| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // public_key_hashes_check.go runs tests on public_key_hashes.h. It's not run | 5 // public_key_hashes_check.go runs tests on public_key_hashes.h. It's not run |
| 6 // automatically, but rather as part of the process of manually updating | 6 // automatically, but rather as part of the process of manually updating |
| 7 // public_key_hashes.h | 7 // public_key_hashes.h |
| 8 // | 8 // |
| 9 // It verifies that each hash in the file is correct given the preceeding | 9 // It verifies that each hash in the file is correct given the preceeding |
| 10 // certificate and that the name of the variable matches the name given in the | 10 // certificate and that the name of the variable matches the name given in the |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 46 // the given CN. | 46 // the given CN. |
| 47 func matchNames(name, v string) error { | 47 func matchNames(name, v string) error { |
| 48 words := strings.Split(name, " ") | 48 words := strings.Split(name, " ") |
| 49 if len(words) == 0 { | 49 if len(words) == 0 { |
| 50 return errors.New("No words in certificate name") | 50 return errors.New("No words in certificate name") |
| 51 } | 51 } |
| 52 firstWord := words[0] | 52 firstWord := words[0] |
| 53 if strings.HasSuffix(firstWord, ",") { | 53 if strings.HasSuffix(firstWord, ",") { |
| 54 firstWord = firstWord[:len(firstWord)-1] | 54 firstWord = firstWord[:len(firstWord)-1] |
| 55 } | 55 } |
| 56 if pos := strings.Index(firstWord, "."); pos != -1 { |
| 57 firstWord = firstWord[:pos] |
| 58 } |
| 59 if pos := strings.Index(firstWord, "-"); pos != -1 { |
| 60 firstWord = firstWord[:pos] |
| 61 } |
| 56 if !strings.HasPrefix(v, firstWord) { | 62 if !strings.HasPrefix(v, firstWord) { |
| 57 return errors.New("The first word of the certificate name isn't
a prefix of the variable name") | 63 return errors.New("The first word of the certificate name isn't
a prefix of the variable name") |
| 58 } | 64 } |
| 59 | 65 |
| 60 for i, word := range words { | 66 for i, word := range words { |
| 61 if word == "Class" && i+1 < len(words) { | 67 if word == "Class" && i+1 < len(words) { |
| 62 if strings.Index(v, word+words[i+1]) == -1 { | 68 if strings.Index(v, word+words[i+1]) == -1 { |
| 63 return errors.New("Class specification doesn't a
ppear in the variable name") | 69 return errors.New("Class specification doesn't a
ppear in the variable name") |
| 64 } | 70 } |
| 65 } else if len(word) == 1 && word[0] >= '0' && word[0] <= '9' { | 71 } else if len(word) == 1 && word[0] >= '0' && word[0] <= '9' { |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 128 cert = append(cert, newLine...) | 134 cert = append(cert, newLine...) |
| 129 case POSTDECL: | 135 case POSTDECL: |
| 130 trimmed := bytes.TrimSpace(line) | 136 trimmed := bytes.TrimSpace(line) |
| 131 if len(trimmed) < 8 || !bytes.HasPrefix(trimmed, []byte(
"\"sha1/")) { | 137 if len(trimmed) < 8 || !bytes.HasPrefix(trimmed, []byte(
"\"sha1/")) { |
| 132 fmt.Fprintf(os.Stderr, "Line %d is immediately a
fter a declation, but failed to find a hash on it\n", lineNo) | 138 fmt.Fprintf(os.Stderr, "Line %d is immediately a
fter a declation, but failed to find a hash on it\n", lineNo) |
| 133 return | 139 return |
| 134 } | 140 } |
| 135 trimmed = trimmed[6 : len(trimmed)-2] | 141 trimmed = trimmed[6 : len(trimmed)-2] |
| 136 h := sha1.New() | 142 h := sha1.New() |
| 137 h.Write(x509Cert.RawSubjectPublicKeyInfo) | 143 h.Write(x509Cert.RawSubjectPublicKeyInfo) |
| 138 » » » shouldBe := base64.StdEncoding.EncodeToString(h.Sum()) | 144 » » » shouldBe := base64.StdEncoding.EncodeToString(h.Sum(nil)
) |
| 139 if shouldBe != string(trimmed) { | 145 if shouldBe != string(trimmed) { |
| 140 fmt.Fprintf(os.Stderr, "Line %d: hash should be
%s, but found %s\n", lineNo, shouldBe, trimmed) | 146 fmt.Fprintf(os.Stderr, "Line %d: hash should be
%s, but found %s\n", lineNo, shouldBe, trimmed) |
| 141 return | 147 return |
| 142 } | 148 } |
| 143 if _, ok := seenHashes[shouldBe]; ok { | 149 if _, ok := seenHashes[shouldBe]; ok { |
| 144 fmt.Fprintf(os.Stderr, "Line %d: duplicated hash
\n", lineNo) | 150 fmt.Fprintf(os.Stderr, "Line %d: duplicated hash
\n", lineNo) |
| 145 return | 151 return |
| 146 } | 152 } |
| 147 seenHashes[shouldBe] = true | 153 seenHashes[shouldBe] = true |
| 148 state = PRECERT | 154 state = PRECERT |
| (...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 220 state = POSTDECL | 226 state = POSTDECL |
| 221 case POSTDECL: | 227 case POSTDECL: |
| 222 fmt.Fprintf(os.Stderr, "Found declation at line
%d, but missed the hash value of the previous one\n", lineNo) | 228 fmt.Fprintf(os.Stderr, "Found declation at line
%d, but missed the hash value of the previous one\n", lineNo) |
| 223 return | 229 return |
| 224 default: | 230 default: |
| 225 panic("bad state") | 231 panic("bad state") |
| 226 } | 232 } |
| 227 } | 233 } |
| 228 } | 234 } |
| 229 } | 235 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8770048:
net: reenable Twitter's public key pins with api.twitter.com using the CDN pins. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src