net/base/cert_test_util.cc - platform/external/chromium - Git at Google

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "net/base/cert_test_util.h"

 #include "build/build_config.h"

 #if defined(USE_OPENSSL)
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 #include <openssl/x509v3.h>
 #include "base/openssl_util.h"
 #elif defined(USE_NSS)
 #include <cert.h>
 #include "base/nss_util.h"
 #elif defined(OS_MACOSX)
 #include <Security/Security.h>
 #include "base/mac/scoped_cftyperef.h"
 #endif

 #include "base/file_util.h"
 #include "base/logging.h"
 #include "base/path_service.h"
 #include "net/base/x509_certificate.h"

 namespace net {

 #if defined(USE_OPENSSL)
 X509Certificate* AddTemporaryRootCertToStore(X509* x509_cert) {
   if (!X509_STORE_add_cert(X509Certificate::cert_store(), x509_cert)) {
     unsigned long error_code = ERR_get_error();
     if (ERR_GET_LIB(error_code) != ERR_LIB_X509 ||
         ERR_GET_REASON(error_code) != X509_R_CERT_ALREADY_IN_HASH_TABLE) {
       base::ClearOpenSSLERRStack();
       return NULL;
     }
   }
   return X509Certificate::CreateFromHandle(
       x509_cert, X509Certificate::SOURCE_LONE_CERT_IMPORT,
       X509Certificate::OSCertHandles());
 }

 X509Certificate* LoadTemporaryRootCert(const FilePath& filename) {
   base::EnsureOpenSSLInit();

   std::string rawcert;
   if (!file_util::ReadFileToString(filename, &rawcert)) {
     LOG(ERROR) << "Can't load certificate " << filename.value();
     return NULL;
   }

   base::ScopedOpenSSL<BIO, BIO_free_all> cert_bio(
       BIO_new_mem_buf(const_cast<char*>(rawcert.c_str()),
                       rawcert.length()));
   if (!cert_bio.get()) {
     LOG(ERROR) << "Can't create read-only BIO " << filename.value();
     return NULL;
   }

   base::ScopedOpenSSL<X509, X509_free> pem_cert(PEM_read_bio_X509(
       cert_bio.get(), NULL, NULL, NULL));
   if (pem_cert.get())
     return AddTemporaryRootCertToStore(pem_cert.get());

   // File does not contain PEM data, let's try DER.
   const unsigned char* der_data =
       reinterpret_cast<const unsigned char*>(rawcert.c_str());
   int der_length = rawcert.length();
   base::ScopedOpenSSL<X509, X509_free> der_cert(d2i_X509(
       NULL, &der_data, der_length));
   if (der_cert.get())
     return AddTemporaryRootCertToStore(der_cert.get());

   LOG(ERROR) << "Can't parse certificate " << filename.value();
   return NULL;
 }
 #elif defined(USE_NSS)
 X509Certificate* LoadTemporaryRootCert(const FilePath& filename) {
   base::EnsureNSSInit();

   std::string rawcert;
   if (!file_util::ReadFileToString(filename, &rawcert)) {
     LOG(ERROR) << "Can't load certificate " << filename.value();
     return NULL;
   }

   CERTCertificate *cert;
   cert = CERT_DecodeCertFromPackage(const_cast<char *>(rawcert.c_str()),
                                     rawcert.length());
   if (!cert) {
     LOG(ERROR) << "Can't convert certificate " << filename.value();
     return NULL;
   }

   // TODO(port): remove this const_cast after NSS 3.12.3 is released
   CERTCertTrust trust;
   int rv = CERT_DecodeTrustString(&trust, const_cast<char *>("TCu,Cu,Tu"));
   if (rv != SECSuccess) {
     LOG(ERROR) << "Can't decode trust string";
     CERT_DestroyCertificate(cert);
     return NULL;
   }

   rv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, &trust);
   if (rv != SECSuccess) {
     LOG(ERROR) << "Can't change trust for certificate " << filename.value();
     CERT_DestroyCertificate(cert);
     return NULL;
   }

   X509Certificate* result = X509Certificate::CreateFromHandle(
       cert,
       X509Certificate::SOURCE_LONE_CERT_IMPORT,
       X509Certificate::OSCertHandles());
   CERT_DestroyCertificate(cert);
   return result;
 }
 #endif

 #if defined(OS_MACOSX)
 X509Certificate* LoadTemporaryRootCert(const FilePath& filename) {
   std::string rawcert;
   if (!file_util::ReadFileToString(filename, &rawcert)) {
     LOG(ERROR) << "Can't load certificate " << filename.value();
     return NULL;
   }

   CFDataRef pem = CFDataCreate(kCFAllocatorDefault,
                                reinterpret_cast<const UInt8*>(rawcert.data()),
                                static_cast<CFIndex>(rawcert.size()));
   if (!pem)
     return NULL;
   base::mac::ScopedCFTypeRef<CFDataRef> scoped_pem(pem);

   SecExternalFormat input_format = kSecFormatUnknown;
   SecExternalItemType item_type = kSecItemTypeUnknown;
   CFArrayRef cert_array = NULL;
   if (SecKeychainItemImport(pem, NULL, &input_format, &item_type, 0, NULL, NULL,
                             &cert_array))
     return NULL;
   base::mac::ScopedCFTypeRef<CFArrayRef> scoped_cert_array(cert_array);

   if (!CFArrayGetCount(cert_array))
     return NULL;

   SecCertificateRef cert_ref = static_cast<SecCertificateRef>(
       const_cast<void*>(CFArrayGetValueAtIndex(cert_array, 0)));

   return X509Certificate::CreateFromHandle(cert_ref,
       X509Certificate::SOURCE_LONE_CERT_IMPORT,
       X509Certificate::OSCertHandles());
 }
 #endif

 }  // namespace net
	// Copyright (c) 2010 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "net/base/cert_test_util.h"

	#include "build/build_config.h"

	#if defined(USE_OPENSSL)
	#include <openssl/err.h>
	#include <openssl/ssl.h>
	#include <openssl/x509v3.h>
	#include "base/openssl_util.h"
	#elif defined(USE_NSS)
	#include <cert.h>
	#include "base/nss_util.h"
	#elif defined(OS_MACOSX)
	#include <Security/Security.h>
	#include "base/mac/scoped_cftyperef.h"
	#endif

	#include "base/file_util.h"
	#include "base/logging.h"
	#include "base/path_service.h"
	#include "net/base/x509_certificate.h"

	namespace net {

	#if defined(USE_OPENSSL)
	X509Certificate* AddTemporaryRootCertToStore(X509* x509_cert) {
	if (!X509_STORE_add_cert(X509Certificate::cert_store(), x509_cert)) {
	unsigned long error_code = ERR_get_error();
	if (ERR_GET_LIB(error_code) != ERR_LIB_X509 \|\|
	ERR_GET_REASON(error_code) != X509_R_CERT_ALREADY_IN_HASH_TABLE) {
	base::ClearOpenSSLERRStack();
	return NULL;
	}
	}
	return X509Certificate::CreateFromHandle(
	x509_cert, X509Certificate::SOURCE_LONE_CERT_IMPORT,
	X509Certificate::OSCertHandles());
	}

	X509Certificate* LoadTemporaryRootCert(const FilePath& filename) {
	base::EnsureOpenSSLInit();

	std::string rawcert;
	if (!file_util::ReadFileToString(filename, &rawcert)) {
	LOG(ERROR) << "Can't load certificate " << filename.value();
	return NULL;
	}

	base::ScopedOpenSSL<BIO, BIO_free_all> cert_bio(
	BIO_new_mem_buf(const_cast<char*>(rawcert.c_str()),
	rawcert.length()));
	if (!cert_bio.get()) {
	LOG(ERROR) << "Can't create read-only BIO " << filename.value();
	return NULL;
	}

	base::ScopedOpenSSL<X509, X509_free> pem_cert(PEM_read_bio_X509(
	cert_bio.get(), NULL, NULL, NULL));
	if (pem_cert.get())
	return AddTemporaryRootCertToStore(pem_cert.get());

	// File does not contain PEM data, let's try DER.
	const unsigned char* der_data =
	reinterpret_cast<const unsigned char*>(rawcert.c_str());
	int der_length = rawcert.length();
	base::ScopedOpenSSL<X509, X509_free> der_cert(d2i_X509(
	NULL, &der_data, der_length));
	if (der_cert.get())
	return AddTemporaryRootCertToStore(der_cert.get());

	LOG(ERROR) << "Can't parse certificate " << filename.value();
	return NULL;
	}
	#elif defined(USE_NSS)
	X509Certificate* LoadTemporaryRootCert(const FilePath& filename) {
	base::EnsureNSSInit();

	std::string rawcert;
	if (!file_util::ReadFileToString(filename, &rawcert)) {
	LOG(ERROR) << "Can't load certificate " << filename.value();
	return NULL;
	}

	CERTCertificate *cert;
	cert = CERT_DecodeCertFromPackage(const_cast<char *>(rawcert.c_str()),
	rawcert.length());
	if (!cert) {
	LOG(ERROR) << "Can't convert certificate " << filename.value();
	return NULL;
	}

	// TODO(port): remove this const_cast after NSS 3.12.3 is released
	CERTCertTrust trust;
	int rv = CERT_DecodeTrustString(&trust, const_cast<char *>("TCu,Cu,Tu"));
	if (rv != SECSuccess) {
	LOG(ERROR) << "Can't decode trust string";
	CERT_DestroyCertificate(cert);
	return NULL;
	}

	rv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, &trust);
	if (rv != SECSuccess) {
	LOG(ERROR) << "Can't change trust for certificate " << filename.value();
	CERT_DestroyCertificate(cert);
	return NULL;
	}

	X509Certificate* result = X509Certificate::CreateFromHandle(
	cert,
	X509Certificate::SOURCE_LONE_CERT_IMPORT,
	X509Certificate::OSCertHandles());
	CERT_DestroyCertificate(cert);
	return result;
	}
	#endif

	#if defined(OS_MACOSX)
	X509Certificate* LoadTemporaryRootCert(const FilePath& filename) {
	std::string rawcert;
	if (!file_util::ReadFileToString(filename, &rawcert)) {
	LOG(ERROR) << "Can't load certificate " << filename.value();
	return NULL;
	}

	CFDataRef pem = CFDataCreate(kCFAllocatorDefault,
	reinterpret_cast<const UInt8*>(rawcert.data()),
	static_cast<CFIndex>(rawcert.size()));
	if (!pem)
	return NULL;
	base::mac::ScopedCFTypeRef<CFDataRef> scoped_pem(pem);

	SecExternalFormat input_format = kSecFormatUnknown;
	SecExternalItemType item_type = kSecItemTypeUnknown;
	CFArrayRef cert_array = NULL;
	if (SecKeychainItemImport(pem, NULL, &input_format, &item_type, 0, NULL, NULL,
	&cert_array))
	return NULL;
	base::mac::ScopedCFTypeRef<CFArrayRef> scoped_cert_array(cert_array);

	if (!CFArrayGetCount(cert_array))
	return NULL;

	SecCertificateRef cert_ref = static_cast<SecCertificateRef>(
	const_cast<void*>(CFArrayGetValueAtIndex(cert_array, 0)));

	return X509Certificate::CreateFromHandle(cert_ref,
	X509Certificate::SOURCE_LONE_CERT_IMPORT,
	X509Certificate::OSCertHandles());
	}
	#endif

	} // namespace net