Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(127)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/cert_verify_proc.cc

Issue 266243004: Clang format slam. Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/base/mime_util_unittest.cc ('K') | « net/cert/cert_type.h ('k') | net/cert/cert_verify_proc_android.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/cert_verify_proc.cc
diff --git a/net/cert/cert_verify_proc.cc b/net/cert/cert_verify_proc.cc
index df7054072ab12f19c209f15190e5034049afe13e..b089305478d5974a6f2210322d52da5f12c703a3 100644
--- a/net/cert/cert_verify_proc.cc
+++ b/net/cert/cert_verify_proc.cc
@@ -32,7 +32,6 @@
#error Implement certificate verification.
#endif
-
namespace net {
namespace {
@@ -42,17 +41,11 @@ const char kLeafCert[] = "Leaf";
const char kIntermediateCert[] = "Intermediate";
const char kRootCert[] = "Root";
// Matches the order of X509Certificate::PublicKeyType
-const char* const kCertTypeStrings[] = {
- "Unknown",
- "RSA",
- "DSA",
- "ECDSA",
- "DH",
- "ECDH"
-};
+const char* const kCertTypeStrings[] = {"Unknown", "RSA", "DSA",
+ "ECDSA", "DH", "ECDH"};
// Histogram buckets for RSA/DSA/DH key sizes.
-const int kRsaDsaKeySizes[] = {512, 768, 1024, 1536, 2048, 3072, 4096, 8192,
- 16384};
+const int kRsaDsaKeySizes[] = {512, 768, 1024, 1536, 2048,
+ 3072, 4096, 8192, 16384};
// Histogram buckets for ECDSA/ECDH key sizes. The list is based upon the FIPS
// 186-4 approved curves.
const int kEccKeySizes[] = {163, 192, 224, 233, 256, 283, 384, 409, 521, 571};
@@ -137,8 +130,8 @@ bool ExaminePublicKeys(const scoped_refptr<X509Certificate>& cert,
X509Certificate::GetPublicKeyInfo(cert->os_cert_handle(), &size_bits, &type);
if (should_histogram) {
- RecordPublicKeyHistogram(kLeafCert, baseline_keysize_applies, size_bits,
- type);
+ RecordPublicKeyHistogram(
+ kLeafCert, baseline_keysize_applies, size_bits, type);
}
if (IsWeakKey(type, size_bits))
weak_key = true;
@@ -180,9 +173,11 @@ CertVerifyProc* CertVerifyProc::CreateDefault() {
#endif
}
-CertVerifyProc::CertVerifyProc() {}
+CertVerifyProc::CertVerifyProc() {
+}
-CertVerifyProc::~CertVerifyProc() {}
+CertVerifyProc::~CertVerifyProc() {
+}
int CertVerifyProc::Verify(X509Certificate* cert,
const std::string& hostname,
@@ -205,8 +200,8 @@ int CertVerifyProc::Verify(X509Certificate* cert,
if (flags & CertVerifier::VERIFY_EV_CERT)
flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY;
- int rv = VerifyInternal(cert, hostname, flags, crl_set,
- additional_trust_anchors, verify_result);
+ int rv = VerifyInternal(
+ cert, hostname, flags, crl_set, additional_trust_anchors, verify_result);
UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallback",
verify_result->common_name_fallback_used);
@@ -279,42 +274,52 @@ int CertVerifyProc::Verify(X509Certificate* cert,
bool CertVerifyProc::IsBlacklisted(X509Certificate* cert) {
static const unsigned kComodoSerialBytes = 16;
static const uint8 kComodoSerials[][kComodoSerialBytes] = {
- // Not a real certificate. For testing only.
- {0x07,0x7a,0x59,0xbc,0xd5,0x34,0x59,0x60,0x1c,0xa6,0x90,0x72,0x67,0xa6,0xdd,0x1c},
-
- // The next nine certificates all expire on Fri Mar 14 23:59:59 2014.
- // Some serial numbers actually have a leading 0x00 byte required to
- // encode a positive integer in DER if the most significant bit is 0.
- // We omit the leading 0x00 bytes to make all serial numbers 16 bytes.
-
- // Subject: CN=mail.google.com
- // subjectAltName dNSName: mail.google.com, www.mail.google.com
- {0x04,0x7e,0xcb,0xe9,0xfc,0xa5,0x5f,0x7b,0xd0,0x9e,0xae,0x36,0xe1,0x0c,0xae,0x1e},
- // Subject: CN=global trustee
- // subjectAltName dNSName: global trustee
- // Note: not a CA certificate.
- {0xd8,0xf3,0x5f,0x4e,0xb7,0x87,0x2b,0x2d,0xab,0x06,0x92,0xe3,0x15,0x38,0x2f,0xb0},
- // Subject: CN=login.live.com
- // subjectAltName dNSName: login.live.com, www.login.live.com
- {0xb0,0xb7,0x13,0x3e,0xd0,0x96,0xf9,0xb5,0x6f,0xae,0x91,0xc8,0x74,0xbd,0x3a,0xc0},
- // Subject: CN=addons.mozilla.org
- // subjectAltName dNSName: addons.mozilla.org, www.addons.mozilla.org
- {0x92,0x39,0xd5,0x34,0x8f,0x40,0xd1,0x69,0x5a,0x74,0x54,0x70,0xe1,0xf2,0x3f,0x43},
- // Subject: CN=login.skype.com
- // subjectAltName dNSName: login.skype.com, www.login.skype.com
- {0xe9,0x02,0x8b,0x95,0x78,0xe4,0x15,0xdc,0x1a,0x71,0x0a,0x2b,0x88,0x15,0x44,0x47},
- // Subject: CN=login.yahoo.com
- // subjectAltName dNSName: login.yahoo.com, www.login.yahoo.com
- {0xd7,0x55,0x8f,0xda,0xf5,0xf1,0x10,0x5b,0xb2,0x13,0x28,0x2b,0x70,0x77,0x29,0xa3},
- // Subject: CN=www.google.com
- // subjectAltName dNSName: www.google.com, google.com
- {0xf5,0xc8,0x6a,0xf3,0x61,0x62,0xf1,0x3a,0x64,0xf5,0x4f,0x6d,0xc9,0x58,0x7c,0x06},
- // Subject: CN=login.yahoo.com
- // subjectAltName dNSName: login.yahoo.com
- {0x39,0x2a,0x43,0x4f,0x0e,0x07,0xdf,0x1f,0x8a,0xa3,0x05,0xde,0x34,0xe0,0xc2,0x29},
- // Subject: CN=login.yahoo.com
- // subjectAltName dNSName: login.yahoo.com
- {0x3e,0x75,0xce,0xd4,0x6b,0x69,0x30,0x21,0x21,0x88,0x30,0xae,0x86,0xa8,0x2a,0x71},
+ // Not a real certificate. For testing only.
+ {0x07, 0x7a, 0x59, 0xbc, 0xd5, 0x34, 0x59, 0x60, 0x1c, 0xa6, 0x90, 0x72,
+ 0x67, 0xa6, 0xdd, 0x1c},
+
+ // The next nine certificates all expire on Fri Mar 14 23:59:59 2014.
+ // Some serial numbers actually have a leading 0x00 byte required to
+ // encode a positive integer in DER if the most significant bit is 0.
+ // We omit the leading 0x00 bytes to make all serial numbers 16 bytes.
+
+ // Subject: CN=mail.google.com
+ // subjectAltName dNSName: mail.google.com, www.mail.google.com
+ {0x04, 0x7e, 0xcb, 0xe9, 0xfc, 0xa5, 0x5f, 0x7b, 0xd0, 0x9e, 0xae, 0x36,
+ 0xe1, 0x0c, 0xae, 0x1e},
+ // Subject: CN=global trustee
+ // subjectAltName dNSName: global trustee
+ // Note: not a CA certificate.
+ {0xd8, 0xf3, 0x5f, 0x4e, 0xb7, 0x87, 0x2b, 0x2d, 0xab, 0x06, 0x92, 0xe3,
+ 0x15, 0x38, 0x2f, 0xb0},
+ // Subject: CN=login.live.com
+ // subjectAltName dNSName: login.live.com, www.login.live.com
+ {0xb0, 0xb7, 0x13, 0x3e, 0xd0, 0x96, 0xf9, 0xb5, 0x6f, 0xae, 0x91, 0xc8,
+ 0x74, 0xbd, 0x3a, 0xc0},
+ // Subject: CN=addons.mozilla.org
+ // subjectAltName dNSName: addons.mozilla.org, www.addons.mozilla.org
+ {0x92, 0x39, 0xd5, 0x34, 0x8f, 0x40, 0xd1, 0x69, 0x5a, 0x74, 0x54, 0x70,
+ 0xe1, 0xf2, 0x3f, 0x43},
+ // Subject: CN=login.skype.com
+ // subjectAltName dNSName: login.skype.com, www.login.skype.com
+ {0xe9, 0x02, 0x8b, 0x95, 0x78, 0xe4, 0x15, 0xdc, 0x1a, 0x71, 0x0a, 0x2b,
+ 0x88, 0x15, 0x44, 0x47},
+ // Subject: CN=login.yahoo.com
+ // subjectAltName dNSName: login.yahoo.com, www.login.yahoo.com
+ {0xd7, 0x55, 0x8f, 0xda, 0xf5, 0xf1, 0x10, 0x5b, 0xb2, 0x13, 0x28, 0x2b,
+ 0x70, 0x77, 0x29, 0xa3},
+ // Subject: CN=www.google.com
+ // subjectAltName dNSName: www.google.com, google.com
+ {0xf5, 0xc8, 0x6a, 0xf3, 0x61, 0x62, 0xf1, 0x3a, 0x64, 0xf5, 0x4f, 0x6d,
+ 0xc9, 0x58, 0x7c, 0x06},
+ // Subject: CN=login.yahoo.com
+ // subjectAltName dNSName: login.yahoo.com
+ {0x39, 0x2a, 0x43, 0x4f, 0x0e, 0x07, 0xdf, 0x1f, 0x8a, 0xa3, 0x05, 0xde,
+ 0x34, 0xe0, 0xc2, 0x29},
+ // Subject: CN=login.yahoo.com
+ // subjectAltName dNSName: login.yahoo.com
+ {0x3e, 0x75, 0xce, 0xd4, 0x6b, 0x69, 0x30, 0x21, 0x21, 0x88, 0x30, 0xae,
+ 0x86, 0xa8, 0x2a, 0x71},
};
const std::string& serial_number = cert->serial_number();
@@ -334,8 +339,8 @@ bool CertVerifyProc::IsBlacklisted(X509Certificate* cert) {
if (serial.size() == kComodoSerialBytes) {
for (unsigned i = 0; i < arraysize(kComodoSerials); i++) {
if (memcmp(kComodoSerials[i], serial.data(), kComodoSerialBytes) == 0) {
- UMA_HISTOGRAM_ENUMERATION("Net.SSLCertBlacklisted", i,
- arraysize(kComodoSerials) + 1);
+ UMA_HISTOGRAM_ENUMERATION(
+ "Net.SSLCertBlacklisted", i, arraysize(kComodoSerials) + 1);
return true;
}
}
@@ -350,67 +355,68 @@ bool CertVerifyProc::IsPublicKeyBlacklisted(
const HashValueVector& public_key_hashes) {
static const unsigned kNumHashes = 14;
static const uint8 kHashes[kNumHashes][base::kSHA1Length] = {
- // Subject: CN=DigiNotar Root CA
- // Issuer: CN=Entrust.net x2 and self-signed
- {0x41, 0x0f, 0x36, 0x36, 0x32, 0x58, 0xf3, 0x0b, 0x34, 0x7d,
- 0x12, 0xce, 0x48, 0x63, 0xe4, 0x33, 0x43, 0x78, 0x06, 0xa8},
- // Subject: CN=DigiNotar Cyber CA
- // Issuer: CN=GTE CyberTrust Global Root
- {0xc4, 0xf9, 0x66, 0x37, 0x16, 0xcd, 0x5e, 0x71, 0xd6, 0x95,
- 0x0b, 0x5f, 0x33, 0xce, 0x04, 0x1c, 0x95, 0xb4, 0x35, 0xd1},
- // Subject: CN=DigiNotar Services 1024 CA
- // Issuer: CN=Entrust.net
- {0xe2, 0x3b, 0x8d, 0x10, 0x5f, 0x87, 0x71, 0x0a, 0x68, 0xd9,
- 0x24, 0x80, 0x50, 0xeb, 0xef, 0xc6, 0x27, 0xbe, 0x4c, 0xa6},
- // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2
- // Issuer: CN=Staat der Nederlanden Organisatie CA - G2
- {0x7b, 0x2e, 0x16, 0xbc, 0x39, 0xbc, 0xd7, 0x2b, 0x45, 0x6e,
- 0x9f, 0x05, 0x5d, 0x1d, 0xe6, 0x15, 0xb7, 0x49, 0x45, 0xdb},
- // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven
- // Issuer: CN=Staat der Nederlanden Overheid CA
- {0xe8, 0xf9, 0x12, 0x00, 0xc6, 0x5c, 0xee, 0x16, 0xe0, 0x39,
- 0xb9, 0xf8, 0x83, 0x84, 0x16, 0x61, 0x63, 0x5f, 0x81, 0xc5},
- // Subject: O=Digicert Sdn. Bhd.
- // Issuer: CN=GTE CyberTrust Global Root
- // Expires: Jul 17 15:16:54 2012 GMT
- {0x01, 0x29, 0xbc, 0xd5, 0xb4, 0x48, 0xae, 0x8d, 0x24, 0x96,
- 0xd1, 0xc3, 0xe1, 0x97, 0x23, 0x91, 0x90, 0x88, 0xe1, 0x52},
- // Subject: O=Digicert Sdn. Bhd.
- // Issuer: CN=Entrust.net Certification Authority (2048)
- // Expires: Jul 16 17:53:37 2015 GMT
- {0xd3, 0x3c, 0x5b, 0x41, 0xe4, 0x5c, 0xc4, 0xb3, 0xbe, 0x9a,
- 0xd6, 0x95, 0x2c, 0x4e, 0xcc, 0x25, 0x28, 0x03, 0x29, 0x81},
- // Issuer: CN=Trustwave Organization Issuing CA, Level 2
- // Covers two certificates, the latter of which expires Apr 15 21:09:30
- // 2021 GMT.
- {0xe1, 0x2d, 0x89, 0xf5, 0x6d, 0x22, 0x76, 0xf8, 0x30, 0xe6,
- 0xce, 0xaf, 0xa6, 0x6c, 0x72, 0x5c, 0x0b, 0x41, 0xa9, 0x32},
- // Cyberoam CA certificate. Private key leaked, but this certificate would
- // only have been installed by Cyberoam customers. The certificate expires
- // in 2036, but we can probably remove in a couple of years (2014).
- {0xd9, 0xf5, 0xc6, 0xce, 0x57, 0xff, 0xaa, 0x39, 0xcc, 0x7e,
- 0xd1, 0x72, 0xbd, 0x53, 0xe0, 0xd3, 0x07, 0x83, 0x4b, 0xd1},
- // Win32/Sirefef.gen!C generates fake certificates with this public key.
- {0xa4, 0xf5, 0x6e, 0x9e, 0x1d, 0x9a, 0x3b, 0x7b, 0x1a, 0xc3,
- 0x31, 0xcf, 0x64, 0xfc, 0x76, 0x2c, 0xd0, 0x51, 0xfb, 0xa4},
- // ANSSI certificate under which a MITM proxy was mistakenly operated.
- // Expires: Jul 18 10:05:28 2014 GMT
- {0x3e, 0xcf, 0x4b, 0xbb, 0xe4, 0x60, 0x96, 0xd5, 0x14, 0xbb,
- 0x53, 0x9b, 0xb9, 0x13, 0xd7, 0x7a, 0xa4, 0xef, 0x31, 0xbf},
- // Three retired intermediate certificates from Symantec. No compromise;
- // just for robustness. All expire May 17 23:59:59 2018.
- // See https://bugzilla.mozilla.org/show_bug.cgi?id=966060
- {0x68, 0x5e, 0xec, 0x0a, 0x39, 0xf6, 0x68, 0xae, 0x8f, 0xd8,
- 0x96, 0x4f, 0x98, 0x74, 0x76, 0xb4, 0x50, 0x4f, 0xd2, 0xbe},
- {0x0e, 0x50, 0x2d, 0x4d, 0xd1, 0xe1, 0x60, 0x36, 0x8a, 0x31,
- 0xf0, 0x6a, 0x81, 0x04, 0x31, 0xba, 0x6f, 0x72, 0xc0, 0x41},
- {0x93, 0xd1, 0x53, 0x22, 0x29, 0xcc, 0x2a, 0xbd, 0x21, 0xdf,
- 0xf5, 0x97, 0xee, 0x32, 0x0f, 0xe4, 0x24, 0x6f, 0x3d, 0x0c},
+ // Subject: CN=DigiNotar Root CA
+ // Issuer: CN=Entrust.net x2 and self-signed
+ {0x41, 0x0f, 0x36, 0x36, 0x32, 0x58, 0xf3, 0x0b, 0x34, 0x7d, 0x12, 0xce,
+ 0x48, 0x63, 0xe4, 0x33, 0x43, 0x78, 0x06, 0xa8},
+ // Subject: CN=DigiNotar Cyber CA
+ // Issuer: CN=GTE CyberTrust Global Root
+ {0xc4, 0xf9, 0x66, 0x37, 0x16, 0xcd, 0x5e, 0x71, 0xd6, 0x95, 0x0b, 0x5f,
+ 0x33, 0xce, 0x04, 0x1c, 0x95, 0xb4, 0x35, 0xd1},
+ // Subject: CN=DigiNotar Services 1024 CA
+ // Issuer: CN=Entrust.net
+ {0xe2, 0x3b, 0x8d, 0x10, 0x5f, 0x87, 0x71, 0x0a, 0x68, 0xd9, 0x24, 0x80,
+ 0x50, 0xeb, 0xef, 0xc6, 0x27, 0xbe, 0x4c, 0xa6},
+ // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2
+ // Issuer: CN=Staat der Nederlanden Organisatie CA - G2
+ {0x7b, 0x2e, 0x16, 0xbc, 0x39, 0xbc, 0xd7, 0x2b, 0x45, 0x6e, 0x9f, 0x05,
+ 0x5d, 0x1d, 0xe6, 0x15, 0xb7, 0x49, 0x45, 0xdb},
+ // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven
+ // Issuer: CN=Staat der Nederlanden Overheid CA
+ {0xe8, 0xf9, 0x12, 0x00, 0xc6, 0x5c, 0xee, 0x16, 0xe0, 0x39, 0xb9, 0xf8,
+ 0x83, 0x84, 0x16, 0x61, 0x63, 0x5f, 0x81, 0xc5},
+ // Subject: O=Digicert Sdn. Bhd.
+ // Issuer: CN=GTE CyberTrust Global Root
+ // Expires: Jul 17 15:16:54 2012 GMT
+ {0x01, 0x29, 0xbc, 0xd5, 0xb4, 0x48, 0xae, 0x8d, 0x24, 0x96, 0xd1, 0xc3,
+ 0xe1, 0x97, 0x23, 0x91, 0x90, 0x88, 0xe1, 0x52},
+ // Subject: O=Digicert Sdn. Bhd.
+ // Issuer: CN=Entrust.net Certification Authority (2048)
+ // Expires: Jul 16 17:53:37 2015 GMT
+ {0xd3, 0x3c, 0x5b, 0x41, 0xe4, 0x5c, 0xc4, 0xb3, 0xbe, 0x9a, 0xd6, 0x95,
+ 0x2c, 0x4e, 0xcc, 0x25, 0x28, 0x03, 0x29, 0x81},
+ // Issuer: CN=Trustwave Organization Issuing CA, Level 2
+ // Covers two certificates, the latter of which expires Apr 15 21:09:30
+ // 2021 GMT.
+ {0xe1, 0x2d, 0x89, 0xf5, 0x6d, 0x22, 0x76, 0xf8, 0x30, 0xe6, 0xce, 0xaf,
+ 0xa6, 0x6c, 0x72, 0x5c, 0x0b, 0x41, 0xa9, 0x32},
+ // Cyberoam CA certificate. Private key leaked, but this certificate would
+ // only have been installed by Cyberoam customers. The certificate expires
+ // in 2036, but we can probably remove in a couple of years (2014).
+ {0xd9, 0xf5, 0xc6, 0xce, 0x57, 0xff, 0xaa, 0x39, 0xcc, 0x7e, 0xd1, 0x72,
+ 0xbd, 0x53, 0xe0, 0xd3, 0x07, 0x83, 0x4b, 0xd1},
+ // Win32/Sirefef.gen!C generates fake certificates with this public key.
+ {0xa4, 0xf5, 0x6e, 0x9e, 0x1d, 0x9a, 0x3b, 0x7b, 0x1a, 0xc3, 0x31, 0xcf,
+ 0x64, 0xfc, 0x76, 0x2c, 0xd0, 0x51, 0xfb, 0xa4},
+ // ANSSI certificate under which a MITM proxy was mistakenly operated.
+ // Expires: Jul 18 10:05:28 2014 GMT
+ {0x3e, 0xcf, 0x4b, 0xbb, 0xe4, 0x60, 0x96, 0xd5, 0x14, 0xbb, 0x53, 0x9b,
+ 0xb9, 0x13, 0xd7, 0x7a, 0xa4, 0xef, 0x31, 0xbf},
+ // Three retired intermediate certificates from Symantec. No compromise;
+ // just for robustness. All expire May 17 23:59:59 2018.
+ // See https://bugzilla.mozilla.org/show_bug.cgi?id=966060
+ {0x68, 0x5e, 0xec, 0x0a, 0x39, 0xf6, 0x68, 0xae, 0x8f, 0xd8, 0x96, 0x4f,
+ 0x98, 0x74, 0x76, 0xb4, 0x50, 0x4f, 0xd2, 0xbe},
+ {0x0e, 0x50, 0x2d, 0x4d, 0xd1, 0xe1, 0x60, 0x36, 0x8a, 0x31, 0xf0, 0x6a,
+ 0x81, 0x04, 0x31, 0xba, 0x6f, 0x72, 0xc0, 0x41},
+ {0x93, 0xd1, 0x53, 0x22, 0x29, 0xcc, 0x2a, 0xbd, 0x21, 0xdf, 0xf5, 0x97,
+ 0xee, 0x32, 0x0f, 0xe4, 0x24, 0x6f, 0x3d, 0x0c},
};
for (unsigned i = 0; i < kNumHashes; i++) {
for (HashValueVector::const_iterator j = public_key_hashes.begin();
- j != public_key_hashes.end(); ++j) {
+ j != public_key_hashes.end();
+ ++j) {
if (j->tag == HASH_VALUE_SHA1 &&
memcmp(j->data(), kHashes[i], base::kSHA1Length) == 0) {
return true;
@@ -429,7 +435,8 @@ static const size_t kMaxTLDLength = 4;
static bool CheckNameConstraints(const std::vector<std::string>& dns_names,
const char tlds[][kMaxTLDLength]) {
for (std::vector<std::string>::const_iterator i = dns_names.begin();
- i != dns_names.end(); ++i) {
+ i != dns_names.end();
+ ++i) {
bool ok = false;
url::CanonHostInfo host_info;
const std::string dns_name = CanonicalizeHost(*i, &host_info);
@@ -482,47 +489,47 @@ bool CertVerifyProc::HasNameConstraintsViolation(
const std::vector<std::string>& dns_names,
const std::vector<std::string>& ip_addrs) {
static const char kTLDsANSSI[][kMaxTLDLength] = {
- "fr", // France
- "gp", // Guadeloupe
- "gf", // Guyane
- "mq", // Martinique
- "re", // Réunion
- "yt", // Mayotte
- "pm", // Saint-Pierre et Miquelon
- "bl", // Saint Barthélemy
- "mf", // Saint Martin
- "wf", // Wallis et Futuna
- "pf", // Polynésie française
- "nc", // Nouvelle Calédonie
- "tf", // Terres australes et antarctiques françaises
- "",
+ "fr", // France
+ "gp", // Guadeloupe
+ "gf", // Guyane
+ "mq", // Martinique
+ "re", // Réunion
+ "yt", // Mayotte
+ "pm", // Saint-Pierre et Miquelon
+ "bl", // Saint Barthélemy
+ "mf", // Saint Martin
+ "wf", // Wallis et Futuna
+ "pf", // Polynésie française
+ "nc", // Nouvelle Calédonie
+ "tf", // Terres australes et antarctiques françaises
+ "",
};
static const char kTLDsTest[][kMaxTLDLength] = {
- "com",
- "",
+ "com", "",
};
static const PublicKeyTLDLimitation kLimits[] = {
- // C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI,
- // CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
- {
- {0x79, 0x23, 0xd5, 0x8d, 0x0f, 0xe0, 0x3c, 0xe6, 0xab, 0xad,
- 0xae, 0x27, 0x1a, 0x6d, 0x94, 0xf4, 0x14, 0xd1, 0xa8, 0x73},
- kTLDsANSSI,
- },
- // Not a real certificate - just for testing. This is the SPKI hash of
- // the keys used in net/data/ssl/certificates/name_constraint_*.crt.
- {
- {0x15, 0x45, 0xd7, 0x3b, 0x58, 0x6b, 0x47, 0xcf, 0xc1, 0x44,
- 0xa2, 0xc9, 0xaa, 0xab, 0x98, 0x3d, 0x21, 0xcc, 0x42, 0xde},
- kTLDsTest,
- },
+ // C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI,
+ // CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
+ {
+ {0x79, 0x23, 0xd5, 0x8d, 0x0f, 0xe0, 0x3c, 0xe6, 0xab, 0xad, 0xae, 0x27,
+ 0x1a, 0x6d, 0x94, 0xf4, 0x14, 0xd1, 0xa8, 0x73},
+ kTLDsANSSI,
+ },
+ // Not a real certificate - just for testing. This is the SPKI hash of
+ // the keys used in net/data/ssl/certificates/name_constraint_*.crt.
+ {
+ {0x15, 0x45, 0xd7, 0x3b, 0x58, 0x6b, 0x47, 0xcf, 0xc1, 0x44, 0xa2, 0xc9,
+ 0xaa, 0xab, 0x98, 0x3d, 0x21, 0xcc, 0x42, 0xde},
+ kTLDsTest,
+ },
};
for (unsigned i = 0; i < arraysize(kLimits); ++i) {
for (HashValueVector::const_iterator j = public_key_hashes.begin();
- j != public_key_hashes.end(); ++j) {
+ j != public_key_hashes.end();
+ ++j) {
if (j->tag == HASH_VALUE_SHA1 &&
memcmp(j->data(), kLimits[i].public_key, base::kSHA1Length) == 0) {
if (dns_names.empty() && ip_addrs.empty()) {
« net/base/mime_util_unittest.cc ('K') | « net/cert/cert_type.h ('k') | net/cert/cert_verify_proc_android.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698