Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(401)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_win.cc

Issue 2000503002: Remove the fingerprint and ca_fingerprint from X509Certificate (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@move_cache
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/cert_verify_proc_unittest.cc ('K') | « net/cert/cert_verify_proc_unittest.cc ('k') | net/cert/x509_certificate.h » ('j') | net/cert/x509_certificate.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc_win.h" 5 #include "net/cert/cert_verify_proc_win.h"
6 6
7 #include <memory> 7 #include <memory>
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
(...skipping 594 matching lines...) Expand 10 before | Expand all | Expand 10 after
605 // Check the end certificate simple chain (chain_context->rgpChain[0]). 605 // Check the end certificate simple chain (chain_context->rgpChain[0]).
606 // If the end certificate's certificatePolicies extension contains the 606 // If the end certificate's certificatePolicies extension contains the
607 // EV policy OID of the root CA, return true. 607 // EV policy OID of the root CA, return true.
608 PCERT_CHAIN_ELEMENT* element = chain_context->rgpChain[0]->rgpElement; 608 PCERT_CHAIN_ELEMENT* element = chain_context->rgpChain[0]->rgpElement;
609 int num_elements = chain_context->rgpChain[0]->cElement; 609 int num_elements = chain_context->rgpChain[0]->cElement;
610 if (num_elements < 2) 610 if (num_elements < 2)
611 return false; 611 return false;
612 612
613 // Look up the EV policy OID of the root CA. 613 // Look up the EV policy OID of the root CA.
614 PCCERT_CONTEXT root_cert = element[num_elements - 1]->pCertContext; 614 PCCERT_CONTEXT root_cert = element[num_elements - 1]->pCertContext;
615 SHA1HashValue fingerprint = 615 SHA1HashValue weak_fingerprint;
616 X509Certificate::CalculateFingerprint(root_cert); 616 base::SHA1HashBytes(root_cert->pbCertEncoded, root_cert->dwCertEncoded,
617 weak_fingerprint.data);
617 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance(); 618 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance();
618 return metadata->HasEVPolicyOID(fingerprint, policy_oid); 619 return metadata->HasEVPolicyOID(weak_fingerprint, policy_oid);
619 } 620 }
620 621
621 // Custom revocation provider function that compares incoming certificates with 622 // Custom revocation provider function that compares incoming certificates with
622 // those in CRLSets. This is called BEFORE the default CRL & OCSP handling 623 // those in CRLSets. This is called BEFORE the default CRL & OCSP handling
623 // is invoked (which is handled by the revocation provider function 624 // is invoked (which is handled by the revocation provider function
624 // "CertDllVerifyRevocation" in cryptnet.dll) 625 // "CertDllVerifyRevocation" in cryptnet.dll)
625 BOOL WINAPI 626 BOOL WINAPI
626 CertDllVerifyRevocationWithCRLSet(DWORD encoding_type, 627 CertDllVerifyRevocationWithCRLSet(DWORD encoding_type,
627 DWORD revocation_type, 628 DWORD revocation_type,
628 DWORD num_contexts, 629 DWORD num_contexts,
(...skipping 515 matching lines...) Expand 10 before | Expand all | Expand 10 after
1144 return MapCertStatusToNetError(verify_result->cert_status); 1145 return MapCertStatusToNetError(verify_result->cert_status);
1145 1146
1146 if (ev_policy_oid && 1147 if (ev_policy_oid &&
1147 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) { 1148 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) {
1148 verify_result->cert_status |= CERT_STATUS_IS_EV; 1149 verify_result->cert_status |= CERT_STATUS_IS_EV;
1149 } 1150 }
1150 return OK; 1151 return OK;
1151 } 1152 }
1152 1153
1153 } // namespace net 1154 } // namespace net
OLDNEW
« net/cert/cert_verify_proc_unittest.cc ('K') | « net/cert/cert_verify_proc_unittest.cc ('k') | net/cert/x509_certificate.h » ('j') | net/cert/x509_certificate.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698