| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc_win.h" | 5 #include "net/cert/cert_verify_proc_win.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
| (...skipping 423 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 434 base::StringPiece spki; | 434 base::StringPiece spki; |
| 435 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki)) { | 435 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki)) { |
| 436 NOTREACHED(); | 436 NOTREACHED(); |
| 437 error = true; | 437 error = true; |
| 438 continue; | 438 continue; |
| 439 } | 439 } |
| 440 | 440 |
| 441 const std::string spki_hash = crypto::SHA256HashString(spki); | 441 const std::string spki_hash = crypto::SHA256HashString(spki); |
| 442 | 442 |
| 443 const CRYPT_INTEGER_BLOB* serial_blob = &cert->pCertInfo->SerialNumber; | 443 const CRYPT_INTEGER_BLOB* serial_blob = &cert->pCertInfo->SerialNumber; |
| 444 scoped_ptr<uint8[]> serial_bytes(new uint8[serial_blob->cbData]); | 444 scoped_ptr<uint8_t[]> serial_bytes(new uint8_t[serial_blob->cbData]); |
| 445 // The bytes of the serial number are stored little-endian. | 445 // The bytes of the serial number are stored little-endian. |
| 446 for (unsigned j = 0; j < serial_blob->cbData; j++) | 446 for (unsigned j = 0; j < serial_blob->cbData; j++) |
| 447 serial_bytes[j] = serial_blob->pbData[serial_blob->cbData - j - 1]; | 447 serial_bytes[j] = serial_blob->pbData[serial_blob->cbData - j - 1]; |
| 448 base::StringPiece serial(reinterpret_cast<const char*>(serial_bytes.get()), | 448 base::StringPiece serial(reinterpret_cast<const char*>(serial_bytes.get()), |
| 449 serial_blob->cbData); | 449 serial_blob->cbData); |
| 450 | 450 |
| 451 CRLSet::Result result = crl_set->CheckSPKI(spki_hash); | 451 CRLSet::Result result = crl_set->CheckSPKI(spki_hash); |
| 452 | 452 |
| 453 if (result != CRLSet::REVOKED && !issuer_spki_hash.empty()) | 453 if (result != CRLSet::REVOKED && !issuer_spki_hash.empty()) |
| 454 result = crl_set->CheckSerial(serial, issuer_spki_hash); | 454 result = crl_set->CheckSerial(serial, issuer_spki_hash); |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 489 PCCERT_CONTEXT cert = element[i]->pCertContext; | 489 PCCERT_CONTEXT cert = element[i]->pCertContext; |
| 490 | 490 |
| 491 base::StringPiece der_bytes( | 491 base::StringPiece der_bytes( |
| 492 reinterpret_cast<const char*>(cert->pbCertEncoded), | 492 reinterpret_cast<const char*>(cert->pbCertEncoded), |
| 493 cert->cbCertEncoded); | 493 cert->cbCertEncoded); |
| 494 base::StringPiece spki_bytes; | 494 base::StringPiece spki_bytes; |
| 495 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) | 495 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) |
| 496 continue; | 496 continue; |
| 497 | 497 |
| 498 HashValue sha1(HASH_VALUE_SHA1); | 498 HashValue sha1(HASH_VALUE_SHA1); |
| 499 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()), | 499 base::SHA1HashBytes(reinterpret_cast<const uint8_t*>(spki_bytes.data()), |
| 500 spki_bytes.size(), sha1.data()); | 500 spki_bytes.size(), sha1.data()); |
| 501 hashes->push_back(sha1); | 501 hashes->push_back(sha1); |
| 502 | 502 |
| 503 HashValue sha256(HASH_VALUE_SHA256); | 503 HashValue sha256(HASH_VALUE_SHA256); |
| 504 crypto::SHA256HashString(spki_bytes, sha256.data(), crypto::kSHA256Length); | 504 crypto::SHA256HashString(spki_bytes, sha256.data(), crypto::kSHA256Length); |
| 505 hashes->push_back(sha256); | 505 hashes->push_back(sha256); |
| 506 } | 506 } |
| 507 } | 507 } |
| 508 | 508 |
| 509 // Returns true if the certificate is an extended-validation certificate. | 509 // Returns true if the certificate is an extended-validation certificate. |
| (...skipping 315 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 825 return MapCertStatusToNetError(verify_result->cert_status); | 825 return MapCertStatusToNetError(verify_result->cert_status); |
| 826 | 826 |
| 827 if (ev_policy_oid && | 827 if (ev_policy_oid && |
| 828 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) { | 828 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) { |
| 829 verify_result->cert_status |= CERT_STATUS_IS_EV; | 829 verify_result->cert_status |= CERT_STATUS_IS_EV; |
| 830 } | 830 } |
| 831 return OK; | 831 return OK; |
| 832 } | 832 } |
| 833 | 833 |
| 834 } // namespace net | 834 } // namespace net |
| OLD | NEW |