| Index: net/cert/x509_certificate.cc
|
| diff --git a/net/cert/x509_certificate.cc b/net/cert/x509_certificate.cc
|
| index 052b7b7ecc166a76f8638584a200c657e8656fc6..43808b7fcb815a722af3e6ccfda10a627203a3e9 100644
|
| --- a/net/cert/x509_certificate.cc
|
| +++ b/net/cert/x509_certificate.cc
|
| @@ -34,9 +34,7 @@ namespace {
|
| // Indicates the order to use when trying to decode binary data, which is
|
| // based on (speculation) as to what will be most common -> least common
|
| const X509Certificate::Format kFormatDecodePriority[] = {
|
| - X509Certificate::FORMAT_SINGLE_CERTIFICATE,
|
| - X509Certificate::FORMAT_PKCS7
|
| -};
|
| + X509Certificate::FORMAT_SINGLE_CERTIFICATE, X509Certificate::FORMAT_PKCS7};
|
|
|
| // The PEM block header used for DER certificates
|
| const char kCertificateHeader[] = "CERTIFICATE";
|
| @@ -109,8 +107,8 @@ class X509CertificateCache {
|
| DISALLOW_COPY_AND_ASSIGN(X509CertificateCache);
|
| };
|
|
|
| -base::LazyInstance<X509CertificateCache>::Leaky
|
| - g_x509_certificate_cache = LAZY_INSTANCE_INITIALIZER;
|
| +base::LazyInstance<X509CertificateCache>::Leaky g_x509_certificate_cache =
|
| + LAZY_INSTANCE_INITIALIZER;
|
|
|
| void X509CertificateCache::InsertOrUpdate(
|
| X509Certificate::OSCertHandle* cert_handle) {
|
| @@ -169,8 +167,8 @@ void X509CertificateCache::Remove(X509Certificate::OSCertHandle cert_handle) {
|
| if (pos == cache_.end())
|
| return; // A hash collision where the winning cert was already freed.
|
|
|
| - bool is_same_cert = X509Certificate::IsSameOSCert(cert_handle,
|
| - pos->second.cert_handle);
|
| + bool is_same_cert =
|
| + X509Certificate::IsSameOSCert(cert_handle, pos->second.cert_handle);
|
| if (!is_same_cert)
|
| return; // A hash collision where the winning cert is still around.
|
|
|
| @@ -224,12 +222,14 @@ bool X509Certificate::LessThan::operator()(
|
| if (lhs.get() == rhs.get())
|
| return false;
|
|
|
| - int rv = memcmp(lhs->fingerprint_.data, rhs->fingerprint_.data,
|
| + int rv = memcmp(lhs->fingerprint_.data,
|
| + rhs->fingerprint_.data,
|
| sizeof(lhs->fingerprint_.data));
|
| if (rv != 0)
|
| return rv < 0;
|
|
|
| - rv = memcmp(lhs->ca_fingerprint_.data, rhs->ca_fingerprint_.data,
|
| + rv = memcmp(lhs->ca_fingerprint_.data,
|
| + rhs->ca_fingerprint_.data,
|
| sizeof(lhs->ca_fingerprint_.data));
|
| return rv < 0;
|
| }
|
| @@ -273,8 +273,8 @@ X509Certificate* X509Certificate::CreateFromDERCertChain(
|
| OSCertHandle handle = NULL;
|
| // Return NULL if we failed to parse any of the certs.
|
| if (der_certs.size() - 1 == intermediate_ca_certs.size()) {
|
| - handle = CreateOSCertHandleFromBytes(
|
| - const_cast<char*>(der_certs[0].data()), der_certs[0].size());
|
| + handle = CreateOSCertHandleFromBytes(const_cast<char*>(der_certs[0].data()),
|
| + der_certs[0].size());
|
| }
|
|
|
| X509Certificate* cert = NULL;
|
| @@ -389,7 +389,9 @@ X509Certificate* X509Certificate::CreateFromPickle(const Pickle& pickle,
|
|
|
| // static
|
| CertificateList X509Certificate::CreateCertificateListFromBytes(
|
| - const char* data, int length, int format) {
|
| + const char* data,
|
| + int length,
|
| + int format) {
|
| OSCertHandles certificates;
|
|
|
| // Check to see if it is in a PEM-encoded form. This check is performed
|
| @@ -423,11 +425,12 @@ CertificateList X509Certificate::CreateCertificateListFromBytes(
|
| // formats other than PEM are acceptable, check to see if the decoded
|
| // data is one of the accepted formats.
|
| if (format & ~FORMAT_PEM_CERT_SEQUENCE) {
|
| - for (size_t i = 0; certificates.empty() &&
|
| - i < arraysize(kFormatDecodePriority); ++i) {
|
| + for (size_t i = 0;
|
| + certificates.empty() && i < arraysize(kFormatDecodePriority);
|
| + ++i) {
|
| if (format & kFormatDecodePriority[i]) {
|
| - certificates = CreateOSCertHandlesFromBytes(decoded.c_str(),
|
| - decoded.size(), kFormatDecodePriority[i]);
|
| + certificates = CreateOSCertHandlesFromBytes(
|
| + decoded.c_str(), decoded.size(), kFormatDecodePriority[i]);
|
| }
|
| }
|
| }
|
| @@ -442,11 +445,12 @@ CertificateList X509Certificate::CreateCertificateListFromBytes(
|
| // Try each of the formats, in order of parse preference, to see if |data|
|
| // contains the binary representation of a Format, if it failed to parse
|
| // as a PEM certificate/chain.
|
| - for (size_t i = 0; certificates.empty() &&
|
| - i < arraysize(kFormatDecodePriority); ++i) {
|
| + for (size_t i = 0;
|
| + certificates.empty() && i < arraysize(kFormatDecodePriority);
|
| + ++i) {
|
| if (format & kFormatDecodePriority[i])
|
| - certificates = CreateOSCertHandlesFromBytes(data, length,
|
| - kFormatDecodePriority[i]);
|
| + certificates =
|
| + CreateOSCertHandlesFromBytes(data, length, kFormatDecodePriority[i]);
|
| }
|
|
|
| CertificateList results;
|
| @@ -455,7 +459,8 @@ CertificateList X509Certificate::CreateCertificateListFromBytes(
|
| return results;
|
|
|
| for (OSCertHandles::iterator it = certificates.begin();
|
| - it != certificates.end(); ++it) {
|
| + it != certificates.end();
|
| + ++it) {
|
| X509Certificate* result = CreateFromHandle(*it, OSCertHandles());
|
| results.push_back(scoped_refptr<X509Certificate>(result));
|
| FreeOSCertHandle(*it);
|
| @@ -471,8 +476,7 @@ void X509Certificate::Persist(Pickle* pickle) {
|
| NOTREACHED();
|
| return;
|
| }
|
| - if (!pickle->WriteInt(
|
| - static_cast<int>(intermediate_ca_certs_.size() + 1)) ||
|
| + if (!pickle->WriteInt(static_cast<int>(intermediate_ca_certs_.size() + 1)) ||
|
| !WriteOSCertHandleToPickle(cert_handle_, pickle)) {
|
| NOTREACHED();
|
| return;
|
| @@ -514,8 +518,8 @@ bool X509Certificate::VerifyHostname(
|
| // Presented identifier(s) == name(s) the server knows itself as, in its cert.
|
|
|
| // CanonicalizeHost requires surrounding brackets to parse an IPv6 address.
|
| - const std::string host_or_ip = hostname.find(':') != std::string::npos ?
|
| - "[" + hostname + "]" : hostname;
|
| + const std::string host_or_ip =
|
| + hostname.find(':') != std::string::npos ? "[" + hostname + "]" : hostname;
|
| url::CanonHostInfo host_info;
|
| std::string reference_name = CanonicalizeHost(host_or_ip, &host_info);
|
| // CanonicalizeHost does not normalize absolute vs relative DNS names. If
|
| @@ -527,8 +531,8 @@ bool X509Certificate::VerifyHostname(
|
| return false;
|
|
|
| // Allow fallback to Common name matching?
|
| - const bool common_name_fallback = cert_san_dns_names.empty() &&
|
| - cert_san_ip_addrs.empty();
|
| + const bool common_name_fallback =
|
| + cert_san_dns_names.empty() && cert_san_ip_addrs.empty();
|
| *common_name_fallback_used = common_name_fallback;
|
|
|
| // Fully handle all cases where |hostname| contains an IP address.
|
| @@ -541,7 +545,8 @@ bool X509Certificate::VerifyHostname(
|
| base::StringPiece ip_addr_string(
|
| reinterpret_cast<const char*>(host_info.address),
|
| host_info.AddressLength());
|
| - return std::find(cert_san_ip_addrs.begin(), cert_san_ip_addrs.end(),
|
| + return std::find(cert_san_ip_addrs.begin(),
|
| + cert_san_ip_addrs.end(),
|
| ip_addr_string) != cert_san_ip_addrs.end();
|
| }
|
|
|
| @@ -565,11 +570,10 @@ bool X509Certificate::VerifyHostname(
|
| // Because |reference_domain| must contain at least one name component that
|
| // is not registry controlled, this ensures that all reference domains
|
| // contain at least three domain components when using wildcards.
|
| - size_t registry_length =
|
| - registry_controlled_domains::GetRegistryLength(
|
| - reference_name,
|
| - registry_controlled_domains::INCLUDE_UNKNOWN_REGISTRIES,
|
| - registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES);
|
| + size_t registry_length = registry_controlled_domains::GetRegistryLength(
|
| + reference_name,
|
| + registry_controlled_domains::INCLUDE_UNKNOWN_REGISTRIES,
|
| + registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES);
|
|
|
| // Because |reference_name| was already canonicalized, the following
|
| // should never happen.
|
| @@ -600,9 +604,9 @@ bool X509Certificate::VerifyHostname(
|
| common_name_as_vector.push_back(cert_common_name);
|
| presented_names = &common_name_as_vector;
|
| }
|
| - for (std::vector<std::string>::const_iterator it =
|
| - presented_names->begin();
|
| - it != presented_names->end(); ++it) {
|
| + for (std::vector<std::string>::const_iterator it = presented_names->begin();
|
| + it != presented_names->end();
|
| + ++it) {
|
| // Catch badly corrupt cert names up front.
|
| if (it->empty() || it->find('\0') != std::string::npos) {
|
| DVLOG(1) << "Bad name in cert: " << *it;
|
| @@ -654,7 +658,10 @@ bool X509Certificate::VerifyNameMatch(const std::string& hostname,
|
| bool* common_name_fallback_used) const {
|
| std::vector<std::string> dns_names, ip_addrs;
|
| GetSubjectAltName(&dns_names, &ip_addrs);
|
| - return VerifyHostname(hostname, subject_.common_name, dns_names, ip_addrs,
|
| + return VerifyHostname(hostname,
|
| + subject_.common_name,
|
| + dns_names,
|
| + ip_addrs,
|
| common_name_fallback_used);
|
| }
|
|
|
|
|
Chromium Code Reviews
