net/base/x509_certificate.h - Issue 8381017: net: retain leading zero bytes in X.509 serial numbers.

Side by Side Diff: net/base/x509_certificate.h

Issue 8381017: net: retain leading zero bytes in X.509 serial numbers. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: ... Created 9 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef NET_BASE_X509_CERTIFICATE_H_	5 #ifndef NET_BASE_X509_CERTIFICATE_H_

6 #define NET_BASE_X509_CERTIFICATE_H_	6 #define NET_BASE_X509_CERTIFICATE_H_

7 #pragma once	7 #pragma once

8	8

9 #include <string.h>	9 #include <string.h>

10	10

(...skipping 400 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
411 const std::vector<std::string>& cert_san_ip_addrs);	411 const std::vector<std::string>& cert_san_ip_addrs);

412	412

413 // Performs the platform-dependent part of the Verify() method, verifiying	413 // Performs the platform-dependent part of the Verify() method, verifiying

414 // this certificate against the platform's root CA certificates.	414 // this certificate against the platform's root CA certificates.

415 //	415 //

416 // Parameters and return value are as per Verify().	416 // Parameters and return value are as per Verify().

417 int VerifyInternal(const std::string& hostname,	417 int VerifyInternal(const std::string& hostname,

418 int flags,	418 int flags,

419 CertVerifyResult* verify_result) const;	419 CertVerifyResult* verify_result) const;

420	420

421 // The serial number, DER encoded.	421 // The serial number, DER encoded, possibly including leading 00 bytes.
	wtc 2011/10/25 21:14:44 Nit: "a leading 00 byte" might be better because o Nit: "a leading 00 byte" might be better because one leading zero byte is enough to make the INTEGER positive. agl 2011/10/28 20:29:07 Done. Show quoted text On 2011/10/25 21:14:44, wtc wrote: > > Nit: "a leading 00 byte" might be better because one leading > zero byte is enough to make the INTEGER positive. Done.
422 // NOTE: keep this method private, used by IsBlacklisted only. To simplify	422 // NOTE: keep this method private, used by IsBlacklisted only.
	wtc 2011/10/25 21:14:44 We can remove this NOTE now (i.e., this method can We can remove this NOTE now (i.e., this method can become public if necessary) because it preserves the leading 0 bytes required for DER encoding of ASN.1 INTEGER. agl 2011/10/28 20:29:07 Done. Show quoted text On 2011/10/25 21:14:44, wtc wrote: > > We can remove this NOTE now (i.e., this method can become > public if necessary) because it preserves the leading 0 bytes > required for DER encoding of ASN.1 INTEGER. Done.
423 // IsBlacklisted, we strip the leading 0 byte of a serial number, used to

424 // encode a positive DER INTEGER (a signed type) with a most significant bit

425 // of 1. Other code must not use this method for general purpose until this

426 // is fixed.

427 const std::string& serial_number() const { return serial_number_; }	423 const std::string& serial_number() const { return serial_number_; }

428	424

429 // IsBlacklisted returns true if this certificate is explicitly blacklisted.	425 // IsBlacklisted returns true if this certificate is explicitly blacklisted.

430 bool IsBlacklisted() const;	426 bool IsBlacklisted() const;

431	427

432 // IsPublicKeyBlacklisted returns true iff one of \|public_key_hashes\| (which	428 // IsPublicKeyBlacklisted returns true iff one of \|public_key_hashes\| (which

433 // are SHA1 hashes of SubjectPublicKeyInfo structures) is explicitly blocked.	429 // are SHA1 hashes of SubjectPublicKeyInfo structures) is explicitly blocked.

434 static bool IsPublicKeyBlacklisted(	430 static bool IsPublicKeyBlacklisted(

435 const std::vector<SHA1Fingerprint>& public_key_hashes);	431 const std::vector<SHA1Fingerprint>& public_key_hashes);

436	432

(...skipping 44 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
481 // (Marked mutable because it's used in a const method.)	477 // (Marked mutable because it's used in a const method.)

482 mutable base::Lock verification_lock_;	478 mutable base::Lock verification_lock_;

483 #endif	479 #endif

484	480

485 DISALLOW_COPY_AND_ASSIGN(X509Certificate);	481 DISALLOW_COPY_AND_ASSIGN(X509Certificate);

486 };	482 };

487	483

488 } // namespace net	484 } // namespace net

489	485

490 #endif // NET_BASE_X509_CERTIFICATE_H_	486 #endif // NET_BASE_X509_CERTIFICATE_H_

OLD	NEW

« net/base/crl_set.cc ('K') | « net/base/crl_set.cc ('k') | net/base/x509_certificate.cc » ('j') | net/base/x509_certificate.cc » ('J')