Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(342)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/crl_set.cc

Issue 9699043: net: fallback to online revocation checks for EV status when CRLSet has expired. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ... Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/crl_set.h ('k') | net/base/crl_set_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/base64.h" 5 #include "base/base64.h"
6 #include "base/format_macros.h" 6 #include "base/format_macros.h"
7 #include "base/json/json_reader.h" 7 #include "base/json/json_reader.h"
8 #include "base/logging.h" 8 #include "base/logging.h"
9 #include "base/stl_util.h" 9 #include "base/stl_util.h"
10 #include "base/string_util.h" 10 #include "base/string_util.h"
(...skipping 522 matching lines...) Expand 10 before | Expand all | Expand 10 after
533 return REVOKED; 533 return REVOKED;
534 } 534 }
535 } 535 }
536 536
537 return GOOD; 537 return GOOD;
538 } 538 }
539 539
540 CRLSet::Result CRLSet::CheckSerial( 540 CRLSet::Result CRLSet::CheckSerial(
541 const base::StringPiece& serial_number, 541 const base::StringPiece& serial_number,
542 const base::StringPiece& issuer_spki_hash) const { 542 const base::StringPiece& issuer_spki_hash) const {
543 Result result = CheckSerialIsRevoked(serial_number, issuer_spki_hash);
544 // If we get a revoked signal then we return that no matter how old the
545 // CRLSet is.
546 if (result == REVOKED)
547 return result;
548 if (not_after_ > 0) {
549 uint64 now = base::Time::Now().ToTimeT();
550 if (now > not_after_)
551 return CRL_SET_EXPIRED;
552 }
553 return result;
554 }
555
556 CRLSet::Result CRLSet::CheckSerialIsRevoked(
557 const base::StringPiece& serial_number,
558 const base::StringPiece& issuer_spki_hash) const {
559 base::StringPiece serial(serial_number); 543 base::StringPiece serial(serial_number);
560 544
561 if (!serial.empty() && (serial[0] & 0x80) != 0) { 545 if (!serial.empty() && (serial[0] & 0x80) != 0) {
562 // This serial number is negative but the process which generates CRL sets 546 // This serial number is negative but the process which generates CRL sets
563 // will reject any certificates with negative serial numbers as invalid. 547 // will reject any certificates with negative serial numbers as invalid.
564 return UNKNOWN; 548 return UNKNOWN;
565 } 549 }
566 550
567 // Remove any leading zero bytes. 551 // Remove any leading zero bytes.
568 while (serial.size() > 1 && serial[0] == 0x00) 552 while (serial.size() > 1 && serial[0] == 0x00)
569 serial.remove_prefix(1); 553 serial.remove_prefix(1);
570 554
571 std::map<std::string, size_t>::const_iterator i = 555 std::map<std::string, size_t>::const_iterator i =
572 crls_index_by_issuer_.find(issuer_spki_hash.as_string()); 556 crls_index_by_issuer_.find(issuer_spki_hash.as_string());
573 if (i == crls_index_by_issuer_.end()) 557 if (i == crls_index_by_issuer_.end())
574 return UNKNOWN; 558 return UNKNOWN;
575 const std::vector<std::string>& serials = crls_[i->second].second; 559 const std::vector<std::string>& serials = crls_[i->second].second;
576 560
577 for (std::vector<std::string>::const_iterator i = serials.begin(); 561 for (std::vector<std::string>::const_iterator i = serials.begin();
578 i != serials.end(); ++i) { 562 i != serials.end(); ++i) {
579 if (base::StringPiece(*i) == serial) 563 if (base::StringPiece(*i) == serial)
580 return REVOKED; 564 return REVOKED;
581 } 565 }
582 566
583 return GOOD; 567 return GOOD;
584 } 568 }
585 569
570 bool CRLSet::IsExpired() const {
571 if (not_after_ == 0)
572 return false;
573
574 uint64 now = base::Time::Now().ToTimeT();
575 return now > not_after_;
576 }
577
586 uint32 CRLSet::sequence() const { 578 uint32 CRLSet::sequence() const {
587 return sequence_; 579 return sequence_;
588 } 580 }
589 581
590 const CRLSet::CRLList& CRLSet::crls() const { 582 const CRLSet::CRLList& CRLSet::crls() const {
591 return crls_; 583 return crls_;
592 } 584 }
593 585
586 // static
587 CRLSet* CRLSet::EmptyCRLSetForTesting() {
588 return new CRLSet;
589 }
590
591 CRLSet* CRLSet::ExpiredCRLSetForTesting() {
592 CRLSet* crl_set = new CRLSet;
593 crl_set->not_after_ = 1;
594 return crl_set;
595 }
596
594 } // namespace net 597 } // namespace net
OLDNEW
« no previous file with comments | « net/base/crl_set.h ('k') | net/base/crl_set_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698