| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #if defined(USE_OPENSSL) |
| 8 #include <openssl/ecdsa.h> |
| 9 #include <openssl/ssl.h> |
| 10 #else // !defined(USE_OPENSSL) |
| 11 #include <cryptohi.h> |
| 12 #include <hasht.h> |
| 13 #include <keyhi.h> |
| 14 #include <pk11pub.h> |
| 15 #include <nspr.h> |
| 16 #endif |
| 17 |
| 7 #include <stdlib.h> | 18 #include <stdlib.h> |
| 8 | 19 |
| 9 #include <algorithm> | 20 #include <algorithm> |
| 10 #include <map> | 21 #include <map> |
| 11 #include <string> | 22 #include <string> |
| 12 #include <vector> | 23 #include <vector> |
| 13 | 24 |
| 25 #include "net/base/asn1_util.h" |
| 14 #include "base/base64.h" | 26 #include "base/base64.h" |
| 15 #include "base/lazy_instance.h" | 27 #include "base/lazy_instance.h" |
| 16 #include "base/logging.h" | 28 #include "base/logging.h" |
| 17 #include "base/memory/singleton.h" | 29 #include "base/memory/singleton.h" |
| 18 #include "base/metrics/histogram.h" | 30 #include "base/metrics/histogram.h" |
| 19 #include "base/pickle.h" | 31 #include "base/pickle.h" |
| 20 #include "base/sha1.h" | 32 #include "base/sha1.h" |
| 21 #include "base/string_piece.h" | 33 #include "base/string_piece.h" |
| 22 #include "base/string_util.h" | 34 #include "base/string_util.h" |
| 23 #include "base/synchronization/lock.h" | 35 #include "base/synchronization/lock.h" |
| 24 #include "base/time.h" | 36 #include "base/time.h" |
| 37 #include "crypto/sha2.h" |
| 25 #include "googleurl/src/url_canon_ip.h" | 38 #include "googleurl/src/url_canon_ip.h" |
| 26 #include "net/base/net_util.h" | 39 #include "net/base/net_util.h" |
| 27 #include "net/base/pem_tokenizer.h" | 40 #include "net/base/pem_tokenizer.h" |
| 28 | 41 |
| 42 #if defined(USE_OPENSSL) |
| 43 #include "crypto/openssl_util.h" |
| 44 #endif |
| 45 |
| 29 namespace net { | 46 namespace net { |
| 30 | 47 |
| 31 namespace { | 48 namespace { |
| 32 | 49 |
| 33 // Indicates the order to use when trying to decode binary data, which is | 50 // Indicates the order to use when trying to decode binary data, which is |
| 34 // based on (speculation) as to what will be most common -> least common | 51 // based on (speculation) as to what will be most common -> least common |
| 35 const X509Certificate::Format kFormatDecodePriority[] = { | 52 const X509Certificate::Format kFormatDecodePriority[] = { |
| 36 X509Certificate::FORMAT_SINGLE_CERTIFICATE, | 53 X509Certificate::FORMAT_SINGLE_CERTIFICATE, |
| 37 X509Certificate::FORMAT_PKCS7 | 54 X509Certificate::FORMAT_PKCS7 |
| 38 }; | 55 }; |
| (...skipping 433 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 472 } | 489 } |
| 473 } | 490 } |
| 474 } | 491 } |
| 475 | 492 |
| 476 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { | 493 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { |
| 477 GetSubjectAltName(dns_names, NULL); | 494 GetSubjectAltName(dns_names, NULL); |
| 478 if (dns_names->empty()) | 495 if (dns_names->empty()) |
| 479 dns_names->push_back(subject_.common_name); | 496 dns_names->push_back(subject_.common_name); |
| 480 } | 497 } |
| 481 | 498 |
| 499 // static |
| 500 bool X509Certificate::GetPublicKeyHash(const OSCertHandle& cert, |
| 501 SHA1Fingerprint* fingerprint) { |
| 502 std::string der_bytes; |
| 503 if (!GetDEREncoded(cert, &der_bytes)) |
| 504 return false; |
| 505 |
| 506 base::StringPiece spki; |
| 507 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki)) |
| 508 return false; |
| 509 |
| 510 base::SHA1HashBytes(reinterpret_cast<const unsigned char*>(spki.data()), |
| 511 spki.size(), fingerprint->data); |
| 512 return true; |
| 513 } |
| 514 |
| 515 |
| 482 bool X509Certificate::HasExpired() const { | 516 bool X509Certificate::HasExpired() const { |
| 483 return base::Time::Now() > valid_expiry(); | 517 return base::Time::Now() > valid_expiry(); |
| 484 } | 518 } |
| 485 | 519 |
| 486 bool X509Certificate::Equals(const X509Certificate* other) const { | 520 bool X509Certificate::Equals(const X509Certificate* other) const { |
| 487 return IsSameOSCert(cert_handle_, other->cert_handle_); | 521 return IsSameOSCert(cert_handle_, other->cert_handle_); |
| 488 } | 522 } |
| 489 | 523 |
| 490 // static | 524 // static |
| 491 bool X509Certificate::VerifyHostname( | 525 bool X509Certificate::VerifyHostname( |
| (...skipping 190 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 682 RemoveFromCache(cert_handle_); | 716 RemoveFromCache(cert_handle_); |
| 683 FreeOSCertHandle(cert_handle_); | 717 FreeOSCertHandle(cert_handle_); |
| 684 } | 718 } |
| 685 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { | 719 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { |
| 686 RemoveFromCache(intermediate_ca_certs_[i]); | 720 RemoveFromCache(intermediate_ca_certs_[i]); |
| 687 FreeOSCertHandle(intermediate_ca_certs_[i]); | 721 FreeOSCertHandle(intermediate_ca_certs_[i]); |
| 688 } | 722 } |
| 689 } | 723 } |
| 690 | 724 |
| 691 } // namespace net | 725 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9415040:
Refactor TransportSecurityState. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/