OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/cert_verify_proc.h" | 5 #include "net/base/cert_verify_proc.h" |
6 | 6 |
7 #include "base/metrics/histogram.h" | 7 #include "base/metrics/histogram.h" |
8 #include "base/sha1.h" | 8 #include "base/sha1.h" |
9 #include "build/build_config.h" | 9 #include "build/build_config.h" |
10 #include "net/base/cert_status_flags.h" | 10 #include "net/base/cert_status_flags.h" |
(...skipping 199 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
210 arraysize(kComodoSerials) + 1); | 210 arraysize(kComodoSerials) + 1); |
211 return true; | 211 return true; |
212 } | 212 } |
213 } | 213 } |
214 } | 214 } |
215 | 215 |
216 return false; | 216 return false; |
217 } | 217 } |
218 | 218 |
219 // static | 219 // static |
| 220 // NOTE: This implementation assumes and enforces that the hashes are SHA1. |
220 bool CertVerifyProc::IsPublicKeyBlacklisted( | 221 bool CertVerifyProc::IsPublicKeyBlacklisted( |
221 const std::vector<SHA1Fingerprint>& public_key_hashes) { | 222 const std::vector<HashValueVector>& public_key_hashes) { |
222 static const unsigned kNumHashes = 9; | 223 static const unsigned kNumHashes = 9; |
223 static const uint8 kHashes[kNumHashes][base::kSHA1Length] = { | 224 static const uint8 kHashes[kNumHashes][base::kSHA1Length] = { |
224 // Subject: CN=DigiNotar Root CA | 225 // Subject: CN=DigiNotar Root CA |
225 // Issuer: CN=Entrust.net x2 and self-signed | 226 // Issuer: CN=Entrust.net x2 and self-signed |
226 {0x41, 0x0f, 0x36, 0x36, 0x32, 0x58, 0xf3, 0x0b, 0x34, 0x7d, | 227 {0x41, 0x0f, 0x36, 0x36, 0x32, 0x58, 0xf3, 0x0b, 0x34, 0x7d, |
227 0x12, 0xce, 0x48, 0x63, 0xe4, 0x33, 0x43, 0x78, 0x06, 0xa8}, | 228 0x12, 0xce, 0x48, 0x63, 0xe4, 0x33, 0x43, 0x78, 0x06, 0xa8}, |
228 // Subject: CN=DigiNotar Cyber CA | 229 // Subject: CN=DigiNotar Cyber CA |
229 // Issuer: CN=GTE CyberTrust Global Root | 230 // Issuer: CN=GTE CyberTrust Global Root |
230 {0xc4, 0xf9, 0x66, 0x37, 0x16, 0xcd, 0x5e, 0x71, 0xd6, 0x95, | 231 {0xc4, 0xf9, 0x66, 0x37, 0x16, 0xcd, 0x5e, 0x71, 0xd6, 0x95, |
231 0x0b, 0x5f, 0x33, 0xce, 0x04, 0x1c, 0x95, 0xb4, 0x35, 0xd1}, | 232 0x0b, 0x5f, 0x33, 0xce, 0x04, 0x1c, 0x95, 0xb4, 0x35, 0xd1}, |
(...skipping 24 matching lines...) Expand all Loading... |
256 // 2021 GMT. | 257 // 2021 GMT. |
257 {0xe1, 0x2d, 0x89, 0xf5, 0x6d, 0x22, 0x76, 0xf8, 0x30, 0xe6, | 258 {0xe1, 0x2d, 0x89, 0xf5, 0x6d, 0x22, 0x76, 0xf8, 0x30, 0xe6, |
258 0xce, 0xaf, 0xa6, 0x6c, 0x72, 0x5c, 0x0b, 0x41, 0xa9, 0x32}, | 259 0xce, 0xaf, 0xa6, 0x6c, 0x72, 0x5c, 0x0b, 0x41, 0xa9, 0x32}, |
259 // Cyberoam CA certificate. Private key leaked, but this certificate would | 260 // Cyberoam CA certificate. Private key leaked, but this certificate would |
260 // only have been installed by Cyberoam customers. The certificate expires | 261 // only have been installed by Cyberoam customers. The certificate expires |
261 // in 2036, but we can probably remove in a couple of years (2014). | 262 // in 2036, but we can probably remove in a couple of years (2014). |
262 {0xd9, 0xf5, 0xc6, 0xce, 0x57, 0xff, 0xaa, 0x39, 0xcc, 0x7e, | 263 {0xd9, 0xf5, 0xc6, 0xce, 0x57, 0xff, 0xaa, 0x39, 0xcc, 0x7e, |
263 0xd1, 0x72, 0xbd, 0x53, 0xe0, 0xd3, 0x07, 0x83, 0x4b, 0xd1}, | 264 0xd1, 0x72, 0xbd, 0x53, 0xe0, 0xd3, 0x07, 0x83, 0x4b, 0xd1}, |
264 }; | 265 }; |
265 | 266 |
| 267 const HashValueVector& sha1_hashes = public_key_hashes[HASH_VALUE_SHA1]; |
266 for (unsigned i = 0; i < kNumHashes; i++) { | 268 for (unsigned i = 0; i < kNumHashes; i++) { |
267 for (std::vector<SHA1Fingerprint>::const_iterator | 269 for (HashValueVector::const_iterator j = sha1_hashes.begin(); |
268 j = public_key_hashes.begin(); j != public_key_hashes.end(); ++j) { | 270 j != sha1_hashes.end(); ++j) { |
269 if (memcmp(j->data, kHashes[i], base::kSHA1Length) == 0) | 271 if (j->tag == HASH_VALUE_SHA1 && |
| 272 memcmp(j->data(), kHashes[i], base::kSHA1Length) == 0) { |
270 return true; | 273 return true; |
| 274 } |
271 } | 275 } |
272 } | 276 } |
273 | 277 |
274 return false; | 278 return false; |
275 } | 279 } |
276 | 280 |
277 } // namespace net | 281 } // namespace net |
OLD | NEW |