Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(158)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_whitelist.h

Issue 2565743004: Remove the CNNIC whitelist (Closed)
Patch Set: Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/cert_verify_proc_blacklist.inc ('k') | net/cert/cert_verify_proc_whitelist.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2015 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_ 5 #ifndef NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_
6 #define NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_ 6 #define NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_
7 7
8 #include <stddef.h> 8 #include <stddef.h>
9 #include <stdint.h> 9 #include <stdint.h>
10 10
11 #include "crypto/sha2.h" 11 #include "crypto/sha2.h"
12 #include "net/base/hash_value.h" 12 #include "net/base/hash_value.h"
13 #include "net/base/net_export.h" 13 #include "net/base/net_export.h"
14 14
15 namespace net { 15 namespace net {
16 16
17 class X509Certificate; 17 class X509Certificate;
18 18
19 // PublicKeyWhitelist contains a SHA-256 SPKI hash and a pointer to an array
20 // of SHA-256 certificate hashes that have been publicly disclosed and
21 // whitelisted.
22 struct PublicKeyWhitelist {
23 uint8_t public_key[crypto::kSHA256Length];
24 const uint8_t (*whitelist)[crypto::kSHA256Length];
25 size_t whitelist_size;
26 };
27
28 // Returns true if |cert| has been issued by a CA that is constrained from 19 // Returns true if |cert| has been issued by a CA that is constrained from
29 // issuing new certificates and |cert| is not within the whitelist of 20 // issuing new certificates and |cert| is not within the whitelist of
30 // existing certificates. Returns false if |cert| was issued by an 21 // existing certificates. Returns false if |cert| was issued by an
31 // unconstrained CA or if it was in the whitelist for that 22 // unconstrained CA or if it was in the whitelist for that
32 // CA. 23 // CA.
33 // |cert| should be the verified certificate chain, with |public_key_hashes| 24 // |cert| should be the verified certificate chain, with |public_key_hashes|
34 // being the set of hashes of the SPKIs within the verified chain. 25 // being the set of hashes of the SPKIs within the verified chain.
35 bool NET_EXPORT_PRIVATE 26 bool NET_EXPORT_PRIVATE
36 IsNonWhitelistedCertificate(const X509Certificate& cert, 27 IsNonWhitelistedCertificate(const X509Certificate& cert,
37 const HashValueVector& public_key_hashes); 28 const HashValueVector& public_key_hashes);
38 29
39 // Sets the certificate whitelist for testing. Supply nullptr/0 to reset to
40 // the built-in whitelist.
41 void NET_EXPORT_PRIVATE
42 SetCertificateWhitelistForTesting(const PublicKeyWhitelist* whitelist,
43 size_t whitelist_size);
44
45 } // namespace net 30 } // namespace net
46 31
47 #endif // NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_ 32 #endif // NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_
OLDNEW
« no previous file with comments | « net/cert/cert_verify_proc_blacklist.inc ('k') | net/cert/cert_verify_proc_whitelist.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698