OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 #include <map> | 10 #include <map> |
(...skipping 169 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
180 // Entry's OS handle and remove the Entry. The caller still holds a | 180 // Entry's OS handle and remove the Entry. The caller still holds a |
181 // reference to |cert_handle| and is responsible for freeing it. | 181 // reference to |cert_handle| and is responsible for freeing it. |
182 X509Certificate::FreeOSCertHandle(pos->second.cert_handle); | 182 X509Certificate::FreeOSCertHandle(pos->second.cert_handle); |
183 cache_.erase(pos); | 183 cache_.erase(pos); |
184 } | 184 } |
185 } | 185 } |
186 | 186 |
187 // CompareSHA1Hashes is a helper function for using bsearch() with an array of | 187 // CompareSHA1Hashes is a helper function for using bsearch() with an array of |
188 // SHA1 hashes. | 188 // SHA1 hashes. |
189 int CompareSHA1Hashes(const void* a, const void* b) { | 189 int CompareSHA1Hashes(const void* a, const void* b) { |
190 return memcmp(a, b, base::SHA1_LENGTH); | 190 return memcmp(a, b, base::kSHA1Length); |
191 } | 191 } |
192 | 192 |
193 // Utility to split |src| on the first occurrence of |c|, if any. |right| will | 193 // Utility to split |src| on the first occurrence of |c|, if any. |right| will |
194 // either be empty if |c| was not found, or will contain the remainder of the | 194 // either be empty if |c| was not found, or will contain the remainder of the |
195 // string including the split character itself. | 195 // string including the split character itself. |
196 void SplitOnChar(const base::StringPiece& src, | 196 void SplitOnChar(const base::StringPiece& src, |
197 char c, | 197 char c, |
198 base::StringPiece* left, | 198 base::StringPiece* left, |
199 base::StringPiece* right) { | 199 base::StringPiece* right) { |
200 size_t pos = src.find(c); | 200 size_t pos = src.find(c); |
(...skipping 751 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
952 return true; | 952 return true; |
953 } | 953 } |
954 | 954 |
955 return false; | 955 return false; |
956 } | 956 } |
957 | 957 |
958 // static | 958 // static |
959 bool X509Certificate::IsPublicKeyBlacklisted( | 959 bool X509Certificate::IsPublicKeyBlacklisted( |
960 const std::vector<SHA1Fingerprint>& public_key_hashes) { | 960 const std::vector<SHA1Fingerprint>& public_key_hashes) { |
961 static const unsigned kNumHashes = 5; | 961 static const unsigned kNumHashes = 5; |
962 static const uint8 kHashes[kNumHashes][base::SHA1_LENGTH] = { | 962 static const uint8 kHashes[kNumHashes][base::kSHA1Length] = { |
963 // Subject: CN=DigiNotar Root CA | 963 // Subject: CN=DigiNotar Root CA |
964 // Issuer: CN=Entrust.net x2 and self-signed | 964 // Issuer: CN=Entrust.net x2 and self-signed |
965 {0x41, 0x0f, 0x36, 0x36, 0x32, 0x58, 0xf3, 0x0b, 0x34, 0x7d, | 965 {0x41, 0x0f, 0x36, 0x36, 0x32, 0x58, 0xf3, 0x0b, 0x34, 0x7d, |
966 0x12, 0xce, 0x48, 0x63, 0xe4, 0x33, 0x43, 0x78, 0x06, 0xa8}, | 966 0x12, 0xce, 0x48, 0x63, 0xe4, 0x33, 0x43, 0x78, 0x06, 0xa8}, |
967 // Subject: CN=DigiNotar Cyber CA | 967 // Subject: CN=DigiNotar Cyber CA |
968 // Issuer: CN=GTE CyberTrust Global Root | 968 // Issuer: CN=GTE CyberTrust Global Root |
969 {0xc4, 0xf9, 0x66, 0x37, 0x16, 0xcd, 0x5e, 0x71, 0xd6, 0x95, | 969 {0xc4, 0xf9, 0x66, 0x37, 0x16, 0xcd, 0x5e, 0x71, 0xd6, 0x95, |
970 0x0b, 0x5f, 0x33, 0xce, 0x04, 0x1c, 0x95, 0xb4, 0x35, 0xd1}, | 970 0x0b, 0x5f, 0x33, 0xce, 0x04, 0x1c, 0x95, 0xb4, 0x35, 0xd1}, |
971 // Subject: CN=DigiNotar Services 1024 CA | 971 // Subject: CN=DigiNotar Services 1024 CA |
972 // Issuer: CN=Entrust.net | 972 // Issuer: CN=Entrust.net |
973 {0xe2, 0x3b, 0x8d, 0x10, 0x5f, 0x87, 0x71, 0x0a, 0x68, 0xd9, | 973 {0xe2, 0x3b, 0x8d, 0x10, 0x5f, 0x87, 0x71, 0x0a, 0x68, 0xd9, |
974 0x24, 0x80, 0x50, 0xeb, 0xef, 0xc6, 0x27, 0xbe, 0x4c, 0xa6}, | 974 0x24, 0x80, 0x50, 0xeb, 0xef, 0xc6, 0x27, 0xbe, 0x4c, 0xa6}, |
975 // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2 | 975 // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2 |
976 // Issuer: CN=Staat der Nederlanden Organisatie CA - G2 | 976 // Issuer: CN=Staat der Nederlanden Organisatie CA - G2 |
977 {0x7b, 0x2e, 0x16, 0xbc, 0x39, 0xbc, 0xd7, 0x2b, 0x45, 0x6e, | 977 {0x7b, 0x2e, 0x16, 0xbc, 0x39, 0xbc, 0xd7, 0x2b, 0x45, 0x6e, |
978 0x9f, 0x05, 0x5d, 0x1d, 0xe6, 0x15, 0xb7, 0x49, 0x45, 0xdb}, | 978 0x9f, 0x05, 0x5d, 0x1d, 0xe6, 0x15, 0xb7, 0x49, 0x45, 0xdb}, |
979 // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven | 979 // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven |
980 // Issuer: CN=Staat der Nederlanden Overheid CA | 980 // Issuer: CN=Staat der Nederlanden Overheid CA |
981 {0xe8, 0xf9, 0x12, 0x00, 0xc6, 0x5c, 0xee, 0x16, 0xe0, 0x39, | 981 {0xe8, 0xf9, 0x12, 0x00, 0xc6, 0x5c, 0xee, 0x16, 0xe0, 0x39, |
982 0xb9, 0xf8, 0x83, 0x84, 0x16, 0x61, 0x63, 0x5f, 0x81, 0xc5}, | 982 0xb9, 0xf8, 0x83, 0x84, 0x16, 0x61, 0x63, 0x5f, 0x81, 0xc5}, |
983 }; | 983 }; |
984 | 984 |
985 for (unsigned i = 0; i < kNumHashes; i++) { | 985 for (unsigned i = 0; i < kNumHashes; i++) { |
986 for (std::vector<SHA1Fingerprint>::const_iterator | 986 for (std::vector<SHA1Fingerprint>::const_iterator |
987 j = public_key_hashes.begin(); j != public_key_hashes.end(); ++j) { | 987 j = public_key_hashes.begin(); j != public_key_hashes.end(); ++j) { |
988 if (memcmp(j->data, kHashes[i], base::SHA1_LENGTH) == 0) | 988 if (memcmp(j->data, kHashes[i], base::kSHA1Length) == 0) |
989 return true; | 989 return true; |
990 } | 990 } |
991 } | 991 } |
992 | 992 |
993 return false; | 993 return false; |
994 } | 994 } |
995 | 995 |
996 // static | 996 // static |
997 bool X509Certificate::IsSHA1HashInSortedArray(const SHA1Fingerprint& hash, | 997 bool X509Certificate::IsSHA1HashInSortedArray(const SHA1Fingerprint& hash, |
998 const uint8* array, | 998 const uint8* array, |
999 size_t array_byte_len) { | 999 size_t array_byte_len) { |
1000 DCHECK_EQ(0u, array_byte_len % base::SHA1_LENGTH); | 1000 DCHECK_EQ(0u, array_byte_len % base::kSHA1Length); |
1001 const unsigned arraylen = array_byte_len / base::SHA1_LENGTH; | 1001 const size_t arraylen = array_byte_len / base::kSHA1Length; |
1002 return NULL != bsearch(hash.data, array, arraylen, base::SHA1_LENGTH, | 1002 return NULL != bsearch(hash.data, array, arraylen, base::kSHA1Length, |
1003 CompareSHA1Hashes); | 1003 CompareSHA1Hashes); |
1004 } | 1004 } |
1005 | 1005 |
1006 } // namespace net | 1006 } // namespace net |
OLD | NEW |