cef/libcef/browser/x509_certificate_impl.cc

// Copyright (c) 2016 The Chromium Embedded Framework Authors. All rights
// reserved. Use of this source code is governed by a BSD-style license that
// can be found in the LICENSE file.

#include "libcef/browser/x509_certificate_impl.h"

#include "libcef/browser/x509_cert_principal_impl.h"
#include "libcef/common/time_util.h"

#include "net/ssl/ssl_private_key.h"

namespace {

CefRefPtr<CefBinaryValue> EncodeCertificate(
    const net::X509Certificate::OSCertHandle& os_handle,
    bool der) {
  CefRefPtr<CefBinaryValue> bin_encoded;
  std::string encoded;

  if ((der && net::X509Certificate::GetDEREncoded(os_handle, &encoded)) ||
      (!der && net::X509Certificate::GetPEMEncoded(os_handle, &encoded))) {
    bin_encoded = CefBinaryValue::Create(encoded.c_str(), encoded.size());
  }

  return bin_encoded;
}

}  // namespace

CefX509CertificateImpl::CefX509CertificateImpl(
    std::unique_ptr<net::ClientCertIdentity> identity)
    : identity_(std::move(identity)), cert_(identity_->certificate()) {}

CefX509CertificateImpl::CefX509CertificateImpl(
    scoped_refptr<net::X509Certificate> cert)
    : cert_(cert) {}

CefRefPtr<CefX509CertPrincipal> CefX509CertificateImpl::GetSubject() {
  if (cert_)
    return new CefX509CertPrincipalImpl(cert_->subject());
  return nullptr;
}

CefRefPtr<CefX509CertPrincipal> CefX509CertificateImpl::GetIssuer() {
  if (cert_)
    return new CefX509CertPrincipalImpl(cert_->issuer());
  return nullptr;
}

CefRefPtr<CefBinaryValue> CefX509CertificateImpl::GetSerialNumber() {
  if (cert_) {
    const std::string& serial = cert_->serial_number();
    return CefBinaryValue::Create(serial.c_str(), serial.size());
  }
  return nullptr;
}

CefTime CefX509CertificateImpl::GetValidStart() {
  CefTime validity;
  if (cert_) {
    const base::Time& valid_time = cert_->valid_start();
    if (!valid_time.is_null())
      cef_time_from_basetime(valid_time, validity);
  }
  return validity;
}

CefTime CefX509CertificateImpl::GetValidExpiry() {
  CefTime validity;
  if (cert_) {
    const base::Time& valid_time = cert_->valid_expiry();
    if (!valid_time.is_null())
      cef_time_from_basetime(valid_time, validity);
  }
  return validity;
}

CefRefPtr<CefBinaryValue> CefX509CertificateImpl::GetDEREncoded() {
  if (cert_) {
    net::X509Certificate::OSCertHandle os_handle = cert_->os_cert_handle();
    if (os_handle)
      return EncodeCertificate(os_handle, true);
  }
  return nullptr;
}

CefRefPtr<CefBinaryValue> CefX509CertificateImpl::GetPEMEncoded() {
  if (cert_) {
    net::X509Certificate::OSCertHandle os_handle = cert_->os_cert_handle();
    if (os_handle)
      return EncodeCertificate(os_handle, false);
  }
  return nullptr;
}

size_t CefX509CertificateImpl::GetIssuerChainSize() {
  if (cert_)
    return cert_->GetIntermediateCertificates().size();
  return 0;
}

void CefX509CertificateImpl::AcquirePrivateKey(
    const base::Callback<void(scoped_refptr<net::SSLPrivateKey>)>&
        private_key_callback) {
  if (identity_)
    identity_->AcquirePrivateKey(private_key_callback);
  else
    private_key_callback.Run(nullptr);
}

void CefX509CertificateImpl::GetEncodedIssuerChain(
    CefX509Certificate::IssuerChainBinaryList& chain,
    bool der) {
  chain.clear();
  if (cert_) {
    const net::X509Certificate::OSCertHandles& handles =
        cert_->GetIntermediateCertificates();
    for (net::X509Certificate::OSCertHandles::const_iterator it =
             handles.begin();
         it != handles.end(); it++) {
      // Add each to the chain, even if one conversion unexpectedly failed.
      // GetIssuerChainSize depends on these being the same length.
      chain.push_back(EncodeCertificate(*it, der));
    }
  }
}

void CefX509CertificateImpl::GetDEREncodedIssuerChain(
    CefX509Certificate::IssuerChainBinaryList& chain) {
  if (der_encoded_issuer_chain_.empty())
    GetEncodedIssuerChain(der_encoded_issuer_chain_, true);
  chain = der_encoded_issuer_chain_;
}

void CefX509CertificateImpl::GetPEMEncodedIssuerChain(
    CefX509Certificate::IssuerChainBinaryList& chain) {
  if (pem_encoded_issuer_chain_.empty())
    GetEncodedIssuerChain(pem_encoded_issuer_chain_, false);
  chain = pem_encoded_issuer_chain_;
}
Add API for SSL status and certificate retrieval (issue #1924) 2016-09-02 12:01:33 +02:00			`// Copyright (c) 2016 The Chromium Embedded Framework Authors. All rights`
			`// reserved. Use of this source code is governed by a BSD-style license that`
			`// can be found in the LICENSE file.`

Apply clang-format to all C, C++ and ObjC files (issue #2171) 2017-05-17 11:29:28 +02:00			`#include "libcef/browser/x509_certificate_impl.h"`
Update to Chromium revision ff259bab (#488528) 2017-07-27 01:19:27 +02:00
Move matching h file to top of header list (issue #2171) 2017-05-19 11:06:00 +02:00			`#include "libcef/browser/x509_cert_principal_impl.h"`
Add API for SSL status and certificate retrieval (issue #1924) 2016-09-02 12:01:33 +02:00			`#include "libcef/common/time_util.h"`

Update to Chromium revision ff259bab (#488528) 2017-07-27 01:19:27 +02:00			`#include "net/ssl/ssl_private_key.h"`

Add API for SSL status and certificate retrieval (issue #1924) 2016-09-02 12:01:33 +02:00			`namespace {`

Add callback for custom certificate selection (issue #1824) 2016-10-27 19:57:12 +02:00			`CefRefPtr<CefBinaryValue> EncodeCertificate(`
Apply clang-format to all C, C++ and ObjC files (issue #2171) 2017-05-17 11:29:28 +02:00			`const net::X509Certificate::OSCertHandle& os_handle,`
			`bool der) {`
Add callback for custom certificate selection (issue #1824) 2016-10-27 19:57:12 +02:00			`CefRefPtr<CefBinaryValue> bin_encoded;`
Add API for SSL status and certificate retrieval (issue #1924) 2016-09-02 12:01:33 +02:00			`std::string encoded;`
Add callback for custom certificate selection (issue #1824) 2016-10-27 19:57:12 +02:00
Apply clang-format to all C, C++ and ObjC files (issue #2171) 2017-05-17 11:29:28 +02:00			`if ((der && net::X509Certificate::GetDEREncoded(os_handle, &encoded)) \|\|`
Add callback for custom certificate selection (issue #1824) 2016-10-27 19:57:12 +02:00			`(!der && net::X509Certificate::GetPEMEncoded(os_handle, &encoded))) {`
			`bin_encoded = CefBinaryValue::Create(encoded.c_str(), encoded.size());`
Add API for SSL status and certificate retrieval (issue #1924) 2016-09-02 12:01:33 +02:00			`}`
Add callback for custom certificate selection (issue #1824) 2016-10-27 19:57:12 +02:00
			`return bin_encoded;`
Add API for SSL status and certificate retrieval (issue #1924) 2016-09-02 12:01:33 +02:00			`}`

			`} // namespace`

Update to Chromium revision ff259bab (#488528) 2017-07-27 01:19:27 +02:00			`CefX509CertificateImpl::CefX509CertificateImpl(`
			`std::unique_ptr<net::ClientCertIdentity> identity)`
			`: identity_(std::move(identity)), cert_(identity_->certificate()) {}`

Add API for SSL status and certificate retrieval (issue #1924) 2016-09-02 12:01:33 +02:00			`CefX509CertificateImpl::CefX509CertificateImpl(`
Add callback for custom certificate selection (issue #1824) 2016-10-27 19:57:12 +02:00			`scoped_refptr<net::X509Certificate> cert)`
Apply clang-format to all C, C++ and ObjC files (issue #2171) 2017-05-17 11:29:28 +02:00			`: cert_(cert) {}`
Add API for SSL status and certificate retrieval (issue #1924) 2016-09-02 12:01:33 +02:00
			`CefRefPtr<CefX509CertPrincipal> CefX509CertificateImpl::GetSubject() {`
Add callback for custom certificate selection (issue #1824) 2016-10-27 19:57:12 +02:00			`if (cert_)`
			`return new CefX509CertPrincipalImpl(cert_->subject());`
			`return nullptr;`
Add API for SSL status and certificate retrieval (issue #1924) 2016-09-02 12:01:33 +02:00			`}`

			`CefRefPtr<CefX509CertPrincipal> CefX509CertificateImpl::GetIssuer() {`
Add callback for custom certificate selection (issue #1824) 2016-10-27 19:57:12 +02:00			`if (cert_)`
			`return new CefX509CertPrincipalImpl(cert_->issuer());`
			`return nullptr;`
Add API for SSL status and certificate retrieval (issue #1924) 2016-09-02 12:01:33 +02:00			`}`

			`CefRefPtr<CefBinaryValue> CefX509CertificateImpl::GetSerialNumber() {`
Add callback for custom certificate selection (issue #1824) 2016-10-27 19:57:12 +02:00			`if (cert_) {`
			`const std::string& serial = cert_->serial_number();`
			`return CefBinaryValue::Create(serial.c_str(), serial.size());`
			`}`
			`return nullptr;`
Add API for SSL status and certificate retrieval (issue #1924) 2016-09-02 12:01:33 +02:00			`}`

			`CefTime CefX509CertificateImpl::GetValidStart() {`
Add callback for custom certificate selection (issue #1824) 2016-10-27 19:57:12 +02:00			`CefTime validity;`
			`if (cert_) {`
			`const base::Time& valid_time = cert_->valid_start();`
			`if (!valid_time.is_null())`
			`cef_time_from_basetime(valid_time, validity);`
			`}`
			`return validity;`
Add API for SSL status and certificate retrieval (issue #1924) 2016-09-02 12:01:33 +02:00			`}`

			`CefTime CefX509CertificateImpl::GetValidExpiry() {`
Add callback for custom certificate selection (issue #1824) 2016-10-27 19:57:12 +02:00			`CefTime validity;`
			`if (cert_) {`
			`const base::Time& valid_time = cert_->valid_expiry();`
			`if (!valid_time.is_null())`
			`cef_time_from_basetime(valid_time, validity);`
			`}`
			`return validity;`
Add API for SSL status and certificate retrieval (issue #1924) 2016-09-02 12:01:33 +02:00			`}`

			`CefRefPtr<CefBinaryValue> CefX509CertificateImpl::GetDEREncoded() {`
Add callback for custom certificate selection (issue #1824) 2016-10-27 19:57:12 +02:00			`if (cert_) {`
			`net::X509Certificate::OSCertHandle os_handle = cert_->os_cert_handle();`
			`if (os_handle)`
			`return EncodeCertificate(os_handle, true);`
			`}`
			`return nullptr;`
Add API for SSL status and certificate retrieval (issue #1924) 2016-09-02 12:01:33 +02:00			`}`

			`CefRefPtr<CefBinaryValue> CefX509CertificateImpl::GetPEMEncoded() {`
Add callback for custom certificate selection (issue #1824) 2016-10-27 19:57:12 +02:00			`if (cert_) {`
			`net::X509Certificate::OSCertHandle os_handle = cert_->os_cert_handle();`
			`if (os_handle)`
			`return EncodeCertificate(os_handle, false);`
			`}`
			`return nullptr;`
Add API for SSL status and certificate retrieval (issue #1924) 2016-09-02 12:01:33 +02:00			`}`

			`size_t CefX509CertificateImpl::GetIssuerChainSize() {`
Add callback for custom certificate selection (issue #1824) 2016-10-27 19:57:12 +02:00			`if (cert_)`
			`return cert_->GetIntermediateCertificates().size();`
			`return 0;`
			`}`

Update to Chromium revision ff259bab (#488528) 2017-07-27 01:19:27 +02:00			`void CefX509CertificateImpl::AcquirePrivateKey(`
			`const base::Callback<void(scoped_refptr<net::SSLPrivateKey>)>&`
			`private_key_callback) {`
			`if (identity_)`
			`identity_->AcquirePrivateKey(private_key_callback);`
			`else`
			`private_key_callback.Run(nullptr);`
			`}`

Add callback for custom certificate selection (issue #1824) 2016-10-27 19:57:12 +02:00			`void CefX509CertificateImpl::GetEncodedIssuerChain(`
Apply clang-format to all C, C++ and ObjC files (issue #2171) 2017-05-17 11:29:28 +02:00			`CefX509Certificate::IssuerChainBinaryList& chain,`
			`bool der) {`
Add callback for custom certificate selection (issue #1824) 2016-10-27 19:57:12 +02:00			`chain.clear();`
			`if (cert_) {`
			`const net::X509Certificate::OSCertHandles& handles =`
			`cert_->GetIntermediateCertificates();`
			`for (net::X509Certificate::OSCertHandles::const_iterator it =`
Apply clang-format to all C, C++ and ObjC files (issue #2171) 2017-05-17 11:29:28 +02:00			`handles.begin();`
			`it != handles.end(); it++) {`
Add callback for custom certificate selection (issue #1824) 2016-10-27 19:57:12 +02:00			`// Add each to the chain, even if one conversion unexpectedly failed.`
			`// GetIssuerChainSize depends on these being the same length.`
			`chain.push_back(EncodeCertificate(*it, der));`
			`}`
			`}`
Add API for SSL status and certificate retrieval (issue #1924) 2016-09-02 12:01:33 +02:00			`}`

			`void CefX509CertificateImpl::GetDEREncodedIssuerChain(`
			`CefX509Certificate::IssuerChainBinaryList& chain) {`
Add callback for custom certificate selection (issue #1824) 2016-10-27 19:57:12 +02:00			`if (der_encoded_issuer_chain_.empty())`
			`GetEncodedIssuerChain(der_encoded_issuer_chain_, true);`
Add API for SSL status and certificate retrieval (issue #1924) 2016-09-02 12:01:33 +02:00			`chain = der_encoded_issuer_chain_;`
			`}`

			`void CefX509CertificateImpl::GetPEMEncodedIssuerChain(`
			`CefX509Certificate::IssuerChainBinaryList& chain) {`
Add callback for custom certificate selection (issue #1824) 2016-10-27 19:57:12 +02:00			`if (pem_encoded_issuer_chain_.empty())`
			`GetEncodedIssuerChain(pem_encoded_issuer_chain_, false);`
Add API for SSL status and certificate retrieval (issue #1924) 2016-09-02 12:01:33 +02:00			`chain = pem_encoded_issuer_chain_;`
			`}`