Chromium Code Reviews Chromium Code Reviews
Issue 8381017:
net: retain leading zero bytes in X.509 serial numbers. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/base64.h" | 5 #include "base/base64.h" |
| 6 #include "base/json/json_reader.h" | 6 #include "base/json/json_reader.h" |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/stl_util.h" | 8 #include "base/stl_util.h" |
| 9 #include "base/values.h" | 9 #include "base/values.h" |
| 10 #include "crypto/sha2.h" | 10 #include "crypto/sha2.h" |
| (...skipping 390 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 401 if (i != crls_.size()) | 401 if (i != crls_.size()) |
| 402 return false; | 402 return false; |
| 403 | 403 |
| 404 *out_crl_set = crl_set; | 404 *out_crl_set = crl_set; |
| 405 return true; | 405 return true; |
| 406 } | 406 } |
| 407 | 407 |
| 408 CRLSet::Result CRLSet::CheckCertificate( | 408 CRLSet::Result CRLSet::CheckCertificate( |
| 409 const base::StringPiece& serial_number, | 409 const base::StringPiece& serial_number, |
| 410 const base::StringPiece& parent_spki) const { | 410 const base::StringPiece& parent_spki) const { |
| 411 base::StringPiece serial(serial_number); | |
| 412 | |
| 413 if (!serial.empty() && serial[0] >= 0x80) { | |
| 414 // This serial number is negative but the process which generates CRL sets | |
| 415 // will reject any certificates with negative serial numbers as invalid. | |
| 416 return UNKNOWN; | |
| 417 } | |
| 418 | |
| 419 // Remove any leading zero bytes. | |
| 420 while (!serial.empty() && serial[0] == 0x00) | |
|
wtc
2011/10/25 21:14:44
BUG(?): !serial.empty() => serial.size() > 1
to av
agl
2011/10/28 20:29:07
Done.
| |
| 421 serial.remove_prefix(1); | |
| 422 | |
| 411 std::map<std::string, size_t>::const_iterator i = | 423 std::map<std::string, size_t>::const_iterator i = |
| 412 crls_index_by_issuer_.find(parent_spki.as_string()); | 424 crls_index_by_issuer_.find(parent_spki.as_string()); |
| 413 if (i == crls_index_by_issuer_.end()) | 425 if (i == crls_index_by_issuer_.end()) |
| 414 return UNKNOWN; | 426 return UNKNOWN; |
| 415 const std::vector<std::string>& serials = crls_[i->second].second; | 427 const std::vector<std::string>& serials = crls_[i->second].second; |
| 416 | 428 |
| 417 for (std::vector<std::string>::const_iterator i = serials.begin(); | 429 for (std::vector<std::string>::const_iterator i = serials.begin(); |
| 418 i != serials.end(); ++i) { | 430 i != serials.end(); ++i) { |
| 419 if (base::StringPiece(*i) == serial_number) | 431 if (base::StringPiece(*i) == serial_number) |
|
wtc
2011/10/25 21:14:44
BUG: serial_number should be changed to |serial| h
agl
2011/10/28 20:29:07
Yes, thank you.
| |
| 420 return REVOKED; | 432 return REVOKED; |
| 421 } | 433 } |
| 422 | 434 |
| 423 return GOOD; | 435 return GOOD; |
| 424 } | 436 } |
| 425 | 437 |
| 426 base::Time CRLSet::next_update() const { | 438 base::Time CRLSet::next_update() const { |
| 427 return next_update_; | 439 return next_update_; |
| 428 } | 440 } |
| 429 | 441 |
| 430 base::TimeDelta CRLSet::update_window() const { | 442 base::TimeDelta CRLSet::update_window() const { |
| 431 return update_window_; | 443 return update_window_; |
| 432 } | 444 } |
| 433 | 445 |
| 434 uint32 CRLSet::sequence() const { | 446 uint32 CRLSet::sequence() const { |
| 435 return sequence_; | 447 return sequence_; |
| 436 } | 448 } |
| 437 | 449 |
| 438 const CRLSet::CRLList& CRLSet::crls() const { | 450 const CRLSet::CRLList& CRLSet::crls() const { |
| 439 return crls_; | 451 return crls_; |
| 440 } | 452 } |
| 441 | 453 |
| 442 } // namespace net | 454 } // namespace net |
| OLD | NEW |
