net/cert/x509_util_openssl.cc - chromium/src - Git at Google

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "net/cert/x509_util_openssl.h"

 #include <limits.h>

 #include <algorithm>
 #include <memory>

 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/strings/string_piece.h"
 #include "base/strings/string_util.h"
 #include "crypto/openssl_util.h"
 #include "net/cert/x509_cert_types.h"
 #include "net/cert/x509_util.h"
 #include "third_party/boringssl/src/include/openssl/asn1.h"
 #include "third_party/boringssl/src/include/openssl/mem.h"

 namespace net {

 namespace x509_util {

 namespace {

 // DER-encodes |x509|. On success, returns true and writes the
 // encoding to |*out_der|.
 bool DerEncodeCert(X509* x509, std::string* out_der) {
   int len = i2d_X509(x509, NULL);
   if (len < 0)
     return false;

   uint8_t* ptr = reinterpret_cast<uint8_t*>(base::WriteInto(out_der, len + 1));
   if (i2d_X509(x509, &ptr) < 0) {
     NOTREACHED();
     out_der->clear();
     return false;
   }
   return true;
 }

 struct DERCache {
   std::string data;
 };

 void DERCache_free(void* parent, void* ptr, CRYPTO_EX_DATA* ad, int idx,
                    long argl, void* argp) {
   DERCache* der_cache = static_cast<DERCache*>(ptr);
   delete der_cache;
 }

 class DERCacheInitSingleton {
  public:
   DERCacheInitSingleton() {
     crypto::EnsureOpenSSLInit();
     der_cache_ex_index_ = X509_get_ex_new_index(0, 0, 0, 0, DERCache_free);
     DCHECK_NE(-1, der_cache_ex_index_);
   }

   int der_cache_ex_index() const { return der_cache_ex_index_; }

  private:
   int der_cache_ex_index_;

   DISALLOW_COPY_AND_ASSIGN(DERCacheInitSingleton);
 };

 base::LazyInstance<DERCacheInitSingleton>::Leaky g_der_cache_singleton =
     LAZY_INSTANCE_INITIALIZER;

 }  // namespace

 bool ParsePrincipalKeyAndValue(X509_NAME_ENTRY* entry,
                                std::string* key,
                                std::string* value) {
   if (key) {
     ASN1_OBJECT* object = X509_NAME_ENTRY_get_object(entry);
     key->assign(OBJ_nid2sn(OBJ_obj2nid(object)));
   }

   ASN1_STRING* data = X509_NAME_ENTRY_get_data(entry);
   if (!data)
     return false;

   unsigned char* buf = NULL;
   int len = ASN1_STRING_to_UTF8(&buf, data);
   if (len <= 0)
     return false;

   value->assign(reinterpret_cast<const char*>(buf), len);
   OPENSSL_free(buf);
   return true;
 }

 bool ParsePrincipalKeyAndValueByIndex(X509_NAME* name,
                                       int index,
                                       std::string* key,
                                       std::string* value) {
   X509_NAME_ENTRY* entry = X509_NAME_get_entry(name, index);
   if (!entry)
     return false;

   return ParsePrincipalKeyAndValue(entry, key, value);
 }

 bool ParsePrincipalValueByIndex(X509_NAME* name,
                                 int index,
                                 std::string* value) {
   return ParsePrincipalKeyAndValueByIndex(name, index, NULL, value);
 }

 bool ParsePrincipalValueByNID(X509_NAME* name, int nid, std::string* value) {
   int index = X509_NAME_get_index_by_NID(name, nid, -1);
   if (index < 0)
     return false;

   return ParsePrincipalValueByIndex(name, index, value);
 }

 bool ParseDate(ASN1_TIME* x509_time, base::Time* time) {
   if (!x509_time ||
       (x509_time->type != V_ASN1_UTCTIME &&
        x509_time->type != V_ASN1_GENERALIZEDTIME))
     return false;

   base::StringPiece str_date(reinterpret_cast<const char*>(x509_time->data),
                              x509_time->length);

   CertDateFormat format = x509_time->type == V_ASN1_UTCTIME ?
       CERT_DATE_FORMAT_UTC_TIME : CERT_DATE_FORMAT_GENERALIZED_TIME;
   return ParseCertificateDate(str_date, format, time);
 }

 // Returns true if |der_cache| points to valid data, false otherwise.
 // (note: the DER-encoded data in |der_cache| is owned by |x509|, callers should
 // not free it).
 bool GetDER(X509* x509, base::StringPiece* der_cache) {
   if (x509->buf) {
     *der_cache = base::StringPiece(
         reinterpret_cast<const char*>(CRYPTO_BUFFER_data(x509->buf)),
         CRYPTO_BUFFER_len(x509->buf));
     return true;
   }

   int x509_der_cache_index =
       g_der_cache_singleton.Get().der_cache_ex_index();

   // Re-encoding the DER data via i2d_X509 is an expensive operation,
   // but it's necessary for comparing two certificates. Re-encode at
   // most once per certificate and cache the data within the X509 cert
   // using X509_set_ex_data.
   DERCache* internal_cache = static_cast<DERCache*>(
       X509_get_ex_data(x509, x509_der_cache_index));
   if (!internal_cache) {
     std::unique_ptr<DERCache> new_cache(new DERCache);
     if (!DerEncodeCert(x509, &new_cache->data))
       return false;
     internal_cache = new_cache.get();
     X509_set_ex_data(x509, x509_der_cache_index, new_cache.release());
   }
   *der_cache = base::StringPiece(internal_cache->data);
   return true;
 }

 }  // namespace x509_util

 }  // namespace net
	// Copyright (c) 2012 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "net/cert/x509_util_openssl.h"

	#include <limits.h>

	#include <algorithm>
	#include <memory>

	#include "base/lazy_instance.h"
	#include "base/logging.h"
	#include "base/macros.h"
	#include "base/strings/string_piece.h"
	#include "base/strings/string_util.h"
	#include "crypto/openssl_util.h"
	#include "net/cert/x509_cert_types.h"
	#include "net/cert/x509_util.h"
	#include "third_party/boringssl/src/include/openssl/asn1.h"
	#include "third_party/boringssl/src/include/openssl/mem.h"

	namespace net {

	namespace x509_util {

	namespace {

	// DER-encodes \|x509\|. On success, returns true and writes the
	// encoding to \|*out_der\|.
	bool DerEncodeCert(X509* x509, std::string* out_der) {
	int len = i2d_X509(x509, NULL);
	if (len < 0)
	return false;

	uint8_t* ptr = reinterpret_cast<uint8_t*>(base::WriteInto(out_der, len + 1));
	if (i2d_X509(x509, &ptr) < 0) {
	NOTREACHED();
	out_der->clear();
	return false;
	}
	return true;
	}

	struct DERCache {
	std::string data;
	};

	void DERCache_free(void* parent, void* ptr, CRYPTO_EX_DATA* ad, int idx,
	long argl, void* argp) {
	DERCache* der_cache = static_cast<DERCache*>(ptr);
	delete der_cache;
	}

	class DERCacheInitSingleton {
	public:
	DERCacheInitSingleton() {
	crypto::EnsureOpenSSLInit();
	der_cache_ex_index_ = X509_get_ex_new_index(0, 0, 0, 0, DERCache_free);
	DCHECK_NE(-1, der_cache_ex_index_);
	}

	int der_cache_ex_index() const { return der_cache_ex_index_; }

	private:
	int der_cache_ex_index_;

	DISALLOW_COPY_AND_ASSIGN(DERCacheInitSingleton);
	};

	base::LazyInstance<DERCacheInitSingleton>::Leaky g_der_cache_singleton =
	LAZY_INSTANCE_INITIALIZER;

	} // namespace

	bool ParsePrincipalKeyAndValue(X509_NAME_ENTRY* entry,
	std::string* key,
	std::string* value) {
	if (key) {
	ASN1_OBJECT* object = X509_NAME_ENTRY_get_object(entry);
	key->assign(OBJ_nid2sn(OBJ_obj2nid(object)));
	}

	ASN1_STRING* data = X509_NAME_ENTRY_get_data(entry);
	if (!data)
	return false;

	unsigned char* buf = NULL;
	int len = ASN1_STRING_to_UTF8(&buf, data);
	if (len <= 0)
	return false;

	value->assign(reinterpret_cast<const char*>(buf), len);
	OPENSSL_free(buf);
	return true;
	}

	bool ParsePrincipalKeyAndValueByIndex(X509_NAME* name,
	int index,
	std::string* key,
	std::string* value) {
	X509_NAME_ENTRY* entry = X509_NAME_get_entry(name, index);
	if (!entry)
	return false;

	return ParsePrincipalKeyAndValue(entry, key, value);
	}

	bool ParsePrincipalValueByIndex(X509_NAME* name,
	int index,
	std::string* value) {
	return ParsePrincipalKeyAndValueByIndex(name, index, NULL, value);
	}

	bool ParsePrincipalValueByNID(X509_NAME* name, int nid, std::string* value) {
	int index = X509_NAME_get_index_by_NID(name, nid, -1);
	if (index < 0)
	return false;

	return ParsePrincipalValueByIndex(name, index, value);
	}

	bool ParseDate(ASN1_TIME* x509_time, base::Time* time) {
	if (!x509_time \|\|
	(x509_time->type != V_ASN1_UTCTIME &&
	x509_time->type != V_ASN1_GENERALIZEDTIME))
	return false;

	base::StringPiece str_date(reinterpret_cast<const char*>(x509_time->data),
	x509_time->length);

	CertDateFormat format = x509_time->type == V_ASN1_UTCTIME ?
	CERT_DATE_FORMAT_UTC_TIME : CERT_DATE_FORMAT_GENERALIZED_TIME;
	return ParseCertificateDate(str_date, format, time);
	}

	// Returns true if \|der_cache\| points to valid data, false otherwise.
	// (note: the DER-encoded data in \|der_cache\| is owned by \|x509\|, callers should
	// not free it).
	bool GetDER(X509* x509, base::StringPiece* der_cache) {
	if (x509->buf) {
	*der_cache = base::StringPiece(
	reinterpret_cast<const char*>(CRYPTO_BUFFER_data(x509->buf)),
	CRYPTO_BUFFER_len(x509->buf));
	return true;
	}

	int x509_der_cache_index =
	g_der_cache_singleton.Get().der_cache_ex_index();

	// Re-encoding the DER data via i2d_X509 is an expensive operation,
	// but it's necessary for comparing two certificates. Re-encode at
	// most once per certificate and cache the data within the X509 cert
	// using X509_set_ex_data.
	DERCache* internal_cache = static_cast<DERCache*>(
	X509_get_ex_data(x509, x509_der_cache_index));
	if (!internal_cache) {
	std::unique_ptr<DERCache> new_cache(new DERCache);
	if (!DerEncodeCert(x509, &new_cache->data))
	return false;
	internal_cache = new_cache.get();
	X509_set_ex_data(x509, x509_der_cache_index, new_cache.release());
	}
	*der_cache = base::StringPiece(internal_cache->data);
	return true;
	}

	} // namespace x509_util

	} // namespace net