net/cert/x509_certificate.h - Issue 2753123002: Add --ignore-certificate-errors-spki-list switch and UMA histogram.

Side by Side Diff: net/cert/x509_certificate.h

Issue 2753123002: Add --ignore-certificate-errors-spki-list switch and UMA histogram. (Closed)

Patch Set: Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« content/public/common/content_switches.cc ('K') | « content/public/common/content_switches.cc ('k') | net/cert/x509_certificate_nss.cc » ('j') | net/http/http_stream_factory_impl_job.cc » ('J')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef NET_CERT_X509_CERTIFICATE_H_	5 #ifndef NET_CERT_X509_CERTIFICATE_H_

6 #define NET_CERT_X509_CERTIFICATE_H_	6 #define NET_CERT_X509_CERTIFICATE_H_

7	7

8 #include <stddef.h>	8 #include <stddef.h>

9 #include <string.h>	9 #include <string.h>

10	10

(...skipping 350 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
361 static SHA256HashValue CalculateCAFingerprint256(	361 static SHA256HashValue CalculateCAFingerprint256(

362 const OSCertHandles& intermediates);	362 const OSCertHandles& intermediates);

363	363

364 // Calculates the SHA-256 fingerprint for the complete chain, including the	364 // Calculates the SHA-256 fingerprint for the complete chain, including the

365 // leaf certificate and all intermediate CA certificates. Returns an empty	365 // leaf certificate and all intermediate CA certificates. Returns an empty

366 // (all zero) fingerprint on failure.	366 // (all zero) fingerprint on failure.

367 static SHA256HashValue CalculateChainFingerprint256(	367 static SHA256HashValue CalculateChainFingerprint256(

368 OSCertHandle leaf,	368 OSCertHandle leaf,

369 const OSCertHandles& intermediates);	369 const OSCertHandles& intermediates);

370	370

	371 static SHA256HashValue CalculatePublicKeyHashSHA256(OSCertHandle cert_handle);
	Ryan Sleevi 2017/03/16 23:19:13 We've been trying to avoid adding new public stati We've been trying to avoid adding new public static methods to X509Certificate, so it doesn't become a catch-all, and to keep the API from over-complicating. I think it's probably appropriate that in the place you need to check, you can just use the pattern we've been using base::StringPiece spki; if (!asn1::ExtractSPKIFromDERCert([cert der], &spki)) { // unparsable cert } hash = crypto::SHA256HashString(spki); I don't think there'd be a big win for wrapping into a utility method on the base class. martinkr 2017/03/28 23:16:02 Done. Show quoted text On 2017/03/16 at 23:19:13, Ryan Sleevi wrote: > We've been trying to avoid adding new public static methods to X509Certificate, so it doesn't become a catch-all, and to keep the API from over-complicating. > > I think it's probably appropriate that in the place you need to check, you can just use the pattern we've been using > > base::StringPiece spki; > if (!asn1::ExtractSPKIFromDERCert([cert der], &spki)) { > // unparsable cert > } > hash = crypto::SHA256HashString(spki); > > > I don't think there'd be a big win for wrapping into a utility method on the base class. Done.
	372

371 // Returns true if the certificate is self-signed.	373 // Returns true if the certificate is self-signed.

372 static bool IsSelfSigned(OSCertHandle cert_handle);	374 static bool IsSelfSigned(OSCertHandle cert_handle);

373	375

374 private:	376 private:

375 friend class base::RefCountedThreadSafe<X509Certificate>;	377 friend class base::RefCountedThreadSafe<X509Certificate>;

376 friend class TestRootCerts; // For unit tests	378 friend class TestRootCerts; // For unit tests

377	379

378 FRIEND_TEST_ALL_PREFIXES(X509CertificateNameVerifyTest, VerifyHostname);	380 FRIEND_TEST_ALL_PREFIXES(X509CertificateNameVerifyTest, VerifyHostname);

379 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, SerialNumbers);	381 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, SerialNumbers);

380	382

(...skipping 67 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
448 // Untrusted intermediate certificates associated with this certificate	450 // Untrusted intermediate certificates associated with this certificate

449 // that may be needed for chain building.	451 // that may be needed for chain building.

450 OSCertHandles intermediate_ca_certs_;	452 OSCertHandles intermediate_ca_certs_;

451	453

452 DISALLOW_COPY_AND_ASSIGN(X509Certificate);	454 DISALLOW_COPY_AND_ASSIGN(X509Certificate);

453 };	455 };

454	456

455 } // namespace net	457 } // namespace net

456	458

457 #endif // NET_CERT_X509_CERTIFICATE_H_	459 #endif // NET_CERT_X509_CERTIFICATE_H_

OLD	NEW