Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(79)

Side by Side Diff: net/base/public_key_hashes_check.go

Issue 8770048: net: reenable Twitter's public key pins with api.twitter.com using the CDN pins. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 9 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/public_key_hashes.h ('k') | net/base/transport_security_state.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // public_key_hashes_check.go runs tests on public_key_hashes.h. It's not run 5 // public_key_hashes_check.go runs tests on public_key_hashes.h. It's not run
6 // automatically, but rather as part of the process of manually updating 6 // automatically, but rather as part of the process of manually updating
7 // public_key_hashes.h 7 // public_key_hashes.h
8 // 8 //
9 // It verifies that each hash in the file is correct given the preceeding 9 // It verifies that each hash in the file is correct given the preceeding
10 // certificate and that the name of the variable matches the name given in the 10 // certificate and that the name of the variable matches the name given in the
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after
46 // the given CN. 46 // the given CN.
47 func matchNames(name, v string) error { 47 func matchNames(name, v string) error {
48 words := strings.Split(name, " ") 48 words := strings.Split(name, " ")
49 if len(words) == 0 { 49 if len(words) == 0 {
50 return errors.New("No words in certificate name") 50 return errors.New("No words in certificate name")
51 } 51 }
52 firstWord := words[0] 52 firstWord := words[0]
53 if strings.HasSuffix(firstWord, ",") { 53 if strings.HasSuffix(firstWord, ",") {
54 firstWord = firstWord[:len(firstWord)-1] 54 firstWord = firstWord[:len(firstWord)-1]
55 } 55 }
56 if pos := strings.Index(firstWord, "."); pos != -1 {
57 firstWord = firstWord[:pos]
58 }
59 if pos := strings.Index(firstWord, "-"); pos != -1 {
60 firstWord = firstWord[:pos]
61 }
56 if !strings.HasPrefix(v, firstWord) { 62 if !strings.HasPrefix(v, firstWord) {
57 return errors.New("The first word of the certificate name isn't a prefix of the variable name") 63 return errors.New("The first word of the certificate name isn't a prefix of the variable name")
58 } 64 }
59 65
60 for i, word := range words { 66 for i, word := range words {
61 if word == "Class" && i+1 < len(words) { 67 if word == "Class" && i+1 < len(words) {
62 if strings.Index(v, word+words[i+1]) == -1 { 68 if strings.Index(v, word+words[i+1]) == -1 {
63 return errors.New("Class specification doesn't a ppear in the variable name") 69 return errors.New("Class specification doesn't a ppear in the variable name")
64 } 70 }
65 } else if len(word) == 1 && word[0] >= '0' && word[0] <= '9' { 71 } else if len(word) == 1 && word[0] >= '0' && word[0] <= '9' {
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after
128 cert = append(cert, newLine...) 134 cert = append(cert, newLine...)
129 case POSTDECL: 135 case POSTDECL:
130 trimmed := bytes.TrimSpace(line) 136 trimmed := bytes.TrimSpace(line)
131 if len(trimmed) < 8 || !bytes.HasPrefix(trimmed, []byte( "\"sha1/")) { 137 if len(trimmed) < 8 || !bytes.HasPrefix(trimmed, []byte( "\"sha1/")) {
132 fmt.Fprintf(os.Stderr, "Line %d is immediately a fter a declation, but failed to find a hash on it\n", lineNo) 138 fmt.Fprintf(os.Stderr, "Line %d is immediately a fter a declation, but failed to find a hash on it\n", lineNo)
133 return 139 return
134 } 140 }
135 trimmed = trimmed[6 : len(trimmed)-2] 141 trimmed = trimmed[6 : len(trimmed)-2]
136 h := sha1.New() 142 h := sha1.New()
137 h.Write(x509Cert.RawSubjectPublicKeyInfo) 143 h.Write(x509Cert.RawSubjectPublicKeyInfo)
138 » » » shouldBe := base64.StdEncoding.EncodeToString(h.Sum()) 144 » » » shouldBe := base64.StdEncoding.EncodeToString(h.Sum(nil) )
139 if shouldBe != string(trimmed) { 145 if shouldBe != string(trimmed) {
140 fmt.Fprintf(os.Stderr, "Line %d: hash should be %s, but found %s\n", lineNo, shouldBe, trimmed) 146 fmt.Fprintf(os.Stderr, "Line %d: hash should be %s, but found %s\n", lineNo, shouldBe, trimmed)
141 return 147 return
142 } 148 }
143 if _, ok := seenHashes[shouldBe]; ok { 149 if _, ok := seenHashes[shouldBe]; ok {
144 fmt.Fprintf(os.Stderr, "Line %d: duplicated hash \n", lineNo) 150 fmt.Fprintf(os.Stderr, "Line %d: duplicated hash \n", lineNo)
145 return 151 return
146 } 152 }
147 seenHashes[shouldBe] = true 153 seenHashes[shouldBe] = true
148 state = PRECERT 154 state = PRECERT
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after
220 state = POSTDECL 226 state = POSTDECL
221 case POSTDECL: 227 case POSTDECL:
222 fmt.Fprintf(os.Stderr, "Found declation at line %d, but missed the hash value of the previous one\n", lineNo) 228 fmt.Fprintf(os.Stderr, "Found declation at line %d, but missed the hash value of the previous one\n", lineNo)
223 return 229 return
224 default: 230 default:
225 panic("bad state") 231 panic("bad state")
226 } 232 }
227 } 233 }
228 } 234 }
229 } 235 }
OLDNEW
« no previous file with comments | « net/base/public_key_hashes.h ('k') | net/base/transport_security_state.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698