| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_verify_proc_nss.h" | 5 #include "net/base/cert_verify_proc_nss.h" |
| 6 | 6 |
| 7 #include <string> |
| 8 #include <vector> |
| 9 |
| 7 #include <cert.h> | 10 #include <cert.h> |
| 8 #include <nss.h> | 11 #include <nss.h> |
| 9 #include <prerror.h> | 12 #include <prerror.h> |
| 10 #include <secerr.h> | 13 #include <secerr.h> |
| 11 #include <sechash.h> | 14 #include <sechash.h> |
| 12 #include <sslerr.h> | 15 #include <sslerr.h> |
| 13 | 16 |
| 14 #include "base/logging.h" | 17 #include "base/logging.h" |
| 15 #include "crypto/nss_util.h" | 18 #include "crypto/nss_util.h" |
| 16 #include "crypto/scoped_nss_types.h" | 19 #include "crypto/scoped_nss_types.h" |
| (...skipping 573 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 590 CERTPolicyInfo* policy_info = *policy_infos++; | 593 CERTPolicyInfo* policy_info = *policy_infos++; |
| 591 SECOidTag oid_tag = policy_info->oid; | 594 SECOidTag oid_tag = policy_info->oid; |
| 592 if (oid_tag == SEC_OID_UNKNOWN) | 595 if (oid_tag == SEC_OID_UNKNOWN) |
| 593 continue; | 596 continue; |
| 594 if (oid_tag == ev_policy_tag) | 597 if (oid_tag == ev_policy_tag) |
| 595 return true; | 598 return true; |
| 596 } | 599 } |
| 597 return false; | 600 return false; |
| 598 } | 601 } |
| 599 | 602 |
| 600 SHA1Fingerprint CertPublicKeyHash(CERTCertificate* cert) { | 603 Fingerprint CertPublicKeyHash(CERTCertificate* cert) { |
| 601 SHA1Fingerprint hash; | 604 Fingerprint hash; |
| 602 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, hash.data, | 605 hash.tag = FINGERPRINT_SHA1; |
| 606 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, hash.data(), |
| 603 cert->derPublicKey.data, cert->derPublicKey.len); | 607 cert->derPublicKey.data, cert->derPublicKey.len); |
| 604 DCHECK_EQ(rv, SECSuccess); | 608 DCHECK_EQ(rv, SECSuccess); |
| 605 return hash; | 609 return hash; |
| 606 } | 610 } |
| 607 | 611 |
| 608 void AppendPublicKeyHashes(CERTCertList* cert_list, | 612 void AppendPublicKeyHashes(CERTCertList* cert_list, |
| 609 CERTCertificate* root_cert, | 613 CERTCertificate* root_cert, |
| 610 std::vector<SHA1Fingerprint>* hashes) { | 614 std::vector<Fingerprint>* hashes) { |
| 611 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); | 615 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); |
| 612 !CERT_LIST_END(node, cert_list); | 616 !CERT_LIST_END(node, cert_list); |
| 613 node = CERT_LIST_NEXT(node)) { | 617 node = CERT_LIST_NEXT(node)) { |
| 614 hashes->push_back(CertPublicKeyHash(node->cert)); | 618 hashes->push_back(CertPublicKeyHash(node->cert)); |
| 615 } | 619 } |
| 616 if (root_cert) | 620 if (root_cert) |
| 617 hashes->push_back(CertPublicKeyHash(root_cert)); | 621 hashes->push_back(CertPublicKeyHash(root_cert)); |
| 618 } | 622 } |
| 619 | 623 |
| 620 // Studied Mozilla's code (esp. security/manager/ssl/src/nsIdentityChecking.cpp | 624 // Studied Mozilla's code (esp. security/manager/ssl/src/nsIdentityChecking.cpp |
| (...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 772 | 776 |
| 773 if ((flags & X509Certificate::VERIFY_EV_CERT) && | 777 if ((flags & X509Certificate::VERIFY_EV_CERT) && |
| 774 VerifyEV(cert_handle, flags, crl_set)) { | 778 VerifyEV(cert_handle, flags, crl_set)) { |
| 775 verify_result->cert_status |= CERT_STATUS_IS_EV; | 779 verify_result->cert_status |= CERT_STATUS_IS_EV; |
| 776 } | 780 } |
| 777 | 781 |
| 778 return OK; | 782 return OK; |
| 779 } | 783 } |
| 780 | 784 |
| 781 } // namespace net | 785 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10545166:
Support SHA-256 in public key pins for HTTPS. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/