| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_verify_proc_openssl.h" | 5 #include "net/base/cert_verify_proc_openssl.h" |
| 6 | 6 |
| 7 #include <openssl/x509v3.h> | 7 #include <openssl/x509v3.h> |
| 8 | 8 |
| 9 #include <string> | |
| 10 #include <vector> | |
| 11 | |
| 12 #include "base/logging.h" | 9 #include "base/logging.h" |
| 13 #include "base/sha1.h" | 10 #include "base/sha1.h" |
| 14 #include "crypto/openssl_util.h" | 11 #include "crypto/openssl_util.h" |
| 15 #include "crypto/sha2.h" | |
| 16 #include "net/base/asn1_util.h" | 12 #include "net/base/asn1_util.h" |
| 17 #include "net/base/cert_status_flags.h" | 13 #include "net/base/cert_status_flags.h" |
| 18 #include "net/base/cert_verify_result.h" | 14 #include "net/base/cert_verify_result.h" |
| 19 #include "net/base/net_errors.h" | 15 #include "net/base/net_errors.h" |
| 20 #include "net/base/x509_certificate.h" | 16 #include "net/base/x509_certificate.h" |
| 21 | 17 |
| 22 #if defined(OS_ANDROID) | 18 #if defined(OS_ANDROID) |
| 23 #include "net/android/network_library.h" | 19 #include "net/android/network_library.h" |
| 24 #endif | 20 #endif |
| 25 | 21 |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 129 } | 125 } |
| 130 } | 126 } |
| 131 | 127 |
| 132 if (verified_cert) { | 128 if (verified_cert) { |
| 133 verify_result->verified_cert = | 129 verify_result->verified_cert = |
| 134 X509Certificate::CreateFromHandle(verified_cert, verified_chain); | 130 X509Certificate::CreateFromHandle(verified_cert, verified_chain); |
| 135 } | 131 } |
| 136 } | 132 } |
| 137 | 133 |
| 138 void AppendPublicKeyHashes(X509_STORE_CTX* store_ctx, | 134 void AppendPublicKeyHashes(X509_STORE_CTX* store_ctx, |
| 139 std::vector<HashValueVector>* hashes) { | 135 std::vector<SHA1Fingerprint>* hashes) { |
| 140 STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store_ctx); | 136 STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store_ctx); |
| 141 for (int i = 0; i < sk_X509_num(chain); ++i) { | 137 for (int i = 0; i < sk_X509_num(chain); ++i) { |
| 142 X509* cert = sk_X509_value(chain, i); | 138 X509* cert = sk_X509_value(chain, i); |
| 143 | 139 |
| 144 std::string der_data; | 140 std::string der_data; |
| 145 if (!X509Certificate::GetDEREncoded(cert, &der_data)) | 141 if (!X509Certificate::GetDEREncoded(cert, &der_data)) |
| 146 continue; | 142 continue; |
| 147 | 143 |
| 148 base::StringPiece der_bytes(der_data); | 144 base::StringPiece der_bytes(der_data); |
| 149 base::StringPiece spki_bytes; | 145 base::StringPiece spki_bytes; |
| 150 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) | 146 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) |
| 151 continue; | 147 continue; |
| 152 | 148 |
| 153 HashValue sha1; | 149 SHA1Fingerprint hash; |
| 154 sha1.tag = HASH_VALUE_SHA1; | |
| 155 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()), | 150 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()), |
| 156 spki_bytes.size(), sha1.data()); | 151 spki_bytes.size(), hash.data); |
| 157 (*hashes)[HASH_VALUE_SHA1].push_back(sha1); | 152 hashes->push_back(hash); |
| 158 | |
| 159 HashValue sha256; | |
| 160 sha256.tag = HASH_VALUE_SHA256; | |
| 161 crypto::SHA256HashString(spki_bytes, sha1.data(), crypto::kSHA256Length); | |
| 162 (*hashes)[HASH_VALUE_SHA256].push_back(sha256); | |
| 163 } | 153 } |
| 164 } | 154 } |
| 165 | 155 |
| 166 #if defined(OS_ANDROID) | 156 #if defined(OS_ANDROID) |
| 167 // Returns true if we have verification result in |verify_result| from Android | 157 // Returns true if we have verification result in |verify_result| from Android |
| 168 // Trust Manager. Otherwise returns false. | 158 // Trust Manager. Otherwise returns false. |
| 169 bool VerifyFromAndroidTrustManager(const std::vector<std::string>& cert_bytes, | 159 bool VerifyFromAndroidTrustManager(const std::vector<std::string>& cert_bytes, |
| 170 CertVerifyResult* verify_result) { | 160 CertVerifyResult* verify_result) { |
| 171 // TODO(joth): Fetch the authentication type from SSL rather than hardcode. | 161 // TODO(joth): Fetch the authentication type from SSL rather than hardcode. |
| 172 bool verified = true; | 162 bool verified = true; |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 279 // TODO(joth): if the motivations described in | 269 // TODO(joth): if the motivations described in |
| 280 // http://src.chromium.org/viewvc/chrome?view=rev&revision=80778 become an | 270 // http://src.chromium.org/viewvc/chrome?view=rev&revision=80778 become an |
| 281 // issue on OpenSSL builds, we will need to embed a hardcoded list of well | 271 // issue on OpenSSL builds, we will need to embed a hardcoded list of well |
| 282 // known root CAs, as per the _mac and _win versions. | 272 // known root CAs, as per the _mac and _win versions. |
| 283 verify_result->is_issued_by_known_root = true; | 273 verify_result->is_issued_by_known_root = true; |
| 284 | 274 |
| 285 return OK; | 275 return OK; |
| 286 } | 276 } |
| 287 | 277 |
| 288 } // namespace net | 278 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10827104:
Revert 149261 - Support SHA-256 in public key pins for HTTPS. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/