forked from chromium/chromium
-
Notifications
You must be signed in to change notification settings - Fork 0
/
certificate_helper.cc
96 lines (75 loc) · 2.83 KB
/
certificate_helper.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chromeos/network/certificate_helper.h"
#include <cert.h>
#include <certdb.h>
#include <pk11pub.h>
#include <secport.h>
#include "base/strings/string16.h"
#include "base/strings/utf_string_conversions.h"
#include "components/url_formatter/url_formatter.h"
#include "net/cert/nss_cert_database_chromeos.h"
#include "net/cert/x509_util_nss.h"
namespace chromeos {
namespace certificate {
namespace {
// Convert a char* return value from NSS into a std::string and free the NSS
// memory. If |nss_text| is null, |alternative_text| will be returned instead.
std::string Stringize(char* nss_text, const std::string& alternative_text) {
if (!nss_text)
return alternative_text;
std::string s = nss_text;
PORT_Free(nss_text);
return !s.empty() ? s : alternative_text;
}
std::string GetNickname(CERTCertificate* cert_handle) {
if (!cert_handle->nickname)
return std::string();
std::string name = cert_handle->nickname;
// Hack copied from mozilla: Cut off text before first :, which seems to
// just be the token name.
size_t colon_pos = name.find(':');
if (colon_pos != std::string::npos)
name = name.substr(colon_pos + 1);
return name;
}
} // namespace
net::CertType GetCertType(CERTCertificate* cert_handle) {
CERTCertTrust trust = {0};
CERT_GetCertTrust(cert_handle, &trust);
unsigned all_flags =
trust.sslFlags | trust.emailFlags | trust.objectSigningFlags;
if (cert_handle->nickname && (all_flags & CERTDB_USER))
return net::USER_CERT;
if ((all_flags & CERTDB_VALID_CA) || CERT_IsCACert(cert_handle, nullptr))
return net::CA_CERT;
// TODO(mattm): http://crbug.com/128633.
if (trust.sslFlags & CERTDB_TERMINAL_RECORD)
return net::SERVER_CERT;
return net::OTHER_CERT;
}
std::string GetCertTokenName(CERTCertificate* cert_handle) {
std::string token;
if (cert_handle->slot)
token = PK11_GetTokenName(cert_handle->slot);
return token;
}
std::string GetIssuerDisplayName(CERTCertificate* cert_handle) {
return net::x509_util::GetCERTNameDisplayName(&cert_handle->issuer);
}
std::string GetCertNameOrNickname(CERTCertificate* cert_handle) {
std::string name = GetCertAsciiNameOrNickname(cert_handle);
if (!name.empty())
name = base::UTF16ToUTF8(url_formatter::IDNToUnicode(name));
return name;
}
std::string GetCertAsciiSubjectCommonName(CERTCertificate* cert_handle) {
return Stringize(CERT_GetCommonName(&cert_handle->subject), std::string());
}
std::string GetCertAsciiNameOrNickname(CERTCertificate* cert_handle) {
std::string alternative_text = GetNickname(cert_handle);
return Stringize(CERT_GetCommonName(&cert_handle->subject), alternative_text);
}
} // namespace certificate
} // namespace chromeos