) & 0xf]); + ret.push_back(kHexChars[b & 0xf]); + if (i + 1 < data_length) { + if ((i + 1) % 16 == 0) + ret.push_back(line_separator); + else + ret.push_back(hex_separator); + } + } + return ret; +} + +std::string ProcessRawBytes(const unsigned char* data, size_t data_length) { + return ProcessRawBytesWithSeparators(data, data_length, ' ', '\n'); +} + +#if defined(USE_NSS) +std::string ProcessRawBits(const unsigned char* data, size_t data_length) { + return ProcessRawBytes(data, (data_length + 7) / 8); +} +#endif // USE_NSS + } // x509_certificate_model diff --git a/chrome/common/net/x509_certificate_model.h b/chrome/common/net/x509_certificate_model.h index 351f489..3e4f14f 100644 --- a/chrome/common/net/x509_certificate_model.h +++ b/chrome/common/net/x509_certificate_model.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef NET_BASE_X509_CERTIFICATE_MODEL_H_ -#define NET_BASE_X509_CERTIFICATE_MODEL_H_ +#ifndef CHROME_COMMON_NET_X509_CERTIFICATE_MODEL_H_ +#define CHROME_COMMON_NET_X509_CERTIFICATE_MODEL_H_ #pragma once #include "net/base/cert_database.h" @@ -123,6 +123,24 @@ std::string ProcessRawBitsSignatureWrap( void RegisterDynamicOids(); +// Format a buffer as |hex_separator| separated string, with 16 bytes on each +// line separated using |line_separator|. +std::string ProcessRawBytesWithSeparators(const unsigned char* data, + size_t data_length, + char hex_separator, + char line_separator); + +// Format a buffer as a space separated string, with 16 bytes on each line. +std::string ProcessRawBytes(const unsigned char* data, + size_t data_length); + +#if defined(USE_NSS) +// Format a buffer as a space separated string, with 16 bytes on each line. +// |data_length| is the length in bits. +std::string ProcessRawBits(const unsigned char* data, + size_t data_length); +#endif // USE_NSS + } // namespace x509_certificate_model -#endif // NET_BASE_X509_CERTIFICATE_MODEL_H_ +#endif // CHROME_COMMON_NET_X509_CERTIFICATE_MODEL_H_ diff --git a/chrome/common/net/x509_certificate_model_nss.cc b/chrome/common/net/x509_certificate_model_nss.cc index da17a60..4d46174 100644 --- a/chrome/common/net/x509_certificate_model_nss.cc +++ b/chrome/common/net/x509_certificate_model_nss.cc @@ -42,7 +42,6 @@ std::string Stringize(char* nss_text, const std::string& alternative_text) { // algorithm, but given the limited uses, not worth fixing.) std::string HashCert(CERTCertificate* cert, HASH_HashType algorithm, int len) { unsigned char fingerprint[HASH_LENGTH_MAX]; - SECItem fingerprint_item; DCHECK(NULL != cert->derCert.data); DCHECK_NE(0U, cert->derCert.len); @@ -51,9 +50,7 @@ std::string HashCert(CERTCertificate* cert, HASH_HashType algorithm, int len) { SECStatus rv = HASH_HashBuf(algorithm, fingerprint, cert->derCert.data, cert->derCert.len); DCHECK_EQ(rv, SECSuccess); - fingerprint_item.data = fingerprint; - fingerprint_item.len = len; - return psm::ProcessRawBytes(&fingerprint_item); + return x509_certificate_model::ProcessRawBytes(fingerprint, len); } std::string ProcessSecAlgorithmInternal(SECAlgorithmID* algorithm_id) { @@ -293,6 +290,7 @@ void DestroyCertChain(X509Certificate::OSCertHandles* cert_handles) { for (X509Certificate::OSCertHandles::iterator i(cert_handles->begin()); i != cert_handles->end(); ++i) CERT_DestroyCertificate(*i); + cert_handles->clear(); } string GetDerString(X509Certificate::OSCertHandle cert_handle) { @@ -372,7 +370,8 @@ string ProcessSubjectPublicKeyInfo(X509Certificate::OSCertHandle cert_handle) { } string ProcessRawBitsSignatureWrap(X509Certificate::OSCertHandle cert_handle) { - return psm::ProcessRawBits(&cert_handle->signatureWrap.signature); + return ProcessRawBits(cert_handle->signatureWrap.signature.data, + cert_handle->signatureWrap.signature.len); } void RegisterDynamicOids() { diff --git a/chrome/common/net/x509_certificate_model_openssl.cc b/chrome/common/net/x509_certificate_model_openssl.cc index 57670f1..7c4836f 100644 --- a/chrome/common/net/x509_certificate_model_openssl.cc +++ b/chrome/common/net/x509_certificate_model_openssl.cc @@ -2,11 +2,42 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +#include "chrome/common/net/x509_certificate_model.h" + +#include <openssl/obj_mac.h> +#include <openssl/sha.h> #include <openssl/x509v3.h> -#include "chrome/common/net/x509_certificate_model.h" +#include "base/logging.h" +#include "base/string_number_conversions.h" +#include "net/base/x509_openssl_util.h" + +namespace nxou = net::x509_openssl_util; + +namespace { + +std::string AlternativeWhenEmpty(const std::string& text, + const std::string& alternative) { + return text.empty() ? alternative : text; +} + +std::string GetKeyValuesFromName(X509_NAME* name) { + std::string ret; + int rdns = X509_NAME_entry_count(name) - 1; + for (int i = rdns; i >= 0; --i) { + std::string key; + std::string value; + if (!nxou::ParsePrincipalKeyAndValueByIndex(name, i, &key, &value)) + break; + ret += key; + ret += " = "; + ret += value; + ret += '\n'; + } + return ret; +} -#include "net/base/x509_certificate.h" +} // namepsace namespace x509_certificate_model { @@ -23,7 +54,9 @@ std::string GetTokenName(X509Certificate::OSCertHandle cert_handle) { } std::string GetVersion(net::X509Certificate::OSCertHandle cert_handle) { - // TODO(bulach): implement me. + unsigned long version = X509_get_version(cert_handle); + if (version != ULONG_MAX) + return base::UintToString(version + 1); return ""; } @@ -50,55 +83,70 @@ std::string GetKeyUsageString(X509Certificate::OSCertHandle cert_handle) { std::string GetSerialNumberHexified( X509Certificate::OSCertHandle cert_handle, const std::string& alternative_text) { - // TODO(bulach): implement me. - return ""; + ASN1_INTEGER* num = X509_get_serialNumber(cert_handle); + const char kSerialNumberSeparator = ':'; + std::string hex_string = ProcessRawBytesWithSeparators( + num->data, num->length, kSerialNumberSeparator, kSerialNumberSeparator); + return AlternativeWhenEmpty(hex_string, alternative_text); } std::string GetIssuerCommonName( X509Certificate::OSCertHandle cert_handle, const std::string& alternative_text) { - // TODO(bulach): implement me. - return ""; + std::string ret; + nxou::ParsePrincipalValueByNID(X509_get_issuer_name(cert_handle), + NID_commonName, &ret); + return AlternativeWhenEmpty(ret, alternative_text); } std::string GetIssuerOrgName( X509Certificate::OSCertHandle cert_handle, const std::string& alternative_text) { - // TODO(bulach): implement me. - return ""; + std::string ret; + nxou::ParsePrincipalValueByNID(X509_get_issuer_name(cert_handle), + NID_organizationName, &ret); + return AlternativeWhenEmpty(ret, alternative_text); } std::string GetIssuerOrgUnitName( X509Certificate::OSCertHandle cert_handle, const std::string& alternative_text) { - // TODO(bulach): implement me. - return ""; + std::string ret; + nxou::ParsePrincipalValueByNID(X509_get_issuer_name(cert_handle), + NID_organizationalUnitName, &ret); + return AlternativeWhenEmpty(ret, alternative_text); } std::string GetSubjectOrgName( X509Certificate::OSCertHandle cert_handle, const std::string& alternative_text) { - // TODO(bulach): implement me. - return ""; + std::string ret; + nxou::ParsePrincipalValueByNID(X509_get_subject_name(cert_handle), + NID_organizationName, &ret); + return AlternativeWhenEmpty(ret, alternative_text); } std::string GetSubjectOrgUnitName( X509Certificate::OSCertHandle cert_handle, const std::string& alternative_text) { - // TODO(bulach): implement me. - return ""; + std::string ret; + nxou::ParsePrincipalValueByNID(X509_get_subject_name(cert_handle), + NID_organizationalUnitName, &ret); + return AlternativeWhenEmpty(ret, alternative_text); } std::string GetSubjectCommonName(X509Certificate::OSCertHandle cert_handle, const std::string& alternative_text) { - // TODO(bulach): implement me. - return ""; + std::string ret; + nxou::ParsePrincipalValueByNID(X509_get_subject_name(cert_handle), + NID_commonName, &ret); + return AlternativeWhenEmpty(ret, alternative_text); } bool GetTimes(X509Certificate::OSCertHandle cert_handle, base::Time* issued, base::Time* expires) { - // TODO(bulach): implement me. - return false; + return nxou::ParseDate(X509_get_notBefore(cert_handle), issued) && + nxou::ParseDate(X509_get_notAfter(cert_handle), expires); } std::string GetTitle(net::X509Certificate::OSCertHandle cert_handle) { @@ -107,13 +155,11 @@ std::string GetTitle(net::X509Certificate::OSCertHandle cert_handle) { } std::string GetIssuerName(net::X509Certificate::OSCertHandle cert_handle) { - // TODO(bulach): implement me. - return ""; + return GetKeyValuesFromName(X509_get_issuer_name(cert_handle)); } std::string GetSubjectName(net::X509Certificate::OSCertHandle cert_handle) { - // TODO(bulach): implement me. - return ""; + return GetKeyValuesFromName(X509_get_subject_name(cert_handle)); } void GetEmailAddresses(net::X509Certificate::OSCertHandle cert_handle, @@ -138,22 +184,34 @@ void GetExtensions( } std::string HashCertSHA256(net::X509Certificate::OSCertHandle cert_handle) { - // TODO(bulach): implement me. - return ""; + unsigned char sha256_data[SHA256_DIGEST_LENGTH] = {0}; + unsigned int sha256_size = sizeof(sha256_data); + int ret = X509_digest(cert_handle, EVP_sha256(), sha256_data, &sha256_size); + CHECK(ret); + CHECK_EQ(sha256_size, sizeof(sha256_data)); + return ProcessRawBytes(sha256_data, sha256_size); } std::string HashCertSHA1(net::X509Certificate::OSCertHandle cert_handle) { - // TODO(bulach): implement me. - return ""; + unsigned char sha1_data[SHA_DIGEST_LENGTH] = {0}; + unsigned int sha1_size = sizeof(sha1_data); + int ret = X509_digest(cert_handle, EVP_sha1(), sha1_data, &sha1_size); + CHECK(ret); + CHECK_EQ(sha1_size, sizeof(sha1_data)); + return ProcessRawBytes(sha1_data, sha1_size); } void GetCertChainFromCert(net::X509Certificate::OSCertHandle cert_handle, net::X509Certificate::OSCertHandles* cert_handles) { - // TODO(bulach): implement me. + // TODO(bulach): how to get the chain out of a certificate? + cert_handles->push_back(net::X509Certificate::DupOSCertHandle(cert_handle)); } void DestroyCertChain(net::X509Certificate::OSCertHandles* cert_handles) { - // TODO(bulach): implement me. + for (net::X509Certificate::OSCertHandles::iterator i = cert_handles->begin(); + i != cert_handles->end(); ++i) + X509_free(*i); + cert_handles->clear(); } std::string GetDerString(net::X509Certificate::OSCertHandle cert_handle) { |