Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(141)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate.h

Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/net_error_list.h ('k') | net/base/x509_certificate.cc » ('j') | net/base/x509_certificate.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_BASE_X509_CERTIFICATE_H_ 5 #ifndef NET_BASE_X509_CERTIFICATE_H_
6 #define NET_BASE_X509_CERTIFICATE_H_ 6 #define NET_BASE_X509_CERTIFICATE_H_
7 #pragma once 7 #pragma once
8 8
9 #include <string.h> 9 #include <string.h>
10 10
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
66 typedef X509* OSCertHandle; 66 typedef X509* OSCertHandle;
67 #elif defined(USE_NSS) 67 #elif defined(USE_NSS)
68 typedef struct CERTCertificateStr* OSCertHandle; 68 typedef struct CERTCertificateStr* OSCertHandle;
69 #else 69 #else
70 // TODO(ericroman): not implemented 70 // TODO(ericroman): not implemented
71 typedef void* OSCertHandle; 71 typedef void* OSCertHandle;
72 #endif 72 #endif
73 73
74 typedef std::vector<OSCertHandle> OSCertHandles; 74 typedef std::vector<OSCertHandle> OSCertHandles;
75 75
76 enum PublicKeyType {
77 kPublicKeyTypeUnknown,
78 kPublicKeyTypeRSA,
79 kPublicKeyTypeDSA,
80 kPublicKeyTypeECDSA,
81 kPublicKeyTypeDH,
82 kPublicKeyTypeECDH
83 };
84
76 // Predicate functor used in maps when X509Certificate is used as the key. 85 // Predicate functor used in maps when X509Certificate is used as the key.
77 class NET_EXPORT LessThan { 86 class NET_EXPORT LessThan {
78 public: 87 public:
79 bool operator() (X509Certificate* lhs, X509Certificate* rhs) const; 88 bool operator() (X509Certificate* lhs, X509Certificate* rhs) const;
80 }; 89 };
81 90
82 enum VerifyFlags { 91 enum VerifyFlags {
83 VERIFY_REV_CHECKING_ENABLED = 1 << 0, 92 VERIFY_REV_CHECKING_ENABLED = 1 << 0,
84 VERIFY_EV_CERT = 1 << 1, 93 VERIFY_EV_CERT = 1 << 1,
85 }; 94 };
(...skipping 310 matching lines...) Expand 10 before | Expand all | Expand 10 after
396 static bool GetPEMEncoded(OSCertHandle cert_handle, 405 static bool GetPEMEncoded(OSCertHandle cert_handle,
397 std::string* pem_encoded); 406 std::string* pem_encoded);
398 407
399 // Encodes the entire certificate chain (this certificate and any 408 // Encodes the entire certificate chain (this certificate and any
400 // intermediate certificates stored in |intermediate_ca_certs_|) as a series 409 // intermediate certificates stored in |intermediate_ca_certs_|) as a series
401 // of PEM encoded strings. Returns true if all certificates were encoded, 410 // of PEM encoded strings. Returns true if all certificates were encoded,
402 // storig the result in |*pem_encoded|, with this certificate stored as 411 // storig the result in |*pem_encoded|, with this certificate stored as
403 // the first element. 412 // the first element.
404 bool GetPEMEncodedChain(std::vector<std::string>* pem_encoded) const; 413 bool GetPEMEncodedChain(std::vector<std::string>* pem_encoded) const;
405 414
415 // Returns the length of the public key in bits.
Ryan Sleevi 2011/12/13 05:45:35 nit: This comment doesn't really return anything.
416 static void GetPublicKeyInfo(OSCertHandle cert_handle,
417 size_t* size_bits,
418 PublicKeyType* type);
419
406 // Returns the OSCertHandle of this object. Because of caching, this may 420 // Returns the OSCertHandle of this object. Because of caching, this may
407 // differ from the OSCertHandle originally supplied during initialization. 421 // differ from the OSCertHandle originally supplied during initialization.
408 // Note: On Windows, CryptoAPI may return unexpected results if this handle 422 // Note: On Windows, CryptoAPI may return unexpected results if this handle
409 // is used across multiple threads. For more details, see 423 // is used across multiple threads. For more details, see
410 // CreateOSCertChainForCert(). 424 // CreateOSCertChainForCert().
411 OSCertHandle os_cert_handle() const { return cert_handle_; } 425 OSCertHandle os_cert_handle() const { return cert_handle_; }
412 426
413 // Returns true if two OSCertHandles refer to identical certificates. 427 // Returns true if two OSCertHandles refer to identical certificates.
414 static bool IsSameOSCert(OSCertHandle a, OSCertHandle b); 428 static bool IsSameOSCert(OSCertHandle a, OSCertHandle b);
415 429
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after
558 // (Marked mutable because it's used in a const method.) 572 // (Marked mutable because it's used in a const method.)
559 mutable base::Lock verification_lock_; 573 mutable base::Lock verification_lock_;
560 #endif 574 #endif
561 575
562 DISALLOW_COPY_AND_ASSIGN(X509Certificate); 576 DISALLOW_COPY_AND_ASSIGN(X509Certificate);
563 }; 577 };
564 578
565 } // namespace net 579 } // namespace net
566 580
567 #endif // NET_BASE_X509_CERTIFICATE_H_ 581 #endif // NET_BASE_X509_CERTIFICATE_H_
OLDNEW
« no previous file with comments | « net/base/net_error_list.h ('k') | net/base/x509_certificate.cc » ('j') | net/base/x509_certificate.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698