Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(144)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_nss.cc

Issue 7324039: Ensure X509Certificate::OSCertHandles are safe to be used on both UI and IO threads on Win (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Review feedback Created 9 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/base/x509_certificate.h ('K') | « net/base/x509_certificate_mac.cc ('k') | net/base/x509_certificate_openssl.cc » ('j') | net/base/x509_certificate_win.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #include <cert.h> 7 #include <cert.h>
8 #include <cryptohi.h> 8 #include <cryptohi.h>
9 #include <keyhi.h> 9 #include <keyhi.h>
10 #include <nss.h> 10 #include <nss.h>
(...skipping 892 matching lines...) Expand 10 before | Expand all | Expand 10 after
903 reinterpret_cast<char*>(name->name.other.data), 903 reinterpret_cast<char*>(name->name.other.data),
904 name->name.other.len)); 904 name->name.other.len));
905 } 905 }
906 name = CERT_GetNextGeneralName(name); 906 name = CERT_GetNextGeneralName(name);
907 if (name == alt_name_list) 907 if (name == alt_name_list)
908 break; 908 break;
909 } 909 }
910 PORT_FreeArena(arena, PR_FALSE); 910 PORT_FreeArena(arena, PR_FALSE);
911 } 911 }
912 912
913 X509Certificate::OSCertListHandle
914 X509Certificate::CreateOSCertListHandle() const {
915 return CERT_DupCertificate(cert_handle_);
916 }
917
913 int X509Certificate::VerifyInternal(const std::string& hostname, 918 int X509Certificate::VerifyInternal(const std::string& hostname,
914 int flags, 919 int flags,
915 CertVerifyResult* verify_result) const { 920 CertVerifyResult* verify_result) const {
916 // Make sure that the hostname matches with the common name of the cert. 921 // Make sure that the hostname matches with the common name of the cert.
917 SECStatus status = CERT_VerifyCertName(cert_handle_, hostname.c_str()); 922 SECStatus status = CERT_VerifyCertName(cert_handle_, hostname.c_str());
918 if (status != SECSuccess) 923 if (status != SECSuccess)
919 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; 924 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;
920 925
921 // Make sure that the cert is valid now. 926 // Make sure that the cert is valid now.
922 SECCertTimeValidity validity = CERT_CheckCertValidTimes( 927 SECCertTimeValidity validity = CERT_CheckCertValidTimes(
(...skipping 190 matching lines...) Expand 10 before | Expand all | Expand 10 after
1113 OSCertHandle cert_handle) { 1118 OSCertHandle cert_handle) {
1114 return CERT_DupCertificate(cert_handle); 1119 return CERT_DupCertificate(cert_handle);
1115 } 1120 }
1116 1121
1117 // static 1122 // static
1118 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { 1123 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {
1119 CERT_DestroyCertificate(cert_handle); 1124 CERT_DestroyCertificate(cert_handle);
1120 } 1125 }
1121 1126
1122 // static 1127 // static
1128 void X509Certificate::FreeOSCertListHandle(
1129 OSCertListHandle cert_list_handle) {
1130 CERT_DestroyCertificate(cert_list_handle);
1131 }
1132
1133 // static
1123 SHA1Fingerprint X509Certificate::CalculateFingerprint( 1134 SHA1Fingerprint X509Certificate::CalculateFingerprint(
1124 OSCertHandle cert) { 1135 OSCertHandle cert) {
1125 SHA1Fingerprint sha1; 1136 SHA1Fingerprint sha1;
1126 memset(sha1.data, 0, sizeof(sha1.data)); 1137 memset(sha1.data, 0, sizeof(sha1.data));
1127 1138
1128 DCHECK(NULL != cert->derCert.data); 1139 DCHECK(NULL != cert->derCert.data);
1129 DCHECK_NE(0U, cert->derCert.len); 1140 DCHECK_NE(0U, cert->derCert.len);
1130 1141
1131 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data, 1142 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data,
1132 cert->derCert.data, cert->derCert.len); 1143 cert->derCert.data, cert->derCert.len);
(...skipping 16 matching lines...) Expand all
1149 1160
1150 // static 1161 // static
1151 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, 1162 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle,
1152 Pickle* pickle) { 1163 Pickle* pickle) {
1153 return pickle->WriteData( 1164 return pickle->WriteData(
1154 reinterpret_cast<const char*>(cert_handle->derCert.data), 1165 reinterpret_cast<const char*>(cert_handle->derCert.data),
1155 cert_handle->derCert.len); 1166 cert_handle->derCert.len);
1156 } 1167 }
1157 1168
1158 } // namespace net 1169 } // namespace net
OLDNEW
« net/base/x509_certificate.h ('K') | « net/base/x509_certificate_mac.cc ('k') | net/base/x509_certificate_openssl.cc » ('j') | net/base/x509_certificate_win.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698