Merge pull request #7917 from voidbridge/feature/expose-cert-chain
Expose whole certificate chain to verify proc
This commit is contained in:
Kevin Sawicki
GitHub
commit
9624bc1403
6 changed files with 58 additions and 0 deletions
|
|
@ -45,8 +45,11 @@ v8::Local<v8::Value> Converter<scoped_refptr<net::X509Certificate>>::ToV8(
|
||||||
std::string encoded_data;
|
std::string encoded_data;
|
||||||
net::X509Certificate::GetPEMEncoded(
|
net::X509Certificate::GetPEMEncoded(
|
||||||
val->os_cert_handle(), &encoded_data);
|
val->os_cert_handle(), &encoded_data);
|
||||||
|
|
||||||
dict.Set("data", encoded_data);
|
dict.Set("data", encoded_data);
|
||||||
|
dict.Set("issuer", val->issuer());
|
||||||
dict.Set("issuerName", val->issuer().GetDisplayName());
|
dict.Set("issuerName", val->issuer().GetDisplayName());
|
||||||
|
dict.Set("subject", val->subject());
|
||||||
dict.Set("subjectName", val->subject().GetDisplayName());
|
dict.Set("subjectName", val->subject().GetDisplayName());
|
||||||
dict.Set("serialNumber", base::HexEncode(val->serial_number().data(),
|
dict.Set("serialNumber", base::HexEncode(val->serial_number().data(),
|
||||||
val->serial_number().size()));
|
val->serial_number().size()));
|
||||||
|
|
@ -56,6 +59,32 @@ v8::Local<v8::Value> Converter<scoped_refptr<net::X509Certificate>>::ToV8(
|
||||||
net::HashValue(
|
net::HashValue(
|
||||||
val->CalculateFingerprint256(val->os_cert_handle())).ToString());
|
val->CalculateFingerprint256(val->os_cert_handle())).ToString());
|
||||||
|
|
||||||
|
if (!val->GetIntermediateCertificates().empty()) {
|
||||||
|
net::X509Certificate::OSCertHandles issuer_intermediates(
|
||||||
|
val->GetIntermediateCertificates().begin() + 1,
|
||||||
|
val->GetIntermediateCertificates().end());
|
||||||
|
const scoped_refptr<net::X509Certificate>& issuer_cert =
|
||||||
|
net::X509Certificate::CreateFromHandle(
|
||||||
|
val->GetIntermediateCertificates().front(),
|
||||||
|
issuer_intermediates);
|
||||||
|
dict.Set("issuerCert", issuer_cert);
|
||||||
|
}
|
||||||
|
|
||||||
|
return dict.GetHandle();
|
||||||
|
}
|
||||||
|
|
||||||
|
// static
|
||||||
|
v8::Local<v8::Value> Converter<net::CertPrincipal>::ToV8(
|
||||||
|
v8::Isolate* isolate, const net::CertPrincipal& val) {
|
||||||
|
mate::Dictionary dict(isolate, v8::Object::New(isolate));
|
||||||
|
|
||||||
|
dict.Set("commonName", val.common_name);
|
||||||
|
dict.Set("organizations", val.organization_names);
|
||||||
|
dict.Set("organizationUnits", val.organization_unit_names);
|
||||||
|
dict.Set("locality", val.locality_name);
|
||||||
|
dict.Set("state", val.state_or_province_name);
|
||||||
|
dict.Set("country", val.country_name);
|
||||||
|
|
||||||
return dict.GetHandle();
|
return dict.GetHandle();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,7 @@ class AuthChallengeInfo;
|
||||||
class URLRequest;
|
class URLRequest;
|
||||||
class X509Certificate;
|
class X509Certificate;
|
||||||
class HttpResponseHeaders;
|
class HttpResponseHeaders;
|
||||||
|
struct CertPrincipal;
|
||||||
}
|
}
|
||||||
|
|
||||||
namespace mate {
|
namespace mate {
|
||||||
|
|
@ -34,6 +35,12 @@ struct Converter<scoped_refptr<net::X509Certificate>> {
|
||||||
const scoped_refptr<net::X509Certificate>& val);
|
const scoped_refptr<net::X509Certificate>& val);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
template<>
|
||||||
|
struct Converter<net::CertPrincipal> {
|
||||||
|
static v8::Local<v8::Value> ToV8(v8::Isolate* isolate,
|
||||||
|
const net::CertPrincipal& val);
|
||||||
|
};
|
||||||
|
|
||||||
template <>
|
template <>
|
||||||
struct Converter<net::HttpResponseHeaders*> {
|
struct Converter<net::HttpResponseHeaders*> {
|
||||||
static v8::Local<v8::Value> ToV8(v8::Isolate* isolate,
|
static v8::Local<v8::Value> ToV8(v8::Isolate* isolate,
|
||||||
|
|
|
||||||
8
docs/api/structures/certificate-principal.md
Normal file
8
docs/api/structures/certificate-principal.md
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
# CertificatePrincipal Object
|
||||||
|
|
||||||
|
* `commonName` String - Common Name
|
||||||
|
* `organizations` String[] - Organization names
|
||||||
|
* `organizationUnits` String[] - Organization Unit names
|
||||||
|
* `locality` String - Locality
|
||||||
|
* `state` String - State or province
|
||||||
|
* `country` String - Country or region
|
||||||
|
|
@ -1,7 +1,10 @@
|
||||||
# Certificate Object
|
# Certificate Object
|
||||||
|
|
||||||
* `data` String - PEM encoded data
|
* `data` String - PEM encoded data
|
||||||
|
* `issuer` [CertificatePrincipal](structures/certificate-principal.md) - Issuer principal
|
||||||
* `issuerName` String - Issuer's Common Name
|
* `issuerName` String - Issuer's Common Name
|
||||||
|
* `issuerCert` Certificate - Issuer certificate (if not self-signed)
|
||||||
|
* `subject` [CertificatePrincipal](structures/certificate-principal.md) - Subject principal
|
||||||
* `subjectName` String - Subject's Common Name
|
* `subjectName` String - Subject's Common Name
|
||||||
* `serialNumber` String - Hex value represented string
|
* `serialNumber` String - Hex value represented string
|
||||||
* `validStart` Number - Start date of the certificate being valid in seconds
|
* `validStart` Number - Start date of the certificate being valid in seconds
|
||||||
|
|
|
||||||
|
|
@ -207,6 +207,9 @@ describe('app module', function () {
|
||||||
app.on('select-client-certificate', function (event, webContents, url, list, callback) {
|
app.on('select-client-certificate', function (event, webContents, url, list, callback) {
|
||||||
assert.equal(list.length, 1)
|
assert.equal(list.length, 1)
|
||||||
assert.equal(list[0].issuerName, 'Intermediate CA')
|
assert.equal(list[0].issuerName, 'Intermediate CA')
|
||||||
|
assert.equal(list[0].subjectName, 'Client Cert')
|
||||||
|
assert.equal(list[0].issuer.commonName, 'Intermediate CA')
|
||||||
|
assert.equal(list[0].subject.commonName, 'Client Cert')
|
||||||
callback(list[0])
|
callback(list[0])
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -553,6 +553,14 @@ describe('session module', function () {
|
||||||
session.defaultSession.setCertificateVerifyProc(function (hostname, certificate, callback) {
|
session.defaultSession.setCertificateVerifyProc(function (hostname, certificate, callback) {
|
||||||
assert.equal(hostname, '127.0.0.1')
|
assert.equal(hostname, '127.0.0.1')
|
||||||
assert.equal(certificate.issuerName, 'Intermediate CA')
|
assert.equal(certificate.issuerName, 'Intermediate CA')
|
||||||
|
assert.equal(certificate.subjectName, 'localhost')
|
||||||
|
assert.equal(certificate.issuer.commonName, 'Intermediate CA')
|
||||||
|
assert.equal(certificate.subject.commonName, 'localhost')
|
||||||
|
assert.equal(certificate.issuerCert.issuer.commonName, 'Root CA')
|
||||||
|
assert.equal(certificate.issuerCert.subject.commonName, 'Intermediate CA')
|
||||||
|
assert.equal(certificate.issuerCert.issuerCert.issuer.commonName, 'Root CA')
|
||||||
|
assert.equal(certificate.issuerCert.issuerCert.subject.commonName, 'Root CA')
|
||||||
|
assert.equal(certificate.issuerCert.issuerCert.issuerCert, undefined)
|
||||||
callback(false)
|
callback(false)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue