Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(146)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/cert_verify_proc_win.cc

Issue 10545166: Support SHA-256 in public key pins for HTTPS. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/cert_verify_proc_unittest.cc ('k') | net/base/cert_verify_result.h » ('j') | net/base/x509_cert_types.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/cert_verify_proc_win.h" 5 #include "net/base/cert_verify_proc_win.h"
6 6
7 #include "base/memory/scoped_ptr.h" 7 #include "base/memory/scoped_ptr.h"
8 #include "base/sha1.h" 8 #include "base/sha1.h"
9 #include "base/string_util.h" 9 #include "base/string_util.h"
10 #include "base/utf_string_conversions.h" 10 #include "base/utf_string_conversions.h"
(...skipping 423 matching lines...) Expand 10 before | Expand all | Expand 10 after
434 default: 434 default:
435 NOTREACHED(); 435 NOTREACHED();
436 continue; 436 continue;
437 } 437 }
438 } 438 }
439 439
440 return true; 440 return true;
441 } 441 }
442 442
443 void AppendPublicKeyHashes(PCCERT_CHAIN_CONTEXT chain, 443 void AppendPublicKeyHashes(PCCERT_CHAIN_CONTEXT chain,
444 std::vector<SHA1Fingerprint>* hashes) { 444 std::vector<Fingerprint>* hashes) {
445 if (chain->cChain == 0) 445 if (chain->cChain == 0)
446 return; 446 return;
447 447
448 PCERT_SIMPLE_CHAIN first_chain = chain->rgpChain[0]; 448 PCERT_SIMPLE_CHAIN first_chain = chain->rgpChain[0];
449 PCERT_CHAIN_ELEMENT* const element = first_chain->rgpElement; 449 PCERT_CHAIN_ELEMENT* const element = first_chain->rgpElement;
450 450
451 const DWORD num_elements = first_chain->cElement; 451 const DWORD num_elements = first_chain->cElement;
452 for (DWORD i = 0; i < num_elements; i++) { 452 for (DWORD i = 0; i < num_elements; i++) {
453 PCCERT_CONTEXT cert = element[i]->pCertContext; 453 PCCERT_CONTEXT cert = element[i]->pCertContext;
454 454
455 base::StringPiece der_bytes( 455 base::StringPiece der_bytes(
456 reinterpret_cast<const char*>(cert->pbCertEncoded), 456 reinterpret_cast<const char*>(cert->pbCertEncoded),
457 cert->cbCertEncoded); 457 cert->cbCertEncoded);
458 base::StringPiece spki_bytes; 458 base::StringPiece spki_bytes;
459 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) 459 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes))
460 continue; 460 continue;
461 461
462 SHA1Fingerprint hash; 462 Fingerprint hash;
463 hash.tag = FINGERPRINT_SHA1;
463 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()), 464 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()),
464 spki_bytes.size(), hash.data); 465 spki_bytes.size(), hash.data());
465 hashes->push_back(hash); 466 hashes->push_back(hash);
466 } 467 }
467 } 468 }
468 469
469 // Returns true if the certificate is an extended-validation certificate. 470 // Returns true if the certificate is an extended-validation certificate.
470 // 471 //
471 // This function checks the certificatePolicies extensions of the 472 // This function checks the certificatePolicies extensions of the
472 // certificates in the certificate chain according to Section 7 (pp. 11-12) 473 // certificates in the certificate chain according to Section 7 (pp. 11-12)
473 // of the EV Certificate Guidelines Version 1.0 at 474 // of the EV Certificate Guidelines Version 1.0 at
474 // http://cabforum.org/EV_Certificate_Guidelines.pdf. 475 // http://cabforum.org/EV_Certificate_Guidelines.pdf.
(...skipping 258 matching lines...) Expand 10 before | Expand all | Expand 10 after
733 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(chain_context); 734 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(chain_context);
734 735
735 if (ev_policy_oid && 736 if (ev_policy_oid &&
736 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) { 737 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) {
737 verify_result->cert_status |= CERT_STATUS_IS_EV; 738 verify_result->cert_status |= CERT_STATUS_IS_EV;
738 } 739 }
739 return OK; 740 return OK;
740 } 741 }
741 742
742 } // namespace net 743 } // namespace net
OLDNEW
« no previous file with comments | « net/base/cert_verify_proc_unittest.cc ('k') | net/base/cert_verify_result.h » ('j') | net/base/x509_cert_types.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698