OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "blimp/net/exact_match_cert_verifier.h" | |
6 | |
7 #include "base/callback.h" | |
8 #include "base/macros.h" | |
9 #include "base/memory/scoped_ptr.h" | |
10 #include "net/base/net_errors.h" | |
11 #include "net/cert/cert_verifier.h" | |
12 #include "net/cert/cert_verify_result.h" | |
13 #include "net/cert/x509_certificate.h" | |
14 | |
15 namespace blimp { | |
16 | |
17 ExactMatchCertVerifier::ExactMatchCertVerifier( | |
18 scoped_refptr<net::X509Certificate> engine_cert) | |
19 : engine_cert_(std::move(engine_cert)) {} | |
20 | |
21 ExactMatchCertVerifier::~ExactMatchCertVerifier() {} | |
22 | |
23 int ExactMatchCertVerifier::Verify(net::X509Certificate* cert, | |
24 const std::string& hostname, | |
25 const std::string& ocsp_response, | |
26 int flags, | |
27 net::CRLSet* crl_set, | |
28 net::CertVerifyResult* verify_result, | |
29 const net::CompletionCallback& callback, | |
30 scoped_ptr<Request>* out_req, | |
31 const net::BoundNetLog& net_log) { | |
32 verify_result->Reset(); | |
33 verify_result->verified_cert = cert; | |
34 | |
35 if (!cert->Equals(engine_cert_.get())) { | |
Ryan Sleevi
2016/02/25 22:16:25
One thing worth noting: X509Certificate::Equals on
Kevin M
2016/02/26 00:30:04
Yep, that makes sense. Done.
| |
36 verify_result->cert_status = net::CERT_STATUS_INVALID; | |
37 return net::ERR_CERT_INVALID; | |
38 } | |
39 | |
40 // Attach hashes of |cert| to VerifyResult. | |
41 net::SHA1HashValue sha1_hash; | |
42 sha1_hash = | |
43 net::X509Certificate::CalculateFingerprint(cert->os_cert_handle()); | |
44 verify_result->public_key_hashes.push_back(net::HashValue(sha1_hash)); | |
45 | |
46 net::SHA256HashValue sha256_hash; | |
47 sha256_hash = | |
48 net::X509Certificate::CalculateFingerprint256(cert->os_cert_handle()); | |
49 verify_result->public_key_hashes.push_back(net::HashValue(sha256_hash)); | |
Ryan Sleevi
2016/02/25 22:16:25
FWIW, since |cert->os_cert_handle()| will always b
Kevin M
2016/02/26 00:30:04
Done.
| |
50 | |
51 return net::OK; | |
52 } | |
53 | |
54 } // namespace blimp | |
OLD | NEW |