static GTlsCertificateFlags double_check_before_after_dates (GTlsCertificateOpenssl *chain) { GTlsCertificateFlags gtls_flags = 0; X509 *cert; while (chain) { ASN1_TIME *not_before; ASN1_TIME *not_after; cert = g_tls_certificate_openssl_get_cert (chain); not_before = X509_get_notBefore (cert); not_after = X509_get_notAfter (cert); if (X509_cmp_current_time (not_before) > 0) gtls_flags |= G_TLS_CERTIFICATE_NOT_ACTIVATED; if (X509_cmp_current_time (not_after) < 0) gtls_flags |= G_TLS_CERTIFICATE_EXPIRED; chain = G_TLS_CERTIFICATE_OPENSSL (g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (chain))); } return gtls_flags; }
bool ArgumentCoder<CertificateInfo>::decode(ArgumentDecoder& decoder, CertificateInfo& certificateInfo) { bool hasCertificate; if (!decoder.decode(hasCertificate)) return false; if (!hasCertificate) return true; IPC::DataReference certificateDataReference; if (!decoder.decodeVariableLengthByteArray(certificateDataReference)) return false; GByteArray* certificateData = g_byte_array_sized_new(certificateDataReference.size()); certificateData = g_byte_array_append(certificateData, certificateDataReference.data(), certificateDataReference.size()); GRefPtr<GByteArray> certificateBytes = adoptGRef(certificateData); GTlsBackend* backend = g_tls_backend_get_default(); GRefPtr<GTlsCertificate> certificate = adoptGRef(G_TLS_CERTIFICATE(g_initable_new( g_tls_backend_get_certificate_type(backend), 0, 0, "certificate", certificateBytes.get(), nullptr))); certificateInfo.setCertificate(certificate.get()); uint32_t tlsErrors; if (!decoder.decode(tlsErrors)) return false; certificateInfo.setTLSErrors(static_cast<GTlsCertificateFlags>(tlsErrors)); return true; }
bool Coder<WebCore::CertificateInfo>::decode(Decoder& decoder, WebCore::CertificateInfo& certificateInfo) { bool hasCertificate; if (!decoder.decode(hasCertificate)) return false; if (!hasCertificate) return true; uint64_t size = 0; if (!decoder.decode(size)) return false; Vector<uint8_t> vector(size); if (!decoder.decodeFixedLengthData(vector.data(), vector.size())) return false; GByteArray* certificateData = g_byte_array_sized_new(vector.size()); certificateData = g_byte_array_append(certificateData, vector.data(), vector.size()); GRefPtr<GByteArray> certificateBytes = adoptGRef(certificateData); GTlsBackend* backend = g_tls_backend_get_default(); GRefPtr<GTlsCertificate> certificate = adoptGRef(G_TLS_CERTIFICATE(g_initable_new( g_tls_backend_get_certificate_type(backend), 0, 0, "certificate", certificateBytes.get(), nullptr))); certificateInfo.setCertificate(certificate.get()); uint32_t tlsErrors; if (!decoder.decode(tlsErrors)) return false; certificateInfo.setTLSErrors(static_cast<GTlsCertificateFlags>(tlsErrors)); return true; }
static STACK_OF(X509) * convert_certificate_chain_to_openssl (GTlsCertificateOpenssl *chain) { GTlsCertificate *cert; STACK_OF(X509) *openssl_chain; openssl_chain = sk_X509_new_null (); for (cert = G_TLS_CERTIFICATE (chain); cert; cert = g_tls_certificate_get_issuer (cert)) sk_X509_push (openssl_chain, g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (cert))); return openssl_chain; }
static GTlsCertificate * tls_certificate_new_internal (const gchar *certificate_pem, const gchar *private_key_pem, GTlsCertificate *issuer, GError **error) { GObject *cert; GTlsBackend *backend; backend = g_tls_backend_get_default (); cert = g_initable_new (g_tls_backend_get_certificate_type (backend), NULL, error, "certificate-pem", certificate_pem, "private-key-pem", private_key_pem, "issuer", issuer, NULL); return G_TLS_CERTIFICATE (cert); }