Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(194)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/dnssec_chain_verifier.cc

Issue 3412016: FBTF: Move a bunch of code to the headers and remove includes. (Closed) Base URL: http://src.chromium.org/git/chromium.git
Patch Set: Rebase + fixed windows issues locally Created 10 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/base/dnssec_chain_verifier.h ('k') | net/base/dnssec_keyset.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/dnssec_chain_verifier.h" 5 #include "net/base/dnssec_chain_verifier.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "base/scoped_ptr.h" 8 #include "base/scoped_ptr.h"
9 #include "base/sha1.h" 9 #include "base/sha1.h"
10 #include "base/sha2.h" 10 #include "base/sha2.h"
11 #include "base/string_util.h" 11 #include "base/string_util.h"
12 #include "net/base/dns_util.h" 12 #include "net/base/dns_util.h"
13 #include "net/base/dnssec_keyset.h"
13 14
14 // We don't have a location for the spec yet, so we'll include it here until it 15 // We don't have a location for the spec yet, so we'll include it here until it
15 // finds a better home. 16 // finds a better home.
16 17
17 /* 18 /*
18 When connecting to a host www.example.com, www.example.com may present a certifi cate which includes a DNSSEC chain embedded in it. The aim of the embedded chain is to prove that the fingerprint of the public key is valid DNSSEC data. This i s achieved by proving a CERT record for the target domain. 19 When connecting to a host www.example.com, www.example.com may present a certifi cate which includes a DNSSEC chain embedded in it. The aim of the embedded chain is to prove that the fingerprint of the public key is valid DNSSEC data. This i s achieved by proving a CERT record for the target domain.
19 20
20 Initially, the target domain is constructed by prepending _ssl. For example, the initial target domain for www.example.com is _ssl.www.example.com. 21 Initially, the target domain is constructed by prepending _ssl. For example, the initial target domain for www.example.com is _ssl.www.example.com.
21 22
22 A DNSSEC chain verifier can be in one of two states: entering a zone, or within a zone. Initially, the verifier is entering the root zone. 23 A DNSSEC chain verifier can be in one of two states: entering a zone, or within a zone. Initially, the verifier is entering the root zone.
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after
132 0x9c, 0x2e, 0x6a, 0xab, 0x02, 0x64, 0x4b, 0x28, 0x13, 0xf5, 0x75, 0xfc, 0x21, 133 0x9c, 0x2e, 0x6a, 0xab, 0x02, 0x64, 0x4b, 0x28, 0x13, 0xf5, 0x75, 0xfc, 0x21,
133 0x60, 0x1e, 0x0d, 0xee, 0x49, 0xcd, 0x9e, 0xe9, 0x6a, 0x43, 0x10, 0x3e, 0x52, 134 0x60, 0x1e, 0x0d, 0xee, 0x49, 0xcd, 0x9e, 0xe9, 0x6a, 0x43, 0x10, 0x3e, 0x52,
134 0x4d, 0x62, 0x87, 0x3d, 135 0x4d, 0x62, 0x87, 0x3d,
135 }; 136 };
136 137
137 // kRootKeyID is the key id for kRootKey 138 // kRootKeyID is the key id for kRootKey
138 static const uint16 kRootKeyID = 19036; 139 static const uint16 kRootKeyID = 19036;
139 140
140 namespace net { 141 namespace net {
141 142
143 struct DNSSECChainVerifier::Zone {
144 base::StringPiece name;
145 // The number of consecutive labels which |name| shares with |target_|,
146 // counting right-to-left from the root.
147 unsigned matching_labels;
148 DNSSECKeySet trusted_keys;
149 Zone* prev;
150 };
151
142 DNSSECChainVerifier::DNSSECChainVerifier(const std::string& target, 152 DNSSECChainVerifier::DNSSECChainVerifier(const std::string& target,
143 const base::StringPiece& chain) 153 const base::StringPiece& chain)
144 : current_zone_(NULL), 154 : current_zone_(NULL),
145 target_(target), 155 target_(target),
146 chain_(chain), 156 chain_(chain),
147 ignore_timestamps_(false), 157 ignore_timestamps_(false),
148 valid_(false), 158 valid_(false),
149 already_entered_zone_(false), 159 already_entered_zone_(false),
150 rrtype_(0) { 160 rrtype_(0) {
151 } 161 }
(...skipping 638 matching lines...) Expand 10 before | Expand all | Expand 10 after
790 } else { 800 } else {
791 c = 0; 801 c = 0;
792 } 802 }
793 803
794 a.remove_prefix(a_length); 804 a.remove_prefix(a_length);
795 b.remove_prefix(b_length); 805 b.remove_prefix(b_length);
796 } 806 }
797 } 807 }
798 808
799 } // namespace net 809 } // namespace net
OLDNEW
« no previous file with comments | « net/base/dnssec_chain_verifier.h ('k') | net/base/dnssec_keyset.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698