Add support for loading certificate revocation lists (issue #2213)

2025-06-05 21:39:12 +02:00 · 2017-07-11 15:02:44 -04:00
parent 4407ef95c4
commit 6c71485135
9 changed files with 127 additions and 3 deletions
--- a/libcef/browser/net/crlset_file_util_impl.cc
+++ b/libcef/browser/net/crlset_file_util_impl.cc
@ -0,0 +1,65 @@
+// Copyright 2017 The Chromium Embedded Framework Authors. All rights
+// reserved. Use of this source code is governed by a BSD-style license that can
+// be found in the LICENSE file.
+
+#include "include/cef_file_util.h"
+
+#include "libcef/browser/context.h"
+#include "libcef/browser/thread_util.h"
+
+#include "base/files/file_util.h"
+#include "base/logging.h"
+#include "base/task_scheduler/post_task.h"
+#include "base/threading/thread_restrictions.h"
+#include "net/cert/crl_set.h"
+#include "net/cert/crl_set_storage.h"
+#include "net/ssl/ssl_config_service.h"
+
+namespace {
+
+// Based on chrome/browser/net/crl_set_fetcher.cc.
+
+void SetCRLSetIfNewer(scoped_refptr<net::CRLSet> crl_set) {
+  CEF_REQUIRE_IOT();
+
+  scoped_refptr<net::CRLSet> old_crl_set(net::SSLConfigService::GetCRLSet());
+  if (old_crl_set.get() && old_crl_set->sequence() > crl_set->sequence()) {
+    LOG(WARNING) << "Refusing to downgrade CRL set from #"
+                 << old_crl_set->sequence() << "to #" << crl_set->sequence();
+  } else {
+    net::SSLConfigService::SetCRLSet(crl_set);
+    VLOG(1) << "Installed CRL set #" << crl_set->sequence();
+  }
+}
+
+void LoadFromDisk(const base::FilePath& path) {
+  base::ThreadRestrictions::AssertIOAllowed();
+
+  std::string crl_set_bytes;
+  if (!base::ReadFileToString(path, &crl_set_bytes)) {
+    LOG(WARNING) << "Failed to read CRL set from " << path.MaybeAsASCII();
+    return;
+  }
+
+  scoped_refptr<net::CRLSet> crl_set;
+  if (!net::CRLSetStorage::Parse(crl_set_bytes, &crl_set)) {
+    LOG(WARNING) << "Failed to parse CRL set from " << path.MaybeAsASCII();
+    return;
+  }
+
+  VLOG(1) << "Loaded " << crl_set_bytes.size() << " bytes of CRL set from disk";
+  CEF_POST_TASK(CEF_IOT, base::BindOnce(&SetCRLSetIfNewer, crl_set));
+}
+
+}  // namespace
+
+void CefLoadCRLSetsFile(const CefString& path) {
+  if (!CONTEXT_STATE_VALID()) {
+    NOTREACHED() << "context not valid";
+    return;
+  }
+
+  base::PostTaskWithTraits(FROM_HERE,
+                           {base::TaskPriority::BACKGROUND, base::MayBlock()},
+                           base::BindOnce(&LoadFromDisk, path));
+}