OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 #include <map> | 10 #include <map> |
(...skipping 623 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
634 cache->Remove(cert_handle_); | 634 cache->Remove(cert_handle_); |
635 FreeOSCertHandle(cert_handle_); | 635 FreeOSCertHandle(cert_handle_); |
636 } | 636 } |
637 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { | 637 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { |
638 cache->Remove(intermediate_ca_certs_[i]); | 638 cache->Remove(intermediate_ca_certs_[i]); |
639 FreeOSCertHandle(intermediate_ca_certs_[i]); | 639 FreeOSCertHandle(intermediate_ca_certs_[i]); |
640 } | 640 } |
641 } | 641 } |
642 | 642 |
643 bool X509Certificate::IsBlacklisted() const { | 643 bool X509Certificate::IsBlacklisted() const { |
644 static const unsigned kNumSerials = 257; | 644 static const unsigned kNumSerials = 256; |
wtc
2011/09/01 21:15:19
I verified that 256 is correct because 255 results
| |
645 static const unsigned kSerialBytes = 16; | 645 static const unsigned kSerialBytes = 16; |
646 static const uint8 kSerials[kNumSerials][kSerialBytes] = { | 646 static const uint8 kSerials[kNumSerials][kSerialBytes] = { |
647 // Not a real certificate. For testing only. | 647 // Not a real certificate. For testing only. |
648 {0x07,0x7a,0x59,0xbc,0xd5,0x34,0x59,0x60,0x1c,0xa6,0x90,0x72,0x67,0xa6,0xdd, 0x1c}, | 648 {0x07,0x7a,0x59,0xbc,0xd5,0x34,0x59,0x60,0x1c,0xa6,0x90,0x72,0x67,0xa6,0xdd, 0x1c}, |
649 | 649 |
650 // The next nine certificates all expire on Fri Mar 14 23:59:59 2014. | 650 // The next nine certificates all expire on Fri Mar 14 23:59:59 2014. |
651 // Some serial numbers actually have a leading 0x00 byte required to | 651 // Some serial numbers actually have a leading 0x00 byte required to |
652 // encode a positive integer in DER if the most significant bit is 0. | 652 // encode a positive integer in DER if the most significant bit is 0. |
653 // We omit the leading 0x00 bytes to make all serial numbers 16 bytes. | 653 // We omit the leading 0x00 bytes to make all serial numbers 16 bytes. |
654 | 654 |
(...skipping 285 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
940 } | 940 } |
941 | 941 |
942 // Special case for DigiNotar: this serial number had a leading 0x00 byte | 942 // Special case for DigiNotar: this serial number had a leading 0x00 byte |
943 static const uint8 kDigiNotarLeadingZero[15] = { | 943 static const uint8 kDigiNotarLeadingZero[15] = { |
944 0x17,0x7f,0xb6,0x53,0x6b,0x98,0xce,0x40,0xd5,0x4b,0x8b,0x24,0xe3,0x16,0x05 | 944 0x17,0x7f,0xb6,0x53,0x6b,0x98,0xce,0x40,0xd5,0x4b,0x8b,0x24,0xe3,0x16,0x05 |
945 }; | 945 }; |
946 | 946 |
947 if (serial_number_.size() == sizeof(kDigiNotarLeadingZero) && | 947 if (serial_number_.size() == sizeof(kDigiNotarLeadingZero) && |
948 memcmp(serial_number_.data(), kDigiNotarLeadingZero, | 948 memcmp(serial_number_.data(), kDigiNotarLeadingZero, |
949 sizeof(kDigiNotarLeadingZero)) == 0) { | 949 sizeof(kDigiNotarLeadingZero)) == 0) { |
950 UMA_HISTOGRAM_ENUMERATION("Net.SSLCertBlacklisted", kNumSerials, kNumSer ials + 1); | 950 UMA_HISTOGRAM_ENUMERATION("Net.SSLCertBlacklisted", kNumSerials, |
951 return true; | 951 kNumSerials + 1); |
952 return true; | |
952 } | 953 } |
953 | 954 |
954 return false; | 955 return false; |
955 } | 956 } |
956 | 957 |
957 // static | 958 // static |
958 bool X509Certificate::IsPublicKeyBlacklisted( | 959 bool X509Certificate::IsPublicKeyBlacklisted( |
959 const std::vector<SHA1Fingerprint>& public_key_hashes) { | 960 const std::vector<SHA1Fingerprint>& public_key_hashes) { |
960 static const unsigned kNumHashes = 3; | 961 static const unsigned kNumHashes = 3; |
961 static const uint8 kHashes[kNumHashes][base::SHA1_LENGTH] = { | 962 static const uint8 kHashes[kNumHashes][base::SHA1_LENGTH] = { |
(...skipping 26 matching lines...) Expand all Loading... | |
988 bool X509Certificate::IsSHA1HashInSortedArray(const SHA1Fingerprint& hash, | 989 bool X509Certificate::IsSHA1HashInSortedArray(const SHA1Fingerprint& hash, |
989 const uint8* array, | 990 const uint8* array, |
990 size_t array_byte_len) { | 991 size_t array_byte_len) { |
991 DCHECK_EQ(0u, array_byte_len % base::SHA1_LENGTH); | 992 DCHECK_EQ(0u, array_byte_len % base::SHA1_LENGTH); |
992 const unsigned arraylen = array_byte_len / base::SHA1_LENGTH; | 993 const unsigned arraylen = array_byte_len / base::SHA1_LENGTH; |
993 return NULL != bsearch(hash.data, array, arraylen, base::SHA1_LENGTH, | 994 return NULL != bsearch(hash.data, array, arraylen, base::SHA1_LENGTH, |
994 CompareSHA1Hashes); | 995 CompareSHA1Hashes); |
995 } | 996 } |
996 | 997 |
997 } // namespace net | 998 } // namespace net |
OLD | NEW |