// Copyright 2015 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "net/cert/x509_util_nss.h" #include <cert.h> // Must be included before certdb.h #include <certdb.h> #include <cryptohi.h> #include <dlfcn.h> #include <nss.h> #include <pk11pub.h> #include <prerror.h> #include <seccomon.h> #include <secder.h> #include <sechash.h> #include <secmod.h> #include <secport.h> #include <string.h> #include "base/compiler_specific.h" #include "base/logging.h" #include "base/strings/stringprintf.h" #include "crypto/nss_util.h" #include "crypto/scoped_nss_types.h" #include "net/cert/x509_util.h" #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" #include "third_party/boringssl/src/include/openssl/pool.h" namespace net::x509_util { namespace { // Microsoft User Principal Name: 1.3.6.1.4.1.311.20.2.3 const uint8_t kUpnOid[] = …; std::string DecodeAVAValue(CERTAVA* ava) { … } // Generates a unique nickname for |slot|, returning |nickname| if it is // already unique. // // Note: The nickname returned will NOT include the token name, thus the // token name must be prepended if calling an NSS function that expects // <token>:<nickname>. // TODO(gspencer): Internationalize this: it's wrong to hard-code English. std::string GetUniqueNicknameForSlot(const std::string& nickname, const SECItem* subject, PK11SlotInfo* slot) { … } // The default nickname of the certificate, based on the certificate type // passed in. std::string GetDefaultNickname(CERTCertificate* nss_cert, CertType type) { … } } // namespace base::span<const uint8_t> SECItemAsSpan(const SECItem& item) { … } base::span<const uint8_t> CERTCertificateAsSpan( const CERTCertificate* nss_cert) { … } bool IsSameCertificate(CERTCertificate* a, CERTCertificate* b) { … } bool IsSameCertificate(CERTCertificate* a, const X509Certificate* b) { … } bool IsSameCertificate(const X509Certificate* a, CERTCertificate* b) { … } bool IsSameCertificate(CERTCertificate* a, const CRYPTO_BUFFER* b) { … } bool IsSameCertificate(const CRYPTO_BUFFER* a, CERTCertificate* b) { … } ScopedCERTCertificate CreateCERTCertificateFromBytes( base::span<const uint8_t> data) { … } ScopedCERTCertificate CreateCERTCertificateFromX509Certificate( const X509Certificate* cert) { … } ScopedCERTCertificateList CreateCERTCertificateListFromX509Certificate( const X509Certificate* cert) { … } ScopedCERTCertificateList CreateCERTCertificateListFromX509Certificate( const X509Certificate* cert, InvalidIntermediateBehavior invalid_intermediate_behavior) { … } ScopedCERTCertificateList CreateCERTCertificateListFromBytes( base::span<const uint8_t> data, int format) { … } ScopedCERTCertificate DupCERTCertificate(CERTCertificate* cert) { … } ScopedCERTCertificateList DupCERTCertificateList( const ScopedCERTCertificateList& certs) { … } scoped_refptr<X509Certificate> CreateX509CertificateFromCERTCertificate( CERTCertificate* nss_cert, const std::vector<CERTCertificate*>& nss_chain) { … } scoped_refptr<X509Certificate> CreateX509CertificateFromCERTCertificate( CERTCertificate* nss_cert, const std::vector<CERTCertificate*>& nss_chain, X509Certificate::UnsafeCreateOptions options) { … } scoped_refptr<X509Certificate> CreateX509CertificateFromCERTCertificate( CERTCertificate* cert) { … } CertificateList CreateX509CertificateListFromCERTCertificates( const ScopedCERTCertificateList& certs) { … } bool GetDEREncoded(CERTCertificate* cert, std::string* der_encoded) { … } bool GetPEMEncoded(CERTCertificate* cert, std::string* pem_encoded) { … } void GetRFC822SubjectAltNames(CERTCertificate* cert_handle, std::vector<std::string>* names) { … } void GetUPNSubjectAltNames(CERTCertificate* cert_handle, std::vector<std::string>* names) { … } std::string GetDefaultUniqueNickname(CERTCertificate* nss_cert, CertType type, PK11SlotInfo* slot) { … } std::string GetCERTNameDisplayName(CERTName* name) { … } bool GetValidityTimes(CERTCertificate* cert, base::Time* not_before, base::Time* not_after) { … } SHA256HashValue CalculateFingerprint256(CERTCertificate* cert) { … } int ImportUserCert(CERTCertificate* cert, crypto::ScopedPK11Slot preferred_slot) { … } } // namespace net::x509_util
Codebase Browser
chromium