| Index: net/base/x509_certificate_mac.cc
|
| ===================================================================
|
| --- net/base/x509_certificate_mac.cc (revision 2483)
|
| +++ net/base/x509_certificate_mac.cc (working copy)
|
| @@ -5,15 +5,11 @@
|
| #include "net/base/x509_certificate.h"
|
|
|
| #include <CommonCrypto/CommonDigest.h>
|
| -#include <map>
|
| #include <time.h>
|
|
|
| #include "base/histogram.h"
|
| -#include "base/lock.h"
|
| +#include "base/logging.h"
|
| #include "base/pickle.h"
|
| -#include "base/singleton.h"
|
| -#include "base/string_tokenizer.h"
|
| -#include "base/string_util.h"
|
| #include "net/base/cert_status_flags.h"
|
| #include "net/base/ev_root_ca_metadata.h"
|
|
|
| @@ -21,16 +17,6 @@
|
|
|
| namespace {
|
|
|
| -// Returns true if this cert fingerprint is the null (all zero) fingerprint.
|
| -// We use this as a bogus fingerprint value.
|
| -bool IsNullFingerprint(const X509Certificate::Fingerprint& fingerprint) {
|
| - for (size_t i = 0; i < arraysize(fingerprint.data); ++i) {
|
| - if (fingerprint.data[i] != 0)
|
| - return false;
|
| - }
|
| - return true;
|
| -}
|
| -
|
| // Calculates the SHA-1 fingerprint of the certificate. Returns an empty
|
| // (all zero) fingerprint on failure.
|
| X509Certificate::Fingerprint CalculateFingerprint(
|
| @@ -218,90 +204,6 @@
|
|
|
| } // namespace
|
|
|
| -bool X509Certificate::FingerprintLessThan::operator()(
|
| - const Fingerprint& lhs,
|
| - const Fingerprint& rhs) const {
|
| - for (size_t i = 0; i < sizeof(lhs.data); ++i) {
|
| - if (lhs.data[i] < rhs.data[i])
|
| - return true;
|
| - if (lhs.data[i] > rhs.data[i])
|
| - return false;
|
| - }
|
| - return false;
|
| -}
|
| -
|
| -bool X509Certificate::LessThan::operator()(X509Certificate* lhs,
|
| - X509Certificate* rhs) const {
|
| - if (lhs == rhs)
|
| - return false;
|
| -
|
| - X509Certificate::FingerprintLessThan fingerprint_functor;
|
| - return fingerprint_functor(lhs->fingerprint_, rhs->fingerprint_);
|
| -}
|
| -
|
| -// A thread-safe cache for X509Certificate objects.
|
| -//
|
| -// The cache does not hold a reference to the certificate objects. The objects
|
| -// must |Remove| themselves from the cache upon destruction (or else the cache
|
| -// will be holding dead pointers to the objects).
|
| -class X509Certificate::Cache {
|
| - public:
|
| - // Get the singleton object for the cache.
|
| - static X509Certificate::Cache* GetInstance() {
|
| - return Singleton<X509Certificate::Cache>::get();
|
| - }
|
| -
|
| - // Insert |cert| into the cache. The cache does NOT AddRef |cert|. The cache
|
| - // must not already contain a certificate with the same fingerprint.
|
| - void Insert(X509Certificate* cert) {
|
| - AutoLock lock(lock_);
|
| -
|
| - DCHECK(!IsNullFingerprint(cert->fingerprint())) <<
|
| - "Only insert certs with real fingerprints.";
|
| - DCHECK(cache_.find(cert->fingerprint()) == cache_.end());
|
| - cache_[cert->fingerprint()] = cert;
|
| - };
|
| -
|
| - // Remove |cert| from the cache. The cache does not assume that |cert| is
|
| - // already in the cache.
|
| - void Remove(X509Certificate* cert) {
|
| - AutoLock lock(lock_);
|
| -
|
| - CertMap::iterator pos(cache_.find(cert->fingerprint()));
|
| - if (pos == cache_.end())
|
| - return; // It is not an error to remove a cert that is not in the cache.
|
| - cache_.erase(pos);
|
| - };
|
| -
|
| - // Find a certificate in the cache with the given fingerprint. If one does
|
| - // not exist, this method returns NULL.
|
| - X509Certificate* Find(const Fingerprint& fingerprint) {
|
| - AutoLock lock(lock_);
|
| -
|
| - CertMap::iterator pos(cache_.find(fingerprint));
|
| - if (pos == cache_.end())
|
| - return NULL;
|
| -
|
| - return pos->second;
|
| - };
|
| -
|
| - private:
|
| - typedef std::map<Fingerprint, X509Certificate*, FingerprintLessThan> CertMap;
|
| -
|
| - // Obtain an instance of X509Certificate::Cache via GetInstance().
|
| - Cache() { }
|
| - friend struct DefaultSingletonTraits<X509Certificate::Cache>;
|
| -
|
| - // You must acquire this lock before using any private data of this object.
|
| - // You must not block while holding this lock.
|
| - Lock lock_;
|
| -
|
| - // The certificate cache. You must acquire |lock_| before using |cache_|.
|
| - CertMap cache_;
|
| -
|
| - DISALLOW_COPY_AND_ASSIGN(Cache);
|
| -};
|
| -
|
| void X509Certificate::Initialize() {
|
| const CSSM_X509_NAME* name;
|
| OSStatus status = SecCertificateGetSubject(cert_handle_, &name);
|
| @@ -428,37 +330,4 @@
|
| return false;
|
| }
|
|
|
| -X509Certificate::Policy::Judgment X509Certificate::Policy::Check(
|
| - X509Certificate* cert) const {
|
| - // It shouldn't matter which set we check first, but we check denied first
|
| - // in case something strange has happened.
|
| -
|
| - if (denied_.find(cert->fingerprint()) != denied_.end()) {
|
| - // DCHECK that the order didn't matter.
|
| - DCHECK(allowed_.find(cert->fingerprint()) == allowed_.end());
|
| - return DENIED;
|
| - }
|
| -
|
| - if (allowed_.find(cert->fingerprint()) != allowed_.end()) {
|
| - // DCHECK that the order didn't matter.
|
| - DCHECK(denied_.find(cert->fingerprint()) == denied_.end());
|
| - return ALLOWED;
|
| - }
|
| -
|
| - // We don't have a policy for this cert.
|
| - return UNKNOWN;
|
| -}
|
| -
|
| -void X509Certificate::Policy::Allow(X509Certificate* cert) {
|
| - // Put the cert in the allowed set and (maybe) remove it from the denied set.
|
| - denied_.erase(cert->fingerprint());
|
| - allowed_.insert(cert->fingerprint());
|
| -}
|
| -
|
| -void X509Certificate::Policy::Deny(X509Certificate* cert) {
|
| - // Put the cert in the denied set and (maybe) remove it from the allowed set.
|
| - allowed_.erase(cert->fingerprint());
|
| - denied_.insert(cert->fingerprint());
|
| -}
|
| -
|
| } // namespace net
|
|
|
Chromium Code Reviews
Issue 4040:
Refactoring out common code in the X.509 cert handling (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/