| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_verify_proc_openssl.h" | 5 #include "net/base/cert_verify_proc_openssl.h" |
| 6 | 6 |
| 7 #include <openssl/x509v3.h> | 7 #include <openssl/x509v3.h> |
| 8 | 8 |
| 9 #include <string> |
| 10 #include <vector> |
| 11 |
| 9 #include "base/logging.h" | 12 #include "base/logging.h" |
| 10 #include "base/sha1.h" | 13 #include "base/sha1.h" |
| 11 #include "crypto/openssl_util.h" | 14 #include "crypto/openssl_util.h" |
| 15 #include "crypto/sha2.h" |
| 12 #include "net/base/asn1_util.h" | 16 #include "net/base/asn1_util.h" |
| 13 #include "net/base/cert_status_flags.h" | 17 #include "net/base/cert_status_flags.h" |
| 14 #include "net/base/cert_verify_result.h" | 18 #include "net/base/cert_verify_result.h" |
| 15 #include "net/base/net_errors.h" | 19 #include "net/base/net_errors.h" |
| 16 #include "net/base/x509_certificate.h" | 20 #include "net/base/x509_certificate.h" |
| 17 | 21 |
| 18 #if defined(OS_ANDROID) | 22 #if defined(OS_ANDROID) |
| 19 #include "net/android/network_library.h" | 23 #include "net/android/network_library.h" |
| 20 #endif | 24 #endif |
| 21 | 25 |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 124 } | 128 } |
| 125 } | 129 } |
| 126 | 130 |
| 127 if (verified_cert) { | 131 if (verified_cert) { |
| 128 verify_result->verified_cert = | 132 verify_result->verified_cert = |
| 129 X509Certificate::CreateFromHandle(verified_cert, verified_chain); | 133 X509Certificate::CreateFromHandle(verified_cert, verified_chain); |
| 130 } | 134 } |
| 131 } | 135 } |
| 132 | 136 |
| 133 void AppendPublicKeyHashes(X509_STORE_CTX* store_ctx, | 137 void AppendPublicKeyHashes(X509_STORE_CTX* store_ctx, |
| 134 std::vector<SHA1Fingerprint>* hashes) { | 138 std::vector<HashValueVector>* hashes) { |
| 135 STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store_ctx); | 139 STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store_ctx); |
| 136 for (int i = 0; i < sk_X509_num(chain); ++i) { | 140 for (int i = 0; i < sk_X509_num(chain); ++i) { |
| 137 X509* cert = sk_X509_value(chain, i); | 141 X509* cert = sk_X509_value(chain, i); |
| 138 | 142 |
| 139 std::string der_data; | 143 std::string der_data; |
| 140 if (!X509Certificate::GetDEREncoded(cert, &der_data)) | 144 if (!X509Certificate::GetDEREncoded(cert, &der_data)) |
| 141 continue; | 145 continue; |
| 142 | 146 |
| 143 base::StringPiece der_bytes(der_data); | 147 base::StringPiece der_bytes(der_data); |
| 144 base::StringPiece spki_bytes; | 148 base::StringPiece spki_bytes; |
| 145 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) | 149 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) |
| 146 continue; | 150 continue; |
| 147 | 151 |
| 148 SHA1Fingerprint hash; | 152 HashValue sha1; |
| 153 sha1.tag = HASH_VALUE_SHA1; |
| 149 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()), | 154 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()), |
| 150 spki_bytes.size(), hash.data); | 155 spki_bytes.size(), sha1.data()); |
| 151 hashes->push_back(hash); | 156 (*hashes)[HASH_VALUE_SHA1].push_back(sha1); |
| 157 |
| 158 HashValue sha256; |
| 159 sha256.tag = HASH_VALUE_SHA256; |
| 160 crypto::SHA256HashString(spki_bytes, sha1.data(), crypto::kSHA256Length); |
| 161 (*hashes)[HASH_VALUE_SHA256].push_back(sha256); |
| 152 } | 162 } |
| 153 } | 163 } |
| 154 | 164 |
| 155 #if defined(OS_ANDROID) | 165 #if defined(OS_ANDROID) |
| 156 // Returns true if we have verification result in |verify_result| from Android | 166 // Returns true if we have verification result in |verify_result| from Android |
| 157 // Trust Manager. Otherwise returns false. | 167 // Trust Manager. Otherwise returns false. |
| 158 bool VerifyFromAndroidTrustManager(const std::vector<std::string>& cert_bytes, | 168 bool VerifyFromAndroidTrustManager(const std::vector<std::string>& cert_bytes, |
| 159 CertVerifyResult* verify_result) { | 169 CertVerifyResult* verify_result) { |
| 160 // TODO(joth): Fetch the authentication type from SSL rather than hardcode. | 170 // TODO(joth): Fetch the authentication type from SSL rather than hardcode. |
| 161 bool verified = true; | 171 bool verified = true; |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 268 // TODO(joth): if the motivations described in | 278 // TODO(joth): if the motivations described in |
| 269 // http://src.chromium.org/viewvc/chrome?view=rev&revision=80778 become an | 279 // http://src.chromium.org/viewvc/chrome?view=rev&revision=80778 become an |
| 270 // issue on OpenSSL builds, we will need to embed a hardcoded list of well | 280 // issue on OpenSSL builds, we will need to embed a hardcoded list of well |
| 271 // known root CAs, as per the _mac and _win versions. | 281 // known root CAs, as per the _mac and _win versions. |
| 272 verify_result->is_issued_by_known_root = true; | 282 verify_result->is_issued_by_known_root = true; |
| 273 | 283 |
| 274 return OK; | 284 return OK; |
| 275 } | 285 } |
| 276 | 286 |
| 277 } // namespace net | 287 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10826257:
Implement SHA-256 fingerprint support (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/