Chromium Code Reviews Chromium Code Reviews
Issue 9415040:
Refactor TransportSecurityState. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| Index: net/base/x509_certificate.h |
| =================================================================== |
| --- net/base/x509_certificate.h (revision 126245) |
| +++ net/base/x509_certificate.h (working copy) |
| @@ -243,6 +243,10 @@ |
| return ca_fingerprint_; |
| } |
| + // Parses |cert|'s Subject Public Key Info structure, hashes it, and |
| + // returns the hash. |
| + const SHA1Fingerprint GetPublicKeyHash() const; |
|
Ryan Sleevi
2012/03/15 03:51:15
No need to "const SHA1Fingerprint" since you're re
palmer
2012/03/19 23:37:52
Done.
|
| + |
| // Gets the DNS names in the certificate. Pursuant to RFC 2818, Section 3.1 |
| // Server Identity, if the certificate has a subjectAltName extension of |
| // type dNSName, this method gets the DNS names in that extension. |
| @@ -561,6 +565,18 @@ |
| // Writes a single certificate to |pickle|. Returns false on failure. |
| static bool WriteOSCertHandleToPickle(OSCertHandle handle, Pickle* pickle); |
| + // Parses |side_info| as a side pin. If successful, returns true and |
| + // appends the hash of the public key that signed |leaf_spki| to |
| + // |*out_pub_key_hash|. |
| + // |
| + // A side pin is a way for a site to sign their public key with a key that |
| + // is offline but still controlled by them. |
| + // |
| + // TODO(agl): Document the format of a side pin. |
| + static bool ParseSidePin(const base::StringPiece& leaf_spki, |
| + const base::StringPiece& side_info, |
| + FingerprintVector* out_pub_key_hash); |
|
Ryan Sleevi
2012/03/15 03:51:15
So I think this would be better in TSS (or somethi
palmer
2012/03/19 23:37:52
Done.
agl
2012/03/20 22:12:59
Note: this side pinning stuff was just a roadmap f
palmer
2012/03/22 16:39:00
Done.
|
| + |
| // The subject of the certificate. |
| CertPrincipal subject_; |
