Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(247)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate.h

Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/base/net_error_list.h ('K') | « net/base/net_error_list.h ('k') | net/base/x509_certificate.cc » ('j') | net/base/x509_certificate.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_BASE_X509_CERTIFICATE_H_ 5 #ifndef NET_BASE_X509_CERTIFICATE_H_
6 #define NET_BASE_X509_CERTIFICATE_H_ 6 #define NET_BASE_X509_CERTIFICATE_H_
7 #pragma once 7 #pragma once
8 8
9 #include <string.h> 9 #include <string.h>
10 10
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
67 typedef X509* OSCertHandle; 67 typedef X509* OSCertHandle;
68 #elif defined(USE_NSS) 68 #elif defined(USE_NSS)
69 typedef struct CERTCertificateStr* OSCertHandle; 69 typedef struct CERTCertificateStr* OSCertHandle;
70 #else 70 #else
71 // TODO(ericroman): not implemented 71 // TODO(ericroman): not implemented
72 typedef void* OSCertHandle; 72 typedef void* OSCertHandle;
73 #endif 73 #endif
74 74
75 typedef std::vector<OSCertHandle> OSCertHandles; 75 typedef std::vector<OSCertHandle> OSCertHandles;
76 76
77 enum PublicKeyType {
78 kPublicKeyTypeUnknown,
79 kPublicKeyTypeRSA,
80 kPublicKeyTypeDSA,
81 kPublicKeyTypeECDSA,
82 kPublicKeyTypeDH,
83 kPublicKeyTypeECDH
84 };
85
77 // Predicate functor used in maps when X509Certificate is used as the key. 86 // Predicate functor used in maps when X509Certificate is used as the key.
78 class NET_EXPORT LessThan { 87 class NET_EXPORT LessThan {
79 public: 88 public:
80 bool operator() (X509Certificate* lhs, X509Certificate* rhs) const; 89 bool operator() (X509Certificate* lhs, X509Certificate* rhs) const;
81 }; 90 };
82 91
83 enum VerifyFlags { 92 enum VerifyFlags {
84 VERIFY_REV_CHECKING_ENABLED = 1 << 0, 93 VERIFY_REV_CHECKING_ENABLED = 1 << 0,
85 VERIFY_EV_CERT = 1 << 1, 94 VERIFY_EV_CERT = 1 << 1,
86 }; 95 };
(...skipping 310 matching lines...) Expand 10 before | Expand all | Expand 10 after
397 static bool GetPEMEncoded(OSCertHandle cert_handle, 406 static bool GetPEMEncoded(OSCertHandle cert_handle,
398 std::string* pem_encoded); 407 std::string* pem_encoded);
399 408
400 // Encodes the entire certificate chain (this certificate and any 409 // Encodes the entire certificate chain (this certificate and any
401 // intermediate certificates stored in |intermediate_ca_certs_|) as a series 410 // intermediate certificates stored in |intermediate_ca_certs_|) as a series
402 // of PEM encoded strings. Returns true if all certificates were encoded, 411 // of PEM encoded strings. Returns true if all certificates were encoded,
403 // storig the result in |*pem_encoded|, with this certificate stored as 412 // storig the result in |*pem_encoded|, with this certificate stored as
404 // the first element. 413 // the first element.
405 bool GetPEMEncodedChain(std::vector<std::string>* pem_encoded) const; 414 bool GetPEMEncodedChain(std::vector<std::string>* pem_encoded) const;
406 415
416 // Returns the length of the public key in bits.
wtc 2011/11/17 02:52:18 Document that the public key type is also returned
417 static void GetPublicKeyInfo(OSCertHandle cert_handle,
418 size_t* size_bits,
419 PublicKeyType* type);
420
407 // Returns the OSCertHandle of this object. Because of caching, this may 421 // Returns the OSCertHandle of this object. Because of caching, this may
408 // differ from the OSCertHandle originally supplied during initialization. 422 // differ from the OSCertHandle originally supplied during initialization.
409 // Note: On Windows, CryptoAPI may return unexpected results if this handle 423 // Note: On Windows, CryptoAPI may return unexpected results if this handle
410 // is used across multiple threads. For more details, see 424 // is used across multiple threads. For more details, see
411 // CreateOSCertChainForCert(). 425 // CreateOSCertChainForCert().
412 OSCertHandle os_cert_handle() const { return cert_handle_; } 426 OSCertHandle os_cert_handle() const { return cert_handle_; }
413 427
414 // Returns true if two OSCertHandles refer to identical certificates. 428 // Returns true if two OSCertHandles refer to identical certificates.
415 static bool IsSameOSCert(OSCertHandle a, OSCertHandle b); 429 static bool IsSameOSCert(OSCertHandle a, OSCertHandle b);
416 430
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after
559 // (Marked mutable because it's used in a const method.) 573 // (Marked mutable because it's used in a const method.)
560 mutable base::Lock verification_lock_; 574 mutable base::Lock verification_lock_;
561 #endif 575 #endif
562 576
563 DISALLOW_COPY_AND_ASSIGN(X509Certificate); 577 DISALLOW_COPY_AND_ASSIGN(X509Certificate);
564 }; 578 };
565 579
566 } // namespace net 580 } // namespace net
567 581
568 #endif // NET_BASE_X509_CERTIFICATE_H_ 582 #endif // NET_BASE_X509_CERTIFICATE_H_
OLDNEW
« net/base/net_error_list.h ('K') | « net/base/net_error_list.h ('k') | net/base/x509_certificate.cc » ('j') | net/base/x509_certificate.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698