| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/ev_root_ca_metadata.h" | 5 #include "net/cert/ev_root_ca_metadata.h" |
| 6 | 6 |
| 7 #if defined(USE_NSS_CERTS) | 7 #if defined(USE_NSS_CERTS) |
| 8 #include <cert.h> | 8 #include <cert.h> |
| 9 #include <pkcs11n.h> | 9 #include <pkcs11n.h> |
| 10 #include <secerr.h> | 10 #include <secerr.h> |
| (...skipping 648 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 659 if (iter == ev_policy_.end()) | 659 if (iter == ev_policy_.end()) |
| 660 return false; | 660 return false; |
| 661 for (std::vector<PolicyOID>::const_iterator | 661 for (std::vector<PolicyOID>::const_iterator |
| 662 j = iter->second.begin(); j != iter->second.end(); ++j) { | 662 j = iter->second.begin(); j != iter->second.end(); ++j) { |
| 663 if (*j == policy_oid) | 663 if (*j == policy_oid) |
| 664 return true; | 664 return true; |
| 665 } | 665 } |
| 666 return false; | 666 return false; |
| 667 } | 667 } |
| 668 | 668 |
| 669 // static |
| 670 bool EVRootCAMetadata::IsCaBrowserForumEvOid(PolicyOID policy_oid) { |
| 671 // OID: 2.23.140.1.1 |
| 672 const uint8_t kCabEvOid[] = {0x67, 0x81, 0x0c, 0x01, 0x01}; |
| 673 SECItem item; |
| 674 item.data = const_cast<uint8_t*>(&kCabEvOid[0]); |
| 675 item.len = sizeof(kCabEvOid); |
| 676 return policy_oid == SECOID_FindOIDTag(&item); |
| 677 } |
| 678 |
| 669 bool EVRootCAMetadata::AddEVCA(const SHA1HashValue& fingerprint, | 679 bool EVRootCAMetadata::AddEVCA(const SHA1HashValue& fingerprint, |
| 670 const char* policy) { | 680 const char* policy) { |
| 671 if (ev_policy_.find(fingerprint) != ev_policy_.end()) | 681 if (ev_policy_.find(fingerprint) != ev_policy_.end()) |
| 672 return false; | 682 return false; |
| 673 | 683 |
| 674 PolicyOID oid; | 684 PolicyOID oid; |
| 675 if (!RegisterOID(policy, &oid)) | 685 if (!RegisterOID(policy, &oid)) |
| 676 return false; | 686 return false; |
| 677 | 687 |
| 678 ev_policy_[fingerprint].push_back(oid); | 688 ev_policy_[fingerprint].push_back(oid); |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 746 if (strcmp(policy_oid, ev_root_ca_metadata[i].policy_oids[j]) == 0) | 756 if (strcmp(policy_oid, ev_root_ca_metadata[i].policy_oids[j]) == 0) |
| 747 return true; | 757 return true; |
| 748 } | 758 } |
| 749 return false; | 759 return false; |
| 750 } | 760 } |
| 751 | 761 |
| 752 ExtraEVCAMap::const_iterator it = extra_cas_.find(fingerprint); | 762 ExtraEVCAMap::const_iterator it = extra_cas_.find(fingerprint); |
| 753 return it != extra_cas_.end() && it->second == policy_oid; | 763 return it != extra_cas_.end() && it->second == policy_oid; |
| 754 } | 764 } |
| 755 | 765 |
| 766 // static |
| 767 bool EVRootCAMetadata::IsCaBrowserForumEvOid(PolicyOID policy_oid) { |
| 768 return strcmp(policy_oid, "2.23.140.1.1") == 0; |
| 769 } |
| 770 |
| 756 bool EVRootCAMetadata::AddEVCA(const SHA1HashValue& fingerprint, | 771 bool EVRootCAMetadata::AddEVCA(const SHA1HashValue& fingerprint, |
| 757 const char* policy) { | 772 const char* policy) { |
| 758 for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) { | 773 for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) { |
| 759 if (fingerprint == ev_root_ca_metadata[i].fingerprint) | 774 if (fingerprint == ev_root_ca_metadata[i].fingerprint) |
| 760 return false; | 775 return false; |
| 761 } | 776 } |
| 762 | 777 |
| 763 if (extra_cas_.find(fingerprint) != extra_cas_.end()) | 778 if (extra_cas_.find(fingerprint) != extra_cas_.end()) |
| 764 return false; | 779 return false; |
| 765 | 780 |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 799 PolicyOIDMap::const_iterator iter = ev_policy_.find(fingerprint); | 814 PolicyOIDMap::const_iterator iter = ev_policy_.find(fingerprint); |
| 800 if (iter == ev_policy_.end()) | 815 if (iter == ev_policy_.end()) |
| 801 return false; | 816 return false; |
| 802 for (const std::string& ev_oid : iter->second) { | 817 for (const std::string& ev_oid : iter->second) { |
| 803 if (der::Input(&ev_oid) == policy_oid) | 818 if (der::Input(&ev_oid) == policy_oid) |
| 804 return true; | 819 return true; |
| 805 } | 820 } |
| 806 return false; | 821 return false; |
| 807 } | 822 } |
| 808 | 823 |
| 824 // static |
| 825 bool EVRootCAMetadata::IsCaBrowserForumEvOid(PolicyOID policy_oid) { |
| 826 const uint8_t kCabEvOid[] = {0x67, 0x81, 0x0c, 0x01, 0x01}; |
| 827 return der::Input(kCabEvOid) == policy_oid; |
| 828 } |
| 829 |
| 809 bool EVRootCAMetadata::AddEVCA(const SHA1HashValue& fingerprint, | 830 bool EVRootCAMetadata::AddEVCA(const SHA1HashValue& fingerprint, |
| 810 const char* policy) { | 831 const char* policy) { |
| 811 if (ev_policy_.find(fingerprint) != ev_policy_.end()) | 832 if (ev_policy_.find(fingerprint) != ev_policy_.end()) |
| 812 return false; | 833 return false; |
| 813 | 834 |
| 814 std::string der_policy = OIDStringToDER(policy); | 835 std::string der_policy = OIDStringToDER(policy); |
| 815 if (der_policy.empty()) | 836 if (der_policy.empty()) |
| 816 return false; | 837 return false; |
| 817 | 838 |
| 818 ev_policy_[fingerprint].push_back(der_policy); | 839 ev_policy_[fingerprint].push_back(der_policy); |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 886 ev_policy_[metadata.fingerprint].push_back(policy_der); | 907 ev_policy_[metadata.fingerprint].push_back(policy_der); |
| 887 policy_oids_.insert(policy_der); | 908 policy_oids_.insert(policy_der); |
| 888 } | 909 } |
| 889 } | 910 } |
| 890 #endif | 911 #endif |
| 891 } | 912 } |
| 892 | 913 |
| 893 EVRootCAMetadata::~EVRootCAMetadata() { } | 914 EVRootCAMetadata::~EVRootCAMetadata() { } |
| 894 | 915 |
| 895 } // namespace net | 916 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2772283004:
De-prioritize 2.23.140.1.1 when searching for EV policy. (Closed)
