cef/libcef/browser/ssl_info_impl.cc

// Copyright (c) 2015 The Chromium Embedded Framework Authors. All rights
// reserved. Use of this source code is governed by a BSD-style license that
// can be found in the LICENSE file.

#include "libcef/browser/ssl_info_impl.h"
#include "libcef/browser/ssl_cert_principal_impl.h"
#include "libcef/common/time_util.h"

#include "net/cert/cert_status_flags.h"
#include "net/cert/x509_certificate.h"

namespace {

void EncodeCertificate(
    const net::X509Certificate::OSCertHandle& os_handle,
    CefRefPtr<CefBinaryValue>& der_encoded,
    CefRefPtr<CefBinaryValue>& pem_encoded) {
  std::string encoded;
  if (net::X509Certificate::GetDEREncoded(os_handle, &encoded)) {
    der_encoded = CefBinaryValue::Create(encoded.c_str(),
                                         encoded.size());
  }
  encoded.clear();
  if (net::X509Certificate::GetPEMEncoded(os_handle, &encoded)) {
    pem_encoded = CefBinaryValue::Create(encoded.c_str(),
                                         encoded.size());
  }
}

}  // namespace

CefSSLInfoImpl::CefSSLInfoImpl(const net::SSLInfo& value)
    : cert_status_(CERT_STATUS_NONE) {
  if (value.cert.get()) {
    cert_status_ = static_cast<cef_cert_status_t>(value.cert_status);

    subject_ = new CefSSLCertPrincipalImpl(value.cert->subject());
    issuer_ = new CefSSLCertPrincipalImpl(value.cert->issuer());

    const std::string& serial_number = value.cert->serial_number();
    serial_number_ = CefBinaryValue::Create(serial_number.c_str(),
                                            serial_number.size());

    const base::Time& valid_start = value.cert->valid_start();
    if (!valid_start.is_null())
      cef_time_from_basetime(valid_start, valid_start_);

    const base::Time& valid_expiry = value.cert->valid_expiry();
    if (!valid_expiry.is_null())
      cef_time_from_basetime(valid_expiry, valid_expiry_);

    net::X509Certificate::OSCertHandle os_handle = value.cert->os_cert_handle();
    if (os_handle)
      EncodeCertificate(os_handle, der_encoded_, pem_encoded_);

    const net::X509Certificate::OSCertHandles& issuer_chain =
      value.cert->GetIntermediateCertificates();
    for (net::X509Certificate::OSCertHandles::const_iterator it =
         issuer_chain.begin(); it != issuer_chain.end(); it++) {
      CefRefPtr<CefBinaryValue> der_encoded, pem_encoded;
      EncodeCertificate(*it, der_encoded, pem_encoded);

      // Add each to the chain, even if one conversion unexpectedly failed.
      // GetIssuerChainSize depends on these being the same length.
      der_encoded_issuer_chain_.push_back(der_encoded);
      pem_encoded_issuer_chain_.push_back(pem_encoded);
    }
  }
}

cef_cert_status_t CefSSLInfoImpl::GetCertStatus() {
   return cert_status_;
}

bool CefSSLInfoImpl::IsCertStatusError() {
   return net::IsCertStatusError(cert_status_);
}

bool CefSSLInfoImpl::IsCertStatusMinorError() {
   return net::IsCertStatusMinorError(cert_status_);
}

CefRefPtr<CefSSLCertPrincipal> CefSSLInfoImpl::GetSubject() {
  return subject_;
}

CefRefPtr<CefSSLCertPrincipal> CefSSLInfoImpl::GetIssuer() {
  return issuer_;
}

CefRefPtr<CefBinaryValue> CefSSLInfoImpl::GetSerialNumber() {
  return serial_number_;
}

CefTime CefSSLInfoImpl::GetValidStart() {
  return valid_start_;
}

CefTime CefSSLInfoImpl::GetValidExpiry() {
  return valid_expiry_;
}

CefRefPtr<CefBinaryValue> CefSSLInfoImpl::GetDEREncoded() {
  return der_encoded_;
}

CefRefPtr<CefBinaryValue> CefSSLInfoImpl::GetPEMEncoded() {
  return pem_encoded_;
}

size_t CefSSLInfoImpl::GetIssuerChainSize() {
  return der_encoded_issuer_chain_.size();
}

void CefSSLInfoImpl::GetDEREncodedIssuerChain(
    CefSSLInfo::IssuerChainBinaryList& chain) {
  chain = der_encoded_issuer_chain_;
}

void CefSSLInfoImpl::GetPEMEncodedIssuerChain(
    CefSSLInfo::IssuerChainBinaryList& chain) {
  chain = pem_encoded_issuer_chain_;
}
- Pass SSL certificate information to CefRequestHandler::OnCertificateError via a new CefSSLInfo interface (issue #1530). - cefclient: Improve error message text and use a data: URI instead of LoadString for loading error messages (issue #579). - Add functions in cef_url.h for base64 and URI encoding/decoding (issue #579). git-svn-id: https://chromiumembedded.googlecode.com/svn/trunk@2028 5089003a-bbd8-11dd-ad1f-f1f9622dbc98 2015-02-11 19:15:04 +01:00			`// Copyright (c) 2015 The Chromium Embedded Framework Authors. All rights`
			`// reserved. Use of this source code is governed by a BSD-style license that`
			`// can be found in the LICENSE file.`

			`#include "libcef/browser/ssl_info_impl.h"`
			`#include "libcef/browser/ssl_cert_principal_impl.h"`
			`#include "libcef/common/time_util.h"`

Expose additional SSL certificate information. - Provide access to the full certificate issuer chain (issue #1530) - Add several missing certificate error codes to cef_errorcode_t (issue #1784) - Provide the full certificate status bitmask (issue #1790) 2015-12-18 19:03:03 +01:00			`#include "net/cert/cert_status_flags.h"`
- Pass SSL certificate information to CefRequestHandler::OnCertificateError via a new CefSSLInfo interface (issue #1530). - cefclient: Improve error message text and use a data: URI instead of LoadString for loading error messages (issue #579). - Add functions in cef_url.h for base64 and URI encoding/decoding (issue #579). git-svn-id: https://chromiumembedded.googlecode.com/svn/trunk@2028 5089003a-bbd8-11dd-ad1f-f1f9622dbc98 2015-02-11 19:15:04 +01:00			`#include "net/cert/x509_certificate.h"`

Expose additional SSL certificate information. - Provide access to the full certificate issuer chain (issue #1530) - Add several missing certificate error codes to cef_errorcode_t (issue #1784) - Provide the full certificate status bitmask (issue #1790) 2015-12-18 19:03:03 +01:00			`namespace {`

			`void EncodeCertificate(`
			`const net::X509Certificate::OSCertHandle& os_handle,`
			`CefRefPtr<CefBinaryValue>& der_encoded,`
			`CefRefPtr<CefBinaryValue>& pem_encoded) {`
			`std::string encoded;`
			`if (net::X509Certificate::GetDEREncoded(os_handle, &encoded)) {`
			`der_encoded = CefBinaryValue::Create(encoded.c_str(),`
			`encoded.size());`
			`}`
			`encoded.clear();`
			`if (net::X509Certificate::GetPEMEncoded(os_handle, &encoded)) {`
			`pem_encoded = CefBinaryValue::Create(encoded.c_str(),`
			`encoded.size());`
			`}`
			`}`

			`} // namespace`

			`CefSSLInfoImpl::CefSSLInfoImpl(const net::SSLInfo& value)`
			`: cert_status_(CERT_STATUS_NONE) {`
- Pass SSL certificate information to CefRequestHandler::OnCertificateError via a new CefSSLInfo interface (issue #1530). - cefclient: Improve error message text and use a data: URI instead of LoadString for loading error messages (issue #579). - Add functions in cef_url.h for base64 and URI encoding/decoding (issue #579). git-svn-id: https://chromiumembedded.googlecode.com/svn/trunk@2028 5089003a-bbd8-11dd-ad1f-f1f9622dbc98 2015-02-11 19:15:04 +01:00			`if (value.cert.get()) {`
Expose additional SSL certificate information. - Provide access to the full certificate issuer chain (issue #1530) - Add several missing certificate error codes to cef_errorcode_t (issue #1784) - Provide the full certificate status bitmask (issue #1790) 2015-12-18 19:03:03 +01:00			`cert_status_ = static_cast<cef_cert_status_t>(value.cert_status);`

- Pass SSL certificate information to CefRequestHandler::OnCertificateError via a new CefSSLInfo interface (issue #1530). - cefclient: Improve error message text and use a data: URI instead of LoadString for loading error messages (issue #579). - Add functions in cef_url.h for base64 and URI encoding/decoding (issue #579). git-svn-id: https://chromiumembedded.googlecode.com/svn/trunk@2028 5089003a-bbd8-11dd-ad1f-f1f9622dbc98 2015-02-11 19:15:04 +01:00			`subject_ = new CefSSLCertPrincipalImpl(value.cert->subject());`
			`issuer_ = new CefSSLCertPrincipalImpl(value.cert->issuer());`

			`const std::string& serial_number = value.cert->serial_number();`
			`serial_number_ = CefBinaryValue::Create(serial_number.c_str(),`
			`serial_number.size());`

			`const base::Time& valid_start = value.cert->valid_start();`
			`if (!valid_start.is_null())`
			`cef_time_from_basetime(valid_start, valid_start_);`

			`const base::Time& valid_expiry = value.cert->valid_expiry();`
			`if (!valid_expiry.is_null())`
			`cef_time_from_basetime(valid_expiry, valid_expiry_);`

			`net::X509Certificate::OSCertHandle os_handle = value.cert->os_cert_handle();`
Expose additional SSL certificate information. - Provide access to the full certificate issuer chain (issue #1530) - Add several missing certificate error codes to cef_errorcode_t (issue #1784) - Provide the full certificate status bitmask (issue #1790) 2015-12-18 19:03:03 +01:00			`if (os_handle)`
			`EncodeCertificate(os_handle, der_encoded_, pem_encoded_);`

			`const net::X509Certificate::OSCertHandles& issuer_chain =`
			`value.cert->GetIntermediateCertificates();`
			`for (net::X509Certificate::OSCertHandles::const_iterator it =`
			`issuer_chain.begin(); it != issuer_chain.end(); it++) {`
			`CefRefPtr<CefBinaryValue> der_encoded, pem_encoded;`
			`EncodeCertificate(*it, der_encoded, pem_encoded);`

			`// Add each to the chain, even if one conversion unexpectedly failed.`
			`// GetIssuerChainSize depends on these being the same length.`
			`der_encoded_issuer_chain_.push_back(der_encoded);`
			`pem_encoded_issuer_chain_.push_back(pem_encoded);`
- Pass SSL certificate information to CefRequestHandler::OnCertificateError via a new CefSSLInfo interface (issue #1530). - cefclient: Improve error message text and use a data: URI instead of LoadString for loading error messages (issue #579). - Add functions in cef_url.h for base64 and URI encoding/decoding (issue #579). git-svn-id: https://chromiumembedded.googlecode.com/svn/trunk@2028 5089003a-bbd8-11dd-ad1f-f1f9622dbc98 2015-02-11 19:15:04 +01:00			`}`
			`}`
			`}`

Expose additional SSL certificate information. - Provide access to the full certificate issuer chain (issue #1530) - Add several missing certificate error codes to cef_errorcode_t (issue #1784) - Provide the full certificate status bitmask (issue #1790) 2015-12-18 19:03:03 +01:00			`cef_cert_status_t CefSSLInfoImpl::GetCertStatus() {`
			`return cert_status_;`
			`}`

			`bool CefSSLInfoImpl::IsCertStatusError() {`
			`return net::IsCertStatusError(cert_status_);`
			`}`

			`bool CefSSLInfoImpl::IsCertStatusMinorError() {`
			`return net::IsCertStatusMinorError(cert_status_);`
			`}`

- Pass SSL certificate information to CefRequestHandler::OnCertificateError via a new CefSSLInfo interface (issue #1530). - cefclient: Improve error message text and use a data: URI instead of LoadString for loading error messages (issue #579). - Add functions in cef_url.h for base64 and URI encoding/decoding (issue #579). git-svn-id: https://chromiumembedded.googlecode.com/svn/trunk@2028 5089003a-bbd8-11dd-ad1f-f1f9622dbc98 2015-02-11 19:15:04 +01:00			`CefRefPtr<CefSSLCertPrincipal> CefSSLInfoImpl::GetSubject() {`
			`return subject_;`
			`}`

			`CefRefPtr<CefSSLCertPrincipal> CefSSLInfoImpl::GetIssuer() {`
			`return issuer_;`
			`}`

			`CefRefPtr<CefBinaryValue> CefSSLInfoImpl::GetSerialNumber() {`
			`return serial_number_;`
			`}`

			`CefTime CefSSLInfoImpl::GetValidStart() {`
			`return valid_start_;`
			`}`

			`CefTime CefSSLInfoImpl::GetValidExpiry() {`
			`return valid_expiry_;`
			`}`

			`CefRefPtr<CefBinaryValue> CefSSLInfoImpl::GetDEREncoded() {`
			`return der_encoded_;`
			`}`

			`CefRefPtr<CefBinaryValue> CefSSLInfoImpl::GetPEMEncoded() {`
			`return pem_encoded_;`
			`}`
Expose additional SSL certificate information. - Provide access to the full certificate issuer chain (issue #1530) - Add several missing certificate error codes to cef_errorcode_t (issue #1784) - Provide the full certificate status bitmask (issue #1790) 2015-12-18 19:03:03 +01:00
			`size_t CefSSLInfoImpl::GetIssuerChainSize() {`
			`return der_encoded_issuer_chain_.size();`
			`}`

			`void CefSSLInfoImpl::GetDEREncodedIssuerChain(`
			`CefSSLInfo::IssuerChainBinaryList& chain) {`
			`chain = der_encoded_issuer_chain_;`
			`}`

			`void CefSSLInfoImpl::GetPEMEncodedIssuerChain(`
			`CefSSLInfo::IssuerChainBinaryList& chain) {`
			`chain = pem_encoded_issuer_chain_;`
			`}`