OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc_win.h" | 5 #include "net/cert/cert_verify_proc_win.h" |
6 | 6 |
7 #include <memory> | 7 #include <memory> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 594 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
605 // Check the end certificate simple chain (chain_context->rgpChain[0]). | 605 // Check the end certificate simple chain (chain_context->rgpChain[0]). |
606 // If the end certificate's certificatePolicies extension contains the | 606 // If the end certificate's certificatePolicies extension contains the |
607 // EV policy OID of the root CA, return true. | 607 // EV policy OID of the root CA, return true. |
608 PCERT_CHAIN_ELEMENT* element = chain_context->rgpChain[0]->rgpElement; | 608 PCERT_CHAIN_ELEMENT* element = chain_context->rgpChain[0]->rgpElement; |
609 int num_elements = chain_context->rgpChain[0]->cElement; | 609 int num_elements = chain_context->rgpChain[0]->cElement; |
610 if (num_elements < 2) | 610 if (num_elements < 2) |
611 return false; | 611 return false; |
612 | 612 |
613 // Look up the EV policy OID of the root CA. | 613 // Look up the EV policy OID of the root CA. |
614 PCCERT_CONTEXT root_cert = element[num_elements - 1]->pCertContext; | 614 PCCERT_CONTEXT root_cert = element[num_elements - 1]->pCertContext; |
615 SHA1HashValue fingerprint = | 615 SHA1HashValue weak_fingerprint; |
616 X509Certificate::CalculateFingerprint(root_cert); | 616 base::SHA1HashBytes(root_cert->pbCertEncoded, root_cert->cbCertEncoded, |
| 617 weak_fingerprint.data); |
617 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance(); | 618 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance(); |
618 return metadata->HasEVPolicyOID(fingerprint, policy_oid); | 619 return metadata->HasEVPolicyOID(weak_fingerprint, policy_oid); |
619 } | 620 } |
620 | 621 |
621 // Custom revocation provider function that compares incoming certificates with | 622 // Custom revocation provider function that compares incoming certificates with |
622 // those in CRLSets. This is called BEFORE the default CRL & OCSP handling | 623 // those in CRLSets. This is called BEFORE the default CRL & OCSP handling |
623 // is invoked (which is handled by the revocation provider function | 624 // is invoked (which is handled by the revocation provider function |
624 // "CertDllVerifyRevocation" in cryptnet.dll) | 625 // "CertDllVerifyRevocation" in cryptnet.dll) |
625 BOOL WINAPI | 626 BOOL WINAPI |
626 CertDllVerifyRevocationWithCRLSet(DWORD encoding_type, | 627 CertDllVerifyRevocationWithCRLSet(DWORD encoding_type, |
627 DWORD revocation_type, | 628 DWORD revocation_type, |
628 DWORD num_contexts, | 629 DWORD num_contexts, |
(...skipping 515 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1144 return MapCertStatusToNetError(verify_result->cert_status); | 1145 return MapCertStatusToNetError(verify_result->cert_status); |
1145 | 1146 |
1146 if (ev_policy_oid && | 1147 if (ev_policy_oid && |
1147 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) { | 1148 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) { |
1148 verify_result->cert_status |= CERT_STATUS_IS_EV; | 1149 verify_result->cert_status |= CERT_STATUS_IS_EV; |
1149 } | 1150 } |
1150 return OK; | 1151 return OK; |
1151 } | 1152 } |
1152 | 1153 |
1153 } // namespace net | 1154 } // namespace net |
OLD | NEW |