Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(324)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: ios/web/net/cert_policy.cc

Issue 2000503002: Remove the fingerprint and ca_fingerprint from X509Certificate (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@move_cache
Patch Set: Fix IDN test Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « ios/web/net/cert_host_pair_unittest.cc ('k') | ios/web/net/cert_store_impl.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "ios/web/public/cert_policy.h" 5 #include "ios/web/public/cert_policy.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "net/cert/x509_certificate.h" 8 #include "net/cert/x509_certificate.h"
9 9
10 namespace web { 10 namespace web {
11 11
12 CertPolicy::CertPolicy() { 12 CertPolicy::CertPolicy() {
13 } 13 }
14 14
15 CertPolicy::~CertPolicy() { 15 CertPolicy::~CertPolicy() {
16 } 16 }
17 17
18 // We consider a given |cert| to be a match to a saved allowed cert if the 18 // We consider a given |cert| to be a match to a saved allowed cert if the
19 // |error| is an exact match to or subset of the errors in the saved CertStatus. 19 // |error| is an exact match to or subset of the errors in the saved CertStatus.
20 CertPolicy::Judgment CertPolicy::Check(net::X509Certificate* cert, 20 CertPolicy::Judgment CertPolicy::Check(net::X509Certificate* cert,
21 net::CertStatus error) const { 21 net::CertStatus error) const {
22 std::map<net::SHA1HashValue, 22 auto allowed_iter =
23 net::CertStatus, 23 allowed_.find(net::X509Certificate::CalculateChainFingerprint256(
24 net::SHA1HashValueLessThan>::const_iterator allowed_iter = 24 cert->os_cert_handle(), cert->GetIntermediateCertificates()));
25 allowed_.find(cert->fingerprint());
26 if ((allowed_iter != allowed_.end()) && (allowed_iter->second & error) && 25 if ((allowed_iter != allowed_.end()) && (allowed_iter->second & error) &&
27 !(~(allowed_iter->second & error) ^ ~error)) { 26 !(~(allowed_iter->second & error) ^ ~error)) {
28 return ALLOWED; 27 return ALLOWED;
29 } 28 }
30 return UNKNOWN; // We don't have a policy for this cert. 29 return UNKNOWN; // We don't have a policy for this cert.
31 } 30 }
32 31
33 void CertPolicy::Allow(net::X509Certificate* cert, net::CertStatus error) { 32 void CertPolicy::Allow(net::X509Certificate* cert, net::CertStatus error) {
34 // If this same cert had already been saved with a different error status, 33 // If this same cert had already been saved with a different error status,
35 // this will replace it with the new error status. 34 // this will replace it with the new error status.
36 allowed_[cert->fingerprint()] = error; 35 allowed_[net::X509Certificate::CalculateChainFingerprint256(
36 cert->os_cert_handle(), cert->GetIntermediateCertificates())] = error;
37 } 37 }
38 38
39 } // namespace web 39 } // namespace web
OLDNEW
« no previous file with comments | « ios/web/net/cert_host_pair_unittest.cc ('k') | ios/web/net/cert_store_impl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698