| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <cryptohi.h> | 8 #include <cryptohi.h> |
| 9 #include <keyhi.h> | 9 #include <keyhi.h> |
| 10 #include <nss.h> | 10 #include <nss.h> |
| (...skipping 768 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 779 GetCertChainInfo(cvout[cvout_cert_list_index].value.pointer.chain, | 779 GetCertChainInfo(cvout[cvout_cert_list_index].value.pointer.chain, |
| 780 verify_result); | 780 verify_result); |
| 781 if (IsCertStatusError(verify_result->cert_status)) | 781 if (IsCertStatusError(verify_result->cert_status)) |
| 782 return MapCertStatusToNetError(verify_result->cert_status); | 782 return MapCertStatusToNetError(verify_result->cert_status); |
| 783 | 783 |
| 784 if ((flags & VERIFY_EV_CERT) && VerifyEV()) | 784 if ((flags & VERIFY_EV_CERT) && VerifyEV()) |
| 785 verify_result->cert_status |= CERT_STATUS_IS_EV; | 785 verify_result->cert_status |= CERT_STATUS_IS_EV; |
| 786 return OK; | 786 return OK; |
| 787 } | 787 } |
| 788 | 788 |
| 789 bool X509Certificate::VerifyNameMatch(const std::string& hostname) const { |
| 790 return CERT_VerifyCertName(cert_handle_, hostname.c_str()) == SECSuccess; |
| 791 } |
| 792 |
| 789 // Studied Mozilla's code (esp. security/manager/ssl/src/nsIdentityChecking.cpp | 793 // Studied Mozilla's code (esp. security/manager/ssl/src/nsIdentityChecking.cpp |
| 790 // and nsNSSCertHelper.cpp) to learn how to verify EV certificate. | 794 // and nsNSSCertHelper.cpp) to learn how to verify EV certificate. |
| 791 // TODO(wtc): A possible optimization is that we get the trust anchor from | 795 // TODO(wtc): A possible optimization is that we get the trust anchor from |
| 792 // the first PKIXVerifyCert call. We look up the EV policy for the trust | 796 // the first PKIXVerifyCert call. We look up the EV policy for the trust |
| 793 // anchor. If the trust anchor has no EV policy, we know the cert isn't EV. | 797 // anchor. If the trust anchor has no EV policy, we know the cert isn't EV. |
| 794 // Otherwise, we pass just that EV policy (as opposed to all the EV policies) | 798 // Otherwise, we pass just that EV policy (as opposed to all the EV policies) |
| 795 // to the second PKIXVerifyCert call. | 799 // to the second PKIXVerifyCert call. |
| 796 bool X509Certificate::VerifyEV() const { | 800 bool X509Certificate::VerifyEV() const { |
| 797 net::EVRootCAMetadata* metadata = net::EVRootCAMetadata::GetInstance(); | 801 net::EVRootCAMetadata* metadata = net::EVRootCAMetadata::GetInstance(); |
| 798 | 802 |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 927 DCHECK(0 != cert->derCert.len); | 931 DCHECK(0 != cert->derCert.len); |
| 928 | 932 |
| 929 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data, | 933 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data, |
| 930 cert->derCert.data, cert->derCert.len); | 934 cert->derCert.data, cert->derCert.len); |
| 931 DCHECK(rv == SECSuccess); | 935 DCHECK(rv == SECSuccess); |
| 932 | 936 |
| 933 return sha1; | 937 return sha1; |
| 934 } | 938 } |
| 935 | 939 |
| 936 } // namespace net | 940 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6612013:
Add X509Certificate::VerifyCertName(string) API. This will be used... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/