OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
6 | 6 |
7 #include <limits.h> | 7 #include <limits.h> |
8 #include <stdlib.h> | 8 #include <stdlib.h> |
9 | 9 |
10 #include <algorithm> | |
11 #include <map> | 10 #include <map> |
12 #include <memory> | 11 #include <memory> |
13 #include <string> | 12 #include <string> |
14 #include <vector> | 13 #include <vector> |
15 | 14 |
16 #include "base/base64.h" | 15 #include "base/base64.h" |
17 #include "base/lazy_instance.h" | 16 #include "base/lazy_instance.h" |
18 #include "base/logging.h" | 17 #include "base/logging.h" |
19 #include "base/macros.h" | 18 #include "base/macros.h" |
20 #include "base/memory/singleton.h" | 19 #include "base/memory/singleton.h" |
21 #include "base/metrics/histogram_macros.h" | 20 #include "base/metrics/histogram_macros.h" |
22 #include "base/pickle.h" | 21 #include "base/pickle.h" |
23 #include "base/profiler/scoped_tracker.h" | 22 #include "base/profiler/scoped_tracker.h" |
| 23 #include "base/stl_util.h" |
24 #include "base/strings/string_piece.h" | 24 #include "base/strings/string_piece.h" |
25 #include "base/strings/string_util.h" | 25 #include "base/strings/string_util.h" |
26 #include "base/synchronization/lock.h" | 26 #include "base/synchronization/lock.h" |
27 #include "base/time/time.h" | 27 #include "base/time/time.h" |
28 #include "base/trace_event/trace_event.h" | 28 #include "base/trace_event/trace_event.h" |
29 #include "crypto/secure_hash.h" | 29 #include "crypto/secure_hash.h" |
30 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" | 30 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" |
31 #include "net/base/url_util.h" | 31 #include "net/base/url_util.h" |
32 #include "net/cert/pem_tokenizer.h" | 32 #include "net/cert/pem_tokenizer.h" |
33 #include "url/url_canon.h" | 33 #include "url/url_canon.h" |
(...skipping 499 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
533 if (allow_common_name_fallback && cert_san_dns_names.empty() && | 533 if (allow_common_name_fallback && cert_san_dns_names.empty() && |
534 cert_san_ip_addrs.empty() && | 534 cert_san_ip_addrs.empty() && |
535 host_info.family == url::CanonHostInfo::IPV4) { | 535 host_info.family == url::CanonHostInfo::IPV4) { |
536 // Fallback to Common name matching. As this is deprecated and only | 536 // Fallback to Common name matching. As this is deprecated and only |
537 // supported for compatibility refuse it for IPv6 addresses. | 537 // supported for compatibility refuse it for IPv6 addresses. |
538 return reference_name == cert_common_name; | 538 return reference_name == cert_common_name; |
539 } | 539 } |
540 base::StringPiece ip_addr_string( | 540 base::StringPiece ip_addr_string( |
541 reinterpret_cast<const char*>(host_info.address), | 541 reinterpret_cast<const char*>(host_info.address), |
542 host_info.AddressLength()); | 542 host_info.AddressLength()); |
543 return std::find(cert_san_ip_addrs.begin(), cert_san_ip_addrs.end(), | 543 return base::ContainsValue(cert_san_ip_addrs, ip_addr_string); |
544 ip_addr_string) != cert_san_ip_addrs.end(); | |
545 } | 544 } |
546 | 545 |
547 // |reference_domain| is the remainder of |host| after the leading host | 546 // |reference_domain| is the remainder of |host| after the leading host |
548 // component is stripped off, but includes the leading dot e.g. | 547 // component is stripped off, but includes the leading dot e.g. |
549 // "www.f.com" -> ".f.com". | 548 // "www.f.com" -> ".f.com". |
550 // If there is no meaningful domain part to |host| (e.g. it contains no dots) | 549 // If there is no meaningful domain part to |host| (e.g. it contains no dots) |
551 // then |reference_domain| will be empty. | 550 // then |reference_domain| will be empty. |
552 base::StringPiece reference_host, reference_domain; | 551 base::StringPiece reference_host, reference_domain; |
553 SplitOnChar(reference_name, '.', &reference_host, &reference_domain); | 552 SplitOnChar(reference_name, '.', &reference_host, &reference_domain); |
554 bool allow_wildcards = false; | 553 bool allow_wildcards = false; |
(...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
732 RemoveFromCache(cert_handle_); | 731 RemoveFromCache(cert_handle_); |
733 FreeOSCertHandle(cert_handle_); | 732 FreeOSCertHandle(cert_handle_); |
734 } | 733 } |
735 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { | 734 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { |
736 RemoveFromCache(intermediate_ca_certs_[i]); | 735 RemoveFromCache(intermediate_ca_certs_[i]); |
737 FreeOSCertHandle(intermediate_ca_certs_[i]); | 736 FreeOSCertHandle(intermediate_ca_certs_[i]); |
738 } | 737 } |
739 } | 738 } |
740 | 739 |
741 } // namespace net | 740 } // namespace net |
OLD | NEW |