Add X509CertificateBytes which uses CRYPTO_BUFFER instead of macOS-native certificate types.
(Other platforms will come in later CLs.)
BUG=671420
Review-Url: https://codereview.chromium.org/2746103003
Cr-Commit-Position: refs/heads/master@{#463507}
diff --git a/net/cert/internal/parse_name.cc b/net/cert/internal/parse_name.cc
index 2e7a8e7..d9eaaeed 100644
--- a/net/cert/internal/parse_name.cc
+++ b/net/cert/internal/parse_name.cc
@@ -134,6 +134,12 @@
return der::Input(oid);
}
+der::Input TypeStreetAddressOid() {
+ // street (streetAddress): 2.5.4.9 (RFC 4519)
+ static const uint8_t oid[] = {0x55, 0x04, 0x09};
+ return der::Input(oid);
+}
+
der::Input TypeOrganizationNameOid() {
// id-at-organizationName: 2.5.4.10 (RFC 5280)
static const uint8_t oid[] = {0x55, 0x04, 0x0a};
@@ -176,6 +182,13 @@
return der::Input(oid);
}
+der::Input TypeDomainComponentOid() {
+ // dc (domainComponent): 0.9.2342.19200300.100.1.25 (RFC 4519)
+ static const uint8_t oid[] = {0x09, 0x92, 0x26, 0x89, 0x93,
+ 0xF2, 0x2C, 0x64, 0x01, 0x19};
+ return der::Input(oid);
+}
+
bool X509NameAttribute::ValueAsString(std::string* out) const {
switch (value_tag) {
case der::kTeletexString:
@@ -234,6 +247,7 @@
bool X509NameAttribute::AsRFC2253String(std::string* out) const {
std::string type_string;
std::string value_string;
+ // TODO(mattm): Add streetAddress and domainComponent here?
if (type == TypeCommonNameOid()) {
type_string = "CN";
} else if (type == TypeSurnameOid()) {
diff --git a/net/cert/internal/parse_name.h b/net/cert/internal/parse_name.h
index 26eff265..3a188c6d 100644
--- a/net/cert/internal/parse_name.h
+++ b/net/cert/internal/parse_name.h
@@ -20,6 +20,7 @@
NET_EXPORT der::Input TypeCountryNameOid();
NET_EXPORT der::Input TypeLocalityNameOid();
NET_EXPORT der::Input TypeStateOrProvinceNameOid();
+NET_EXPORT der::Input TypeStreetAddressOid();
NET_EXPORT der::Input TypeOrganizationNameOid();
NET_EXPORT der::Input TypeOrganizationUnitNameOid();
NET_EXPORT der::Input TypeTitleOid();
@@ -27,6 +28,7 @@
NET_EXPORT der::Input TypeGivenNameOid();
NET_EXPORT der::Input TypeInitialsOid();
NET_EXPORT der::Input TypeGenerationQualifierOid();
+NET_EXPORT der::Input TypeDomainComponentOid();
// X509NameAttribute contains a representation of a DER-encoded RFC 2253
// "AttributeTypeAndValue".
diff --git a/net/cert/internal/trust_store_mac.cc b/net/cert/internal/trust_store_mac.cc
index a088a32f..ba31ffb 100644
--- a/net/cert/internal/trust_store_mac.cc
+++ b/net/cert/internal/trust_store_mac.cc
@@ -16,8 +16,8 @@
#include "net/cert/internal/parse_name.h"
#include "net/cert/internal/parsed_certificate.h"
#include "net/cert/test_keychain_search_list_mac.h"
-#include "net/cert/x509_certificate.h"
#include "net/cert/x509_util.h"
+#include "net/cert/x509_util_mac.h"
namespace net {
@@ -146,7 +146,7 @@
// |policy_oid|.
TrustStatus IsSecCertificateTrustedForPolicy(SecCertificateRef cert_handle,
const CFStringRef policy_oid) {
- const bool is_self_signed = X509Certificate::IsSelfSigned(cert_handle);
+ const bool is_self_signed = x509_util::IsSelfSigned(cert_handle);
// Evaluate trust domains in user, admin, system order. Admin settings can
// override system ones, and user settings can override both admin and system.
for (const auto& trust_domain :
@@ -320,8 +320,8 @@
// There does not appear to be any public API to get the normalized version
// of a Name without creating a SecCertificate.
base::ScopedCFTypeRef<SecCertificateRef> cert_handle(
- X509Certificate::CreateOSCertHandleFromBytes(
- cert->der_cert().AsStringPiece().data(), cert->der_cert().Length()));
+ x509_util::CreateSecCertificateFromBytes(cert->der_cert().UnsafeData(),
+ cert->der_cert().Length()));
if (!cert_handle) {
LOG(ERROR) << "CreateOSCertHandleFromBytes";
return name_data;
diff --git a/net/cert/internal/trust_store_mac_unittest.cc b/net/cert/internal/trust_store_mac_unittest.cc
index 1d1bc49..bba5995 100644
--- a/net/cert/internal/trust_store_mac_unittest.cc
+++ b/net/cert/internal/trust_store_mac_unittest.cc
@@ -18,6 +18,7 @@
#include "net/cert/test_keychain_search_list_mac.h"
#include "net/cert/x509_certificate.h"
#include "net/cert/x509_util.h"
+#include "net/cert/x509_util_mac.h"
#include "net/test/test_data_directory.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
@@ -263,9 +264,8 @@
}
base::ScopedCFTypeRef<SecCertificateRef> cert_handle(
- X509Certificate::CreateOSCertHandleFromBytes(
- cert->der_cert().AsStringPiece().data(),
- cert->der_cert().Length()));
+ x509_util::CreateSecCertificateFromBytes(cert->der_cert().UnsafeData(),
+ cert->der_cert().Length()));
if (!cert_handle) {
ADD_FAILURE() << "CreateOSCertHandleFromBytes " << hash_text;
continue;
