Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(58)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/cert_verify_proc_mac.cc

Issue 10545166: Support SHA-256 in public key pins for HTTPS. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/cert_verify_proc.cc ('k') | net/base/cert_verify_proc_nss.cc » ('j') | net/base/x509_cert_types.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/cert_verify_proc_mac.h" 5 #include "net/base/cert_verify_proc_mac.h"
6 6
7 #include <CommonCrypto/CommonDigest.h> 7 #include <CommonCrypto/CommonDigest.h>
8 #include <CoreServices/CoreServices.h> 8 #include <CoreServices/CoreServices.h>
9 #include <Security/Security.h> 9 #include <Security/Security.h>
10 10
(...skipping 213 matching lines...) Expand 10 before | Expand all | Expand 10 after
224 } 224 }
225 } 225 }
226 if (!verified_cert) 226 if (!verified_cert)
227 return; 227 return;
228 228
229 verify_result->verified_cert = 229 verify_result->verified_cert =
230 X509Certificate::CreateFromHandle(verified_cert, verified_chain); 230 X509Certificate::CreateFromHandle(verified_cert, verified_chain);
231 } 231 }
232 232
233 void AppendPublicKeyHashes(CFArrayRef chain, 233 void AppendPublicKeyHashes(CFArrayRef chain,
234 std::vector<SHA1Fingerprint>* hashes) { 234 std::vector<Fingerprint>* hashes) {
235 const CFIndex n = CFArrayGetCount(chain); 235 const CFIndex n = CFArrayGetCount(chain);
236 for (CFIndex i = 0; i < n; i++) { 236 for (CFIndex i = 0; i < n; i++) {
237 SecCertificateRef cert = reinterpret_cast<SecCertificateRef>( 237 SecCertificateRef cert = reinterpret_cast<SecCertificateRef>(
238 const_cast<void*>(CFArrayGetValueAtIndex(chain, i))); 238 const_cast<void*>(CFArrayGetValueAtIndex(chain, i)));
239 239
240 CSSM_DATA cert_data; 240 CSSM_DATA cert_data;
241 OSStatus err = SecCertificateGetData(cert, &cert_data); 241 OSStatus err = SecCertificateGetData(cert, &cert_data);
242 DCHECK_EQ(err, noErr); 242 DCHECK_EQ(err, noErr);
243 base::StringPiece der_bytes(reinterpret_cast<const char*>(cert_data.Data), 243 base::StringPiece der_bytes(reinterpret_cast<const char*>(cert_data.Data),
244 cert_data.Length); 244 cert_data.Length);
245 base::StringPiece spki_bytes; 245 base::StringPiece spki_bytes;
246 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) 246 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes))
247 continue; 247 continue;
248 248
249 SHA1Fingerprint hash; 249 Fingerprint hash;
250 CC_SHA1(spki_bytes.data(), spki_bytes.size(), hash.data); 250 hash.tag = FINGERPRINT_SHA1;
251 CC_SHA1(spki_bytes.data(), spki_bytes.size(), hash.data());
251 hashes->push_back(hash); 252 hashes->push_back(hash);
252 } 253 }
253 } 254 }
254 255
255 bool CheckRevocationWithCRLSet(CFArrayRef chain, CRLSet* crl_set) { 256 bool CheckRevocationWithCRLSet(CFArrayRef chain, CRLSet* crl_set) {
256 if (CFArrayGetCount(chain) == 0) 257 if (CFArrayGetCount(chain) == 0)
257 return true; 258 return true;
258 259
259 // We iterate from the root certificate down to the leaf, keeping track of 260 // We iterate from the root certificate down to the leaf, keeping track of
260 // the issuer's SPKI at each step. 261 // the issuer's SPKI at each step.
(...skipping 309 matching lines...) Expand 10 before | Expand all | Expand 10 after
570 } 571 }
571 } 572 }
572 573
573 AppendPublicKeyHashes(completed_chain, &verify_result->public_key_hashes); 574 AppendPublicKeyHashes(completed_chain, &verify_result->public_key_hashes);
574 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(completed_chain); 575 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(completed_chain);
575 576
576 return OK; 577 return OK;
577 } 578 }
578 579
579 } // namespace net 580 } // namespace net
OLDNEW
« no previous file with comments | « net/base/cert_verify_proc.cc ('k') | net/base/cert_verify_proc_nss.cc » ('j') | net/base/x509_cert_types.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698