OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 #include <map> | 10 #include <map> |
(...skipping 572 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
583 verify_result->Reset(); | 583 verify_result->Reset(); |
584 verify_result->verified_cert = const_cast<X509Certificate*>(this); | 584 verify_result->verified_cert = const_cast<X509Certificate*>(this); |
585 | 585 |
586 if (IsBlacklisted()) { | 586 if (IsBlacklisted()) { |
587 verify_result->cert_status |= CERT_STATUS_REVOKED; | 587 verify_result->cert_status |= CERT_STATUS_REVOKED; |
588 return ERR_CERT_REVOKED; | 588 return ERR_CERT_REVOKED; |
589 } | 589 } |
590 | 590 |
591 int rv = VerifyInternal(hostname, flags, crl_set, verify_result); | 591 int rv = VerifyInternal(hostname, flags, crl_set, verify_result); |
592 | 592 |
593 // Check for weak keys in the entire verified chain. | |
594 size_t size_bits = 0; | |
595 PublicKeyType type = kPublicKeyTypeUnknown; | |
596 bool weak_key = false; | |
597 | |
598 GetPublicKeyInfo(verify_result->verified_cert->os_cert_handle(), &size_bits, | |
599 &type); | |
600 if (type == kPublicKeyTypeRSA && size_bits < 1024) | |
601 weak_key = true; | |
wtc
2011/11/17 02:52:18
It seems that a IsWeakPublicKey/ContainsWeakPublic
| |
602 | |
603 const OSCertHandles& intermediates = | |
604 verify_result->verified_cert->GetIntermediateCertificates(); | |
605 for (OSCertHandles::const_iterator i = intermediates.begin(); | |
606 i != intermediates.end(); ++i) { | |
607 GetPublicKeyInfo(*i, &size_bits, &type); | |
608 if (type == kPublicKeyTypeRSA && size_bits < 1024) | |
609 weak_key = true; | |
610 } | |
611 | |
612 if (weak_key) { | |
613 verify_result->cert_status |= CERT_STATUS_WEAK_KEY; | |
614 return MapCertStatusToNetError(verify_result->cert_status); | |
615 } | |
616 | |
593 // This check is done after VerifyInternal so that VerifyInternal can fill in | 617 // This check is done after VerifyInternal so that VerifyInternal can fill in |
594 // the list of public key hashes. | 618 // the list of public key hashes. |
595 if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) { | 619 if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) { |
596 verify_result->cert_status |= CERT_STATUS_REVOKED; | 620 verify_result->cert_status |= CERT_STATUS_REVOKED; |
597 rv = MapCertStatusToNetError(verify_result->cert_status); | 621 rv = MapCertStatusToNetError(verify_result->cert_status); |
598 } | 622 } |
599 | 623 |
600 return rv; | 624 return rv; |
601 } | 625 } |
602 | 626 |
(...skipping 195 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
798 bool X509Certificate::IsSHA1HashInSortedArray(const SHA1Fingerprint& hash, | 822 bool X509Certificate::IsSHA1HashInSortedArray(const SHA1Fingerprint& hash, |
799 const uint8* array, | 823 const uint8* array, |
800 size_t array_byte_len) { | 824 size_t array_byte_len) { |
801 DCHECK_EQ(0u, array_byte_len % base::kSHA1Length); | 825 DCHECK_EQ(0u, array_byte_len % base::kSHA1Length); |
802 const size_t arraylen = array_byte_len / base::kSHA1Length; | 826 const size_t arraylen = array_byte_len / base::kSHA1Length; |
803 return NULL != bsearch(hash.data, array, arraylen, base::kSHA1Length, | 827 return NULL != bsearch(hash.data, array, arraylen, base::kSHA1Length, |
804 CompareSHA1Hashes); | 828 CompareSHA1Hashes); |
805 } | 829 } |
806 | 830 |
807 } // namespace net | 831 } // namespace net |
OLD | NEW |