| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <cryptohi.h> | 8 #include <cryptohi.h> |
| 9 #include <keyhi.h> | 9 #include <keyhi.h> |
| 10 #include <nss.h> | 10 #include <nss.h> |
| (...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 145 CERT_DestroyCertificate(cert); | 145 CERT_DestroyCertificate(cert); |
| 146 return x509_cert; | 146 return x509_cert; |
| 147 } | 147 } |
| 148 | 148 |
| 149 void X509Certificate::GetSubjectAltName( | 149 void X509Certificate::GetSubjectAltName( |
| 150 std::vector<std::string>* dns_names, | 150 std::vector<std::string>* dns_names, |
| 151 std::vector<std::string>* ip_addrs) const { | 151 std::vector<std::string>* ip_addrs) const { |
| 152 x509_util::GetSubjectAltName(cert_handle_, dns_names, ip_addrs); | 152 x509_util::GetSubjectAltName(cert_handle_, dns_names, ip_addrs); |
| 153 } | 153 } |
| 154 | 154 |
| 155 bool X509Certificate::VerifyNameMatch(const std::string& hostname) const { | |
| 156 return CERT_VerifyCertName(cert_handle_, hostname.c_str()) == SECSuccess; | |
| 157 } | |
| 158 | |
| 159 bool X509Certificate::IsIssuedByEncoded( | 155 bool X509Certificate::IsIssuedByEncoded( |
| 160 const std::vector<std::string>& valid_issuers) { | 156 const std::vector<std::string>& valid_issuers) { |
| 161 // Get certificate chain as scoped list of CERTCertificate objects. | 157 // Get certificate chain as scoped list of CERTCertificate objects. |
| 162 std::vector<CERTCertificate*> cert_chain; | 158 std::vector<CERTCertificate*> cert_chain; |
| 163 cert_chain.push_back(cert_handle_); | 159 cert_chain.push_back(cert_handle_); |
| 164 for (size_t n = 0; n < intermediate_ca_certs_.size(); ++n) { | 160 for (size_t n = 0; n < intermediate_ca_certs_.size(); ++n) { |
| 165 cert_chain.push_back(intermediate_ca_certs_[n]); | 161 cert_chain.push_back(intermediate_ca_certs_[n]); |
| 166 } | 162 } |
| 167 // Convert encoded issuers to scoped CERTName* list. | 163 // Convert encoded issuers to scoped CERTName* list. |
| 168 std::vector<CERTName*> issuers; | 164 std::vector<CERTName*> issuers; |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 297 } | 293 } |
| 298 | 294 |
| 299 // static | 295 // static |
| 300 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle, | 296 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle, |
| 301 size_t* size_bits, | 297 size_t* size_bits, |
| 302 PublicKeyType* type) { | 298 PublicKeyType* type) { |
| 303 x509_util::GetPublicKeyInfo(cert_handle, size_bits, type); | 299 x509_util::GetPublicKeyInfo(cert_handle, size_bits, type); |
| 304 } | 300 } |
| 305 | 301 |
| 306 } // namespace net | 302 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 14741019:
Disallow wildcards from matching top-level registry controlled domains during cert validation. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src