net/base/crl_set.h - Issue 9149010: net: allow CRLSets to block specific SPKIs.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/crl_set.h

Issue 9149010: net: allow CRLSets to block specific SPKIs. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: ... Created 8 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/base/crl_set.h

diff --git a/net/base/crl_set.h b/net/base/crl_set.h

index a41cf0c392a0cabb6e0018c1a59fbc5cab9885dc..e20e28d73d271424baf1ee425622359fcf140abb 100644

--- a/net/base/crl_set.h

+++ b/net/base/crl_set.h

@@ -17,6 +17,10 @@

#include "base/time.h"

#include "net/base/net_export.h"

+namespace base {

+class DictionaryValue;

namespace net {

// A CRLSet is a structure that lists the serial numbers of revoked

@@ -37,12 +41,16 @@ class NET_EXPORT CRLSet : public base::RefCountedThreadSafe<CRLSet> {

static bool Parse(base::StringPiece data,

scoped_refptr<CRLSet>* out_crl_set);

- // CheckCertificate returns the information contained in the set for a given

+ // CheckSPKI checks whether the given SPKI has been listed as blocked.

+ // spki_hash: the SHA256 of the SubjectPublicKeyInfo of the certificate.

+ Result CheckSPKI(const base::StringPiece& spki_hash) const;

+ // CheckSerial returns the information contained in the set for a given

// certificate:

// serial_number: the serial number of the certificate

// issuer_spki_hash: the SHA256 of the SubjectPublicKeyInfo of the CRL

// signer

- Result CheckCertificate(

+ Result CheckSerial(

const base::StringPiece& serial_number,

const base::StringPiece& issuer_spki_hash) const;

@@ -78,7 +86,9 @@ class NET_EXPORT CRLSet : public base::RefCountedThreadSafe<CRLSet> {

private:

CRLSet();

- static CRLSet* CRLSetFromHeader(base::StringPiece header);

+ // CopyBlockedSPKIsFromHeader sets |blocked_spkis_| to the list of values

+ // from "BlockedSPKIs" in |header_dict|.

+ bool CopyBlockedSPKIsFromHeader(base::DictionaryValue* header_dict);

uint32 sequence_;

CRLList crls_;

@@ -87,6 +97,9 @@ class NET_EXPORT CRLSet : public base::RefCountedThreadSafe<CRLSet> {

// and |crls_index_by_issuer_| because, when applying a delta update, we need

// to identify a CRL by index.

std::map<std::string, size_t> crls_index_by_issuer_;

+ // blocked_spkis_ contains the SHA256 hashes of SPKIs which are to be blocked

+ // no matter where in a certificate chain they might appear.

+ std::vector<std::string> blocked_spkis_;

};

} // namespace net

« no previous file with comments | « crypto/sha2.cc ('k') | net/base/crl_set.cc » ('j') | no next file with comments »