• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2010 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/cert/pem.h"
6 
7 #include "base/base64.h"
8 #include "base/strings/string_piece.h"
9 #include "base/strings/string_util.h"
10 #include "base/strings/stringprintf.h"
11 
12 namespace {
13 
14 const char kPEMSearchBlock[] = "-----BEGIN ";
15 const char kPEMBeginBlock[] = "-----BEGIN %s-----";
16 const char kPEMEndBlock[] = "-----END %s-----";
17 
18 }  // namespace
19 
20 namespace net {
21 
22 using base::StringPiece;
23 
24 struct PEMTokenizer::PEMType {
25   std::string type;
26   std::string header;
27   std::string footer;
28 };
29 
PEMTokenizer(StringPiece str,const std::vector<std::string> & allowed_block_types)30 PEMTokenizer::PEMTokenizer(
31     StringPiece str,
32     const std::vector<std::string>& allowed_block_types) {
33   Init(str, allowed_block_types);
34 }
35 
36 PEMTokenizer::~PEMTokenizer() = default;
37 
GetNext()38 bool PEMTokenizer::GetNext() {
39   while (pos_ != StringPiece::npos) {
40     // Scan for the beginning of the next PEM encoded block.
41     pos_ = str_.find(kPEMSearchBlock, pos_);
42     if (pos_ == StringPiece::npos)
43       return false;  // No more PEM blocks
44 
45     std::vector<PEMType>::const_iterator it;
46     // Check to see if it is of an acceptable block type.
47     for (it = block_types_.begin(); it != block_types_.end(); ++it) {
48       if (!base::StartsWith(str_.substr(pos_), it->header))
49         continue;
50 
51       // Look for a footer matching the header. If none is found, then all
52       // data following this point is invalid and should not be parsed.
53       StringPiece::size_type footer_pos = str_.find(it->footer, pos_);
54       if (footer_pos == StringPiece::npos) {
55         pos_ = StringPiece::npos;
56         return false;
57       }
58 
59       // Chop off the header and footer and parse the data in between.
60       StringPiece::size_type data_begin = pos_ + it->header.size();
61       pos_ = footer_pos + it->footer.size();
62       block_type_ = it->type;
63 
64       StringPiece encoded = str_.substr(data_begin, footer_pos - data_begin);
65       if (!base::Base64Decode(base::CollapseWhitespaceASCII(encoded, true),
66                               &data_)) {
67         // The most likely cause for a decode failure is a datatype that
68         // includes PEM headers, which are not supported.
69         break;
70       }
71 
72       return true;
73     }
74 
75     // If the block did not match any acceptable type, move past it and
76     // continue the search. Otherwise, |pos_| has been updated to the most
77     // appropriate search position to continue searching from and should not
78     // be adjusted.
79     if (it == block_types_.end())
80       pos_ += sizeof(kPEMSearchBlock);
81   }
82 
83   return false;
84 }
85 
Init(StringPiece str,const std::vector<std::string> & allowed_block_types)86 void PEMTokenizer::Init(StringPiece str,
87                         const std::vector<std::string>& allowed_block_types) {
88   str_ = str;
89   pos_ = 0;
90 
91   // Construct PEM header/footer strings for all the accepted types, to
92   // reduce parsing later.
93   for (const auto& allowed_block_type : allowed_block_types) {
94     PEMType allowed_type;
95     allowed_type.type = allowed_block_type;
96     allowed_type.header =
97         base::StringPrintf(kPEMBeginBlock, allowed_block_type.c_str());
98     allowed_type.footer =
99         base::StringPrintf(kPEMEndBlock, allowed_block_type.c_str());
100     block_types_.push_back(allowed_type);
101   }
102 }
103 
PEMEncode(base::StringPiece data,const std::string & type)104 std::string PEMEncode(base::StringPiece data, const std::string& type) {
105   std::string b64_encoded;
106   base::Base64Encode(data, &b64_encoded);
107 
108   // Divide the Base-64 encoded data into 64-character chunks, as per
109   // 4.3.2.4 of RFC 1421.
110   static const size_t kChunkSize = 64;
111   size_t chunks = (b64_encoded.size() + (kChunkSize - 1)) / kChunkSize;
112 
113   std::string pem_encoded;
114   pem_encoded.reserve(
115       // header & footer
116       17 + 15 + type.size() * 2 +
117       // encoded data
118       b64_encoded.size() +
119       // newline characters for line wrapping in encoded data
120       chunks);
121 
122   pem_encoded = "-----BEGIN ";
123   pem_encoded.append(type);
124   pem_encoded.append("-----\n");
125 
126   for (size_t i = 0, chunk_offset = 0; i < chunks;
127        ++i, chunk_offset += kChunkSize) {
128     pem_encoded.append(b64_encoded, chunk_offset, kChunkSize);
129     pem_encoded.append("\n");
130   }
131 
132   pem_encoded.append("-----END ");
133   pem_encoded.append(type);
134   pem_encoded.append("-----\n");
135   return pem_encoded;
136 }
137 
138 }  // namespace net
139