Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(238)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/cert_verify_proc_win.cc

Issue 2833623002: Extract IsKnownRoot() functionality for testing if a certificate is a (Closed)
Patch Set: remove another unused header Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/cert_verify_proc_nss.cc ('k') | net/cert/internal/system_trust_store.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/cert_verify_proc_win.cc
diff --git a/net/cert/cert_verify_proc_win.cc b/net/cert/cert_verify_proc_win.cc
index 7f4d98d23345c705c4c2d743d536af026c804557..6a46ea01dc40d0f35ea52562d823423ee407dd01 100644
--- a/net/cert/cert_verify_proc_win.cc
+++ b/net/cert/cert_verify_proc_win.cc
@@ -24,9 +24,9 @@
#include "net/cert/cert_verify_result.h"
#include "net/cert/crl_set.h"
#include "net/cert/ev_root_ca_metadata.h"
+#include "net/cert/known_roots_win.h"
#include "net/cert/test_root_certs.h"
#include "net/cert/x509_certificate.h"
-#include "net/cert/x509_certificate_known_roots_win.h"
#if !defined(CERT_TRUST_HAS_WEAK_SIGNATURE)
// This was introduced in Windows 8 / Windows Server 2012, but retroactively
@@ -284,46 +284,7 @@ bool IsIssuedByKnownRoot(PCCERT_CHAIN_CONTEXT chain_context) {
return false;
PCERT_CHAIN_ELEMENT* element = first_chain->rgpElement;
PCCERT_CONTEXT cert = element[num_elements - 1]->pCertContext;
-
- SHA256HashValue hash = X509Certificate::CalculateFingerprint256(cert);
- bool is_builtin =
- IsSHA256HashInSortedArray(hash, &kKnownRootCertSHA256Hashes[0][0],
- sizeof(kKnownRootCertSHA256Hashes));
-
- // Test to see if the use of a built-in set of known roots on Windows can be
- // replaced with using AuthRoot's SHA-256 property. On any system other than
- // a fresh RTM with no AuthRoot updates, this property should always exist for
- // roots delivered via AuthRoot.stl, but should not exist on any manually or
- // administratively deployed roots.
- BYTE hash_prop[32] = {0};
- DWORD size = sizeof(hash_prop);
- bool found_property =
- CertGetCertificateContextProperty(
- cert, CERT_AUTH_ROOT_SHA256_HASH_PROP_ID, &hash_prop, &size) &&
- size == sizeof(hash_prop);
-
- enum BuiltinStatus {
- BUILT_IN_PROPERTY_NOT_FOUND_BUILTIN_NOT_SET = 0,
- BUILT_IN_PROPERTY_NOT_FOUND_BUILTIN_SET = 1,
- BUILT_IN_PROPERTY_FOUND_BUILTIN_NOT_SET = 2,
- BUILT_IN_PROPERTY_FOUND_BUILTIN_SET = 3,
- BUILT_IN_MAX_VALUE,
- } status;
- if (!found_property && !is_builtin) {
- status = BUILT_IN_PROPERTY_NOT_FOUND_BUILTIN_NOT_SET;
- } else if (!found_property && is_builtin) {
- status = BUILT_IN_PROPERTY_NOT_FOUND_BUILTIN_SET;
- } else if (found_property && !is_builtin) {
- status = BUILT_IN_PROPERTY_FOUND_BUILTIN_NOT_SET;
- } else if (found_property && is_builtin) {
- status = BUILT_IN_PROPERTY_FOUND_BUILTIN_SET;
- } else {
- status = BUILT_IN_MAX_VALUE;
- }
- UMA_HISTOGRAM_ENUMERATION("Net.SSL_AuthRootConsistency", status,
- BUILT_IN_MAX_VALUE);
-
- return is_builtin;
+ return IsKnownRoot(cert);
}
// Saves some information about the certificate chain |chain_context| in
« no previous file with comments | « net/cert/cert_verify_proc_nss.cc ('k') | net/cert/internal/system_trust_store.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698