| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_verify_proc_openssl.h" | 5 #include "net/base/cert_verify_proc_openssl.h" |
| 6 | 6 |
| 7 #include <openssl/x509v3.h> | 7 #include <openssl/x509v3.h> |
| 8 | 8 |
| 9 #include <string> | |
| 10 #include <vector> | |
| 11 | |
| 12 #include "base/logging.h" | 9 #include "base/logging.h" |
| 13 #include "base/sha1.h" | 10 #include "base/sha1.h" |
| 14 #include "crypto/openssl_util.h" | 11 #include "crypto/openssl_util.h" |
| 15 #include "crypto/sha2.h" | |
| 16 #include "net/base/asn1_util.h" | 12 #include "net/base/asn1_util.h" |
| 17 #include "net/base/cert_status_flags.h" | 13 #include "net/base/cert_status_flags.h" |
| 18 #include "net/base/cert_verify_result.h" | 14 #include "net/base/cert_verify_result.h" |
| 19 #include "net/base/net_errors.h" | 15 #include "net/base/net_errors.h" |
| 20 #include "net/base/x509_certificate.h" | 16 #include "net/base/x509_certificate.h" |
| 21 | 17 |
| 22 #if defined(OS_ANDROID) | 18 #if defined(OS_ANDROID) |
| 23 #include "net/android/network_library.h" | 19 #include "net/android/network_library.h" |
| 24 #endif | 20 #endif |
| 25 | 21 |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 128 } | 124 } |
| 129 } | 125 } |
| 130 | 126 |
| 131 if (verified_cert) { | 127 if (verified_cert) { |
| 132 verify_result->verified_cert = | 128 verify_result->verified_cert = |
| 133 X509Certificate::CreateFromHandle(verified_cert, verified_chain); | 129 X509Certificate::CreateFromHandle(verified_cert, verified_chain); |
| 134 } | 130 } |
| 135 } | 131 } |
| 136 | 132 |
| 137 void AppendPublicKeyHashes(X509_STORE_CTX* store_ctx, | 133 void AppendPublicKeyHashes(X509_STORE_CTX* store_ctx, |
| 138 std::vector<HashValueVector>* hashes) { | 134 std::vector<SHA1Fingerprint>* hashes) { |
| 139 STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store_ctx); | 135 STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store_ctx); |
| 140 for (int i = 0; i < sk_X509_num(chain); ++i) { | 136 for (int i = 0; i < sk_X509_num(chain); ++i) { |
| 141 X509* cert = sk_X509_value(chain, i); | 137 X509* cert = sk_X509_value(chain, i); |
| 142 | 138 |
| 143 std::string der_data; | 139 std::string der_data; |
| 144 if (!X509Certificate::GetDEREncoded(cert, &der_data)) | 140 if (!X509Certificate::GetDEREncoded(cert, &der_data)) |
| 145 continue; | 141 continue; |
| 146 | 142 |
| 147 base::StringPiece der_bytes(der_data); | 143 base::StringPiece der_bytes(der_data); |
| 148 base::StringPiece spki_bytes; | 144 base::StringPiece spki_bytes; |
| 149 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) | 145 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) |
| 150 continue; | 146 continue; |
| 151 | 147 |
| 152 HashValue sha1; | 148 SHA1Fingerprint hash; |
| 153 sha1.tag = HASH_VALUE_SHA1; | |
| 154 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()), | 149 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()), |
| 155 spki_bytes.size(), sha1.data()); | 150 spki_bytes.size(), hash.data); |
| 156 (*hashes)[HASH_VALUE_SHA1].push_back(sha1); | 151 hashes->push_back(hash); |
| 157 | |
| 158 HashValue sha256; | |
| 159 sha256.tag = HASH_VALUE_SHA256; | |
| 160 crypto::SHA256HashString(spki_bytes, sha1.data(), crypto::kSHA256Length); | |
| 161 (*hashes)[HASH_VALUE_SHA256].push_back(sha256); | |
| 162 } | 152 } |
| 163 } | 153 } |
| 164 | 154 |
| 165 #if defined(OS_ANDROID) | 155 #if defined(OS_ANDROID) |
| 166 // Returns true if we have verification result in |verify_result| from Android | 156 // Returns true if we have verification result in |verify_result| from Android |
| 167 // Trust Manager. Otherwise returns false. | 157 // Trust Manager. Otherwise returns false. |
| 168 bool VerifyFromAndroidTrustManager(const std::vector<std::string>& cert_bytes, | 158 bool VerifyFromAndroidTrustManager(const std::vector<std::string>& cert_bytes, |
| 169 CertVerifyResult* verify_result) { | 159 CertVerifyResult* verify_result) { |
| 170 // TODO(joth): Fetch the authentication type from SSL rather than hardcode. | 160 // TODO(joth): Fetch the authentication type from SSL rather than hardcode. |
| 171 bool verified = true; | 161 bool verified = true; |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 278 // TODO(joth): if the motivations described in | 268 // TODO(joth): if the motivations described in |
| 279 // http://src.chromium.org/viewvc/chrome?view=rev&revision=80778 become an | 269 // http://src.chromium.org/viewvc/chrome?view=rev&revision=80778 become an |
| 280 // issue on OpenSSL builds, we will need to embed a hardcoded list of well | 270 // issue on OpenSSL builds, we will need to embed a hardcoded list of well |
| 281 // known root CAs, as per the _mac and _win versions. | 271 // known root CAs, as per the _mac and _win versions. |
| 282 verify_result->is_issued_by_known_root = true; | 272 verify_result->is_issued_by_known_root = true; |
| 283 | 273 |
| 284 return OK; | 274 return OK; |
| 285 } | 275 } |
| 286 | 276 |
| 287 } // namespace net | 277 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10836150:
Revert 150375 - Implement SHA-256 fingerprint support (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/