15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/x509_certificate.h" 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <CommonCrypto/CommonDigest.h> 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <Security/Security.h> 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <cert.h> 11c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include <cryptohi.h> 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <keyhi.h> 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <nss.h> 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <pk11pub.h> 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <prerror.h> 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <prtime.h> 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <prtypes.h> 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <secder.h> 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <secerr.h> 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <sslerr.h> 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 22c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include <vector> 23c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/logging.h" 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/mac/scoped_cftyperef.h" 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/memory/scoped_ptr.h" 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/pickle.h" 28eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "base/time/time.h" 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "crypto/nss_util.h" 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "crypto/scoped_nss_types.h" 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/net_errors.h" 32c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/asn1_util.h" 33c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/cert_status_flags.h" 34c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/cert_verify_result.h" 35c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/ev_root_ca_metadata.h" 36c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/x509_util_ios.h" 37c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/x509_util_nss.h" 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 39eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochusing base::ScopedCFTypeRef; 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace net { 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace { 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Returns true if a given |cert_handle| is actually a valid X.509 certificate 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// handle. 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// SecCertificateCreateFromData() does not always force the immediate parsing of 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// the certificate, and as such, may return a SecCertificateRef for an 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// invalid/unparsable certificate. Force parsing to occur to ensure that the 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// SecCertificateRef is correct. On later versions where 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// SecCertificateCreateFromData() immediately parses, rather than lazily, this 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// call is cheap, as the subject is cached. 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool IsValidOSCertHandle(SecCertificateRef cert_handle) { 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ScopedCFTypeRef<CFStringRef> sanity_check( 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SecCertificateCopySubjectSummary(cert_handle)); 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return sanity_check != NULL; 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void X509Certificate::Initialize() { 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) x509_util_ios::NSSCertificate nss_cert(cert_handle_); 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTCertificate* cert_handle = nss_cert.cert_handle(); 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (cert_handle) { 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) x509_util::ParsePrincipal(&cert_handle->subject, &subject_); 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) x509_util::ParsePrincipal(&cert_handle->issuer, &issuer_); 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) x509_util::ParseDate(&cert_handle->validity.notBefore, &valid_start_); 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) x509_util::ParseDate(&cert_handle->validity.notAfter, &valid_expiry_); 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) serial_number_ = x509_util::ParseSerialNumber(cert_handle); 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) fingerprint_ = CalculateFingerprint(cert_handle_); 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_); 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 732a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)bool X509Certificate::IsIssuedByEncoded( 742a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const std::vector<std::string>& valid_issuers) { 752a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) x509_util_ios::NSSCertChain nss_chain(this); 762a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Convert to scoped CERTName* list. 772a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) std::vector<CERTName*> issuers; 782a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); 792a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) if (!x509_util::GetIssuersFromEncodedList(valid_issuers, 802a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) arena.get(), 812a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) &issuers)) { 822a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) return false; 832a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) } 842a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) return x509_util::IsCertificateIssuedBy( 852a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) nss_chain.cert_chain(), issuers); 862a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} 872a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void X509Certificate::GetSubjectAltName( 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::vector<std::string>* dns_names, 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::vector<std::string>* ip_addrs) const { 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) x509_util_ios::NSSCertificate nss_cert(cert_handle_); 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTCertificate* cert_handle = nss_cert.cert_handle(); 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!cert_handle) { 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (dns_names) 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) dns_names->clear(); 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (ip_addrs) 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ip_addrs->clear(); 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return; 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) x509_util::GetSubjectAltName(cert_handle, dns_names, ip_addrs); 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool X509Certificate::GetDEREncoded(OSCertHandle cert_handle, 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string* encoded) { 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ScopedCFTypeRef<CFDataRef> der_data(SecCertificateCopyData(cert_handle)); 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!der_data) 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return false; 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) encoded->assign(reinterpret_cast<const char*>(CFDataGetBytePtr(der_data)), 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CFDataGetLength(der_data)); 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return true; 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool X509Certificate::IsSameOSCert(X509Certificate::OSCertHandle a, 1165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) X509Certificate::OSCertHandle b) { 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(a && b); 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (a == b) 1195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return true; 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (CFEqual(a, b)) 1215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return true; 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ScopedCFTypeRef<CFDataRef> a_data(SecCertificateCopyData(a)); 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ScopedCFTypeRef<CFDataRef> b_data(SecCertificateCopyData(b)); 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return a_data && b_data && 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CFDataGetLength(a_data) == CFDataGetLength(b_data) && 1265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) memcmp(CFDataGetBytePtr(a_data), CFDataGetBytePtr(b_data), 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CFDataGetLength(a_data)) == 0; 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 1315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char* data, int length) { 1335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ScopedCFTypeRef<CFDataRef> cert_data(CFDataCreateWithBytesNoCopy( 1345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) kCFAllocatorDefault, reinterpret_cast<const UInt8 *>(data), length, 1355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) kCFAllocatorNull)); 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!cert_data) 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return NULL; 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) OSCertHandle cert_handle = SecCertificateCreateWithData(NULL, cert_data); 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!cert_handle) 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return NULL; 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!IsValidOSCertHandle(cert_handle)) { 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CFRelease(cert_handle); 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return NULL; 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return cert_handle; 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes( 1505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char* data, 1515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int length, 1525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Format format) { 1535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return x509_util::CreateOSCertHandlesFromBytes(data, length, format); 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)X509Certificate::OSCertHandle X509Certificate::DupOSCertHandle( 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) OSCertHandle handle) { 1595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!handle) 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return NULL; 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return reinterpret_cast<OSCertHandle>(const_cast<void*>(CFRetain(handle))); 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 1655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { 1665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CFRelease(cert_handle); 1675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 1705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SHA1HashValue X509Certificate::CalculateFingerprint( 1715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) OSCertHandle cert) { 1725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SHA1HashValue sha1; 1735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) memset(sha1.data, 0, sizeof(sha1.data)); 1745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ScopedCFTypeRef<CFDataRef> cert_data(SecCertificateCopyData(cert)); 1765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!cert_data) 1775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return sha1; 1785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(CFDataGetBytePtr(cert_data)); 1795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK_NE(0, CFDataGetLength(cert_data)); 1805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CC_SHA1(CFDataGetBytePtr(cert_data), CFDataGetLength(cert_data), sha1.data); 1815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return sha1; 1835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 1865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SHA1HashValue X509Certificate::CalculateCAFingerprint( 1875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const OSCertHandles& intermediates) { 1885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SHA1HashValue sha1; 1895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) memset(sha1.data, 0, sizeof(sha1.data)); 1905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The CC_SHA(3cc) man page says all CC_SHA1_xxx routines return 1, so 1925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // we don't check their return values. 1935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CC_SHA1_CTX sha1_ctx; 1945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CC_SHA1_Init(&sha1_ctx); 1955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) for (size_t i = 0; i < intermediates.size(); ++i) { 1965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ScopedCFTypeRef<CFDataRef> 1975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cert_data(SecCertificateCopyData(intermediates[i])); 1985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!cert_data) 1995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return sha1; 2005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CC_SHA1_Update(&sha1_ctx, 2015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CFDataGetBytePtr(cert_data), 2025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CFDataGetLength(cert_data)); 2035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CC_SHA1_Final(sha1.data, &sha1_ctx); 2055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return sha1; 2065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 2095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)X509Certificate::OSCertHandle 2105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)X509Certificate::ReadOSCertHandleFromPickle(PickleIterator* pickle_iter) { 2115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return x509_util::ReadOSCertHandleFromPickle(pickle_iter); 2125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 2155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, 2165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Pickle* pickle) { 2175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ScopedCFTypeRef<CFDataRef> cert_data(SecCertificateCopyData(cert_handle)); 2185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!cert_data) 2195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return false; 2205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return pickle->WriteData( 2225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) reinterpret_cast<const char*>(CFDataGetBytePtr(cert_data)), 2235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CFDataGetLength(cert_data)); 2245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 2275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle, 2285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) size_t* size_bits, 2295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PublicKeyType* type) { 2305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) x509_util_ios::NSSCertificate nss_cert(cert_handle); 2315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) x509_util::GetPublicKeyInfo(nss_cert.cert_handle(), size_bits, type); 2325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace net 235