Home | History | Annotate | Download | only in net
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/common/net/x509_certificate_model.h"
      6 
      7 #include <openssl/obj_mac.h>
      8 #include <openssl/sha.h>
      9 #include <openssl/x509v3.h>
     10 
     11 #include "base/logging.h"
     12 #include "base/strings/string_number_conversions.h"
     13 #include "net/cert/x509_util_openssl.h"
     14 
     15 namespace x509_util = net::x509_util;
     16 
     17 namespace {
     18 
     19 std::string AlternativeWhenEmpty(const std::string& text,
     20                                  const std::string& alternative) {
     21   return text.empty() ? alternative : text;
     22 }
     23 
     24 std::string GetKeyValuesFromName(X509_NAME* name) {
     25   std::string ret;
     26   int rdns = X509_NAME_entry_count(name) - 1;
     27   for (int i = rdns; i >= 0; --i) {
     28     std::string key;
     29     std::string value;
     30     if (!x509_util::ParsePrincipalKeyAndValueByIndex(name, i, &key, &value))
     31       break;
     32     ret += key;
     33     ret += " = ";
     34     ret += value;
     35     ret += '\n';
     36   }
     37   return ret;
     38 }
     39 
     40 }  // namepsace
     41 
     42 namespace x509_certificate_model {
     43 
     44 using net::X509Certificate;
     45 
     46 std::string GetCertNameOrNickname(X509Certificate::OSCertHandle cert_handle) {
     47   // TODO(bulach): implement me.
     48   return "";
     49 }
     50 
     51 std::string GetNickname(X509Certificate::OSCertHandle cert_handle) {
     52   // TODO(jamescook): implement me.
     53   return "";
     54 }
     55 
     56 std::string GetTokenName(X509Certificate::OSCertHandle cert_handle) {
     57   // TODO(bulach): implement me.
     58   return "";
     59 }
     60 
     61 std::string GetVersion(net::X509Certificate::OSCertHandle cert_handle) {
     62   unsigned long version = X509_get_version(cert_handle);
     63   if (version != ULONG_MAX)
     64     return base::UintToString(version + 1);
     65   return "";
     66 }
     67 
     68 net::CertType GetType(X509Certificate::OSCertHandle os_cert) {
     69   // TODO(bulach): implement me.
     70   return net::UNKNOWN_CERT;
     71 }
     72 
     73 std::string GetEmailAddress(X509Certificate::OSCertHandle os_cert) {
     74   // TODO(bulach): implement me.
     75   return "";
     76 }
     77 
     78 void GetUsageStrings(X509Certificate::OSCertHandle cert_handle,
     79                          std::vector<std::string>* usages) {
     80   // TODO(bulach): implement me.
     81 }
     82 
     83 std::string GetKeyUsageString(X509Certificate::OSCertHandle cert_handle) {
     84   // TODO(bulach): implement me.
     85   return "";
     86 }
     87 
     88 std::string GetSerialNumberHexified(
     89     X509Certificate::OSCertHandle cert_handle,
     90     const std::string& alternative_text) {
     91   ASN1_INTEGER* num = X509_get_serialNumber(cert_handle);
     92   const char kSerialNumberSeparator = ':';
     93   std::string hex_string = ProcessRawBytesWithSeparators(
     94       num->data, num->length, kSerialNumberSeparator, kSerialNumberSeparator);
     95   return AlternativeWhenEmpty(hex_string, alternative_text);
     96 }
     97 
     98 std::string GetIssuerCommonName(
     99     X509Certificate::OSCertHandle cert_handle,
    100     const std::string& alternative_text) {
    101   std::string ret;
    102   x509_util::ParsePrincipalValueByNID(X509_get_issuer_name(cert_handle),
    103                                       NID_commonName, &ret);
    104   return AlternativeWhenEmpty(ret, alternative_text);
    105 }
    106 
    107 std::string GetIssuerOrgName(
    108     X509Certificate::OSCertHandle cert_handle,
    109     const std::string& alternative_text) {
    110   std::string ret;
    111   x509_util::ParsePrincipalValueByNID(X509_get_issuer_name(cert_handle),
    112                                       NID_organizationName, &ret);
    113   return AlternativeWhenEmpty(ret, alternative_text);
    114 }
    115 
    116 std::string GetIssuerOrgUnitName(
    117     X509Certificate::OSCertHandle cert_handle,
    118     const std::string& alternative_text) {
    119   std::string ret;
    120   x509_util::ParsePrincipalValueByNID(X509_get_issuer_name(cert_handle),
    121                                       NID_organizationalUnitName, &ret);
    122   return AlternativeWhenEmpty(ret, alternative_text);
    123 }
    124 
    125 std::string GetSubjectOrgName(
    126     X509Certificate::OSCertHandle cert_handle,
    127     const std::string& alternative_text) {
    128   std::string ret;
    129   x509_util::ParsePrincipalValueByNID(X509_get_subject_name(cert_handle),
    130                                       NID_organizationName, &ret);
    131   return AlternativeWhenEmpty(ret, alternative_text);
    132 }
    133 
    134 std::string GetSubjectOrgUnitName(
    135     X509Certificate::OSCertHandle cert_handle,
    136     const std::string& alternative_text) {
    137   std::string ret;
    138   x509_util::ParsePrincipalValueByNID(X509_get_subject_name(cert_handle),
    139                                       NID_organizationalUnitName, &ret);
    140   return AlternativeWhenEmpty(ret, alternative_text);
    141 }
    142 
    143 std::string GetSubjectCommonName(X509Certificate::OSCertHandle cert_handle,
    144                                  const std::string& alternative_text) {
    145   std::string ret;
    146   x509_util::ParsePrincipalValueByNID(X509_get_subject_name(cert_handle),
    147                                       NID_commonName, &ret);
    148   return AlternativeWhenEmpty(ret, alternative_text);
    149 }
    150 
    151 bool GetTimes(X509Certificate::OSCertHandle cert_handle,
    152               base::Time* issued, base::Time* expires) {
    153   return x509_util::ParseDate(X509_get_notBefore(cert_handle), issued) &&
    154          x509_util::ParseDate(X509_get_notAfter(cert_handle), expires);
    155 }
    156 
    157 std::string GetTitle(net::X509Certificate::OSCertHandle cert_handle) {
    158   // TODO(bulach): implement me.
    159   return "";
    160 }
    161 
    162 std::string GetIssuerName(net::X509Certificate::OSCertHandle cert_handle) {
    163   return GetKeyValuesFromName(X509_get_issuer_name(cert_handle));
    164 }
    165 
    166 std::string GetSubjectName(net::X509Certificate::OSCertHandle cert_handle) {
    167   return GetKeyValuesFromName(X509_get_subject_name(cert_handle));
    168 }
    169 
    170 void GetEmailAddresses(net::X509Certificate::OSCertHandle cert_handle,
    171                        std::vector<std::string>* email_addresses) {
    172   // TODO(bulach): implement me.
    173 }
    174 
    175 void GetNicknameStringsFromCertList(
    176     const std::vector<scoped_refptr<net::X509Certificate> >& certs,
    177     const std::string& cert_expired,
    178     const std::string& cert_not_yet_valid,
    179     std::vector<std::string>* nick_names) {
    180   // TODO(bulach): implement me.
    181 }
    182 
    183 std::string GetPkcs11Id(net::X509Certificate::OSCertHandle cert_handle) {
    184   // TODO(jamescook): implement me.
    185   return "";
    186 }
    187 
    188 void GetExtensions(
    189     const std::string& critical_label,
    190     const std::string& non_critical_label,
    191     net::X509Certificate::OSCertHandle cert_handle,
    192     Extensions* extensions) {
    193   // TODO(bulach): implement me.
    194 }
    195 
    196 std::string HashCertSHA256(net::X509Certificate::OSCertHandle cert_handle) {
    197   unsigned char sha256_data[SHA256_DIGEST_LENGTH] = {0};
    198   unsigned int sha256_size = sizeof(sha256_data);
    199   int ret = X509_digest(cert_handle, EVP_sha256(), sha256_data, &sha256_size);
    200   DCHECK(ret);
    201   DCHECK_EQ(sha256_size, sizeof(sha256_data));
    202   return ProcessRawBytes(sha256_data, sha256_size);
    203 }
    204 
    205 std::string HashCertSHA1(net::X509Certificate::OSCertHandle cert_handle) {
    206   unsigned char sha1_data[SHA_DIGEST_LENGTH] = {0};
    207   unsigned int sha1_size = sizeof(sha1_data);
    208   int ret = X509_digest(cert_handle, EVP_sha1(), sha1_data, &sha1_size);
    209   DCHECK(ret);
    210   DCHECK_EQ(sha1_size, sizeof(sha1_data));
    211   return ProcessRawBytes(sha1_data, sha1_size);
    212 }
    213 
    214 void GetCertChainFromCert(net::X509Certificate::OSCertHandle cert_handle,
    215                           net::X509Certificate::OSCertHandles* cert_handles) {
    216   // TODO(bulach): how to get the chain out of a certificate?
    217   cert_handles->push_back(net::X509Certificate::DupOSCertHandle(cert_handle));
    218 }
    219 
    220 void DestroyCertChain(net::X509Certificate::OSCertHandles* cert_handles) {
    221   for (net::X509Certificate::OSCertHandles::iterator i = cert_handles->begin();
    222        i != cert_handles->end(); ++i)
    223     X509_free(*i);
    224   cert_handles->clear();
    225 }
    226 
    227 std::string GetDerString(net::X509Certificate::OSCertHandle cert_handle) {
    228   // TODO(bulach): implement me.
    229   return "";
    230 }
    231 
    232 std::string GetCMSString(const net::X509Certificate::OSCertHandles& cert_chain,
    233                          size_t start, size_t end) {
    234   // TODO(bulach): implement me.
    235   return "";
    236 }
    237 
    238 std::string ProcessSecAlgorithmSignature(
    239     net::X509Certificate::OSCertHandle cert_handle) {
    240   // TODO(bulach): implement me.
    241   return "";
    242 }
    243 
    244 std::string ProcessSecAlgorithmSubjectPublicKey(
    245     net::X509Certificate::OSCertHandle cert_handle) {
    246   // TODO(bulach): implement me.
    247   return "";
    248 }
    249 
    250 std::string ProcessSecAlgorithmSignatureWrap(
    251     net::X509Certificate::OSCertHandle cert_handle) {
    252   // TODO(bulach): implement me.
    253   return "";
    254 }
    255 
    256 std::string ProcessSubjectPublicKeyInfo(
    257     net::X509Certificate::OSCertHandle cert_handle) {
    258   // TODO(bulach): implement me.
    259   return "";
    260 }
    261 
    262 std::string ProcessRawBitsSignatureWrap(
    263     net::X509Certificate::OSCertHandle cert_handle) {
    264   // TODO(bulach): implement me.
    265   return "";
    266 }
    267 
    268 void RegisterDynamicOids() {
    269 }
    270 
    271 }  // namespace x509_certificate_model
    272