Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(372)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/x509_certificate_win.cc

Issue 547603002: Certificate Transparency: Code for unpacking EV cert hashes whitelist (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Avoiding globals in favour of passing the SSLConfigService around Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/ct_ev_whitelist_unittest.cc ('K') | « net/cert/x509_certificate_unittest.cc ('k') | net/net.gypi » ('j') | net/socket/ssl_client_socket_nss.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/x509_certificate.h" 5 #include "net/cert/x509_certificate.h"
6 6
7 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS. 7 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS.
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/memory/scoped_ptr.h" 10 #include "base/memory/scoped_ptr.h"
11 #include "base/pickle.h" 11 #include "base/pickle.h"
12 #include "base/sha1.h" 12 #include "base/sha1.h"
13 #include "base/strings/string_util.h" 13 #include "base/strings/string_util.h"
14 #include "base/strings/utf_string_conversions.h" 14 #include "base/strings/utf_string_conversions.h"
15 #include "crypto/capi_util.h" 15 #include "crypto/capi_util.h"
16 #include "crypto/scoped_capi_types.h" 16 #include "crypto/scoped_capi_types.h"
17 #include "crypto/sha2.h"
17 #include "net/base/net_errors.h" 18 #include "net/base/net_errors.h"
18 19
19 #pragma comment(lib, "crypt32.lib") 20 #pragma comment(lib, "crypt32.lib")
20 21
21 using base::Time; 22 using base::Time;
22 23
23 namespace net { 24 namespace net {
24 25
25 namespace { 26 namespace {
26 27
(...skipping 281 matching lines...) Expand 10 before | Expand all | Expand 10 after
308 SHA1HashValue sha1; 309 SHA1HashValue sha1;
309 DWORD sha1_size = sizeof(sha1.data); 310 DWORD sha1_size = sizeof(sha1.data);
310 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded, 311 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded,
311 cert->cbCertEncoded, sha1.data, &sha1_size); 312 cert->cbCertEncoded, sha1.data, &sha1_size);
312 DCHECK(rv && sha1_size == sizeof(sha1.data)); 313 DCHECK(rv && sha1_size == sizeof(sha1.data));
313 if (!rv) 314 if (!rv)
314 memset(sha1.data, 0, sizeof(sha1.data)); 315 memset(sha1.data, 0, sizeof(sha1.data));
315 return sha1; 316 return sha1;
316 } 317 }
317 318
319 // static
320 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) {
321 DCHECK(NULL != cert->pbCertEncoded);
322 DCHECK_NE(static_cast<DWORD>(0), cert->cbCertEncoded);
Ryan Sleevi 2014/10/01 20:15:43 just use 0u ?
Eran Messeri 2014/10/03 12:00:11 Done.
323
324 SHA256HashValue sha256;
325 DWORD sha256_size = sizeof(sha256.data);
Ryan Sleevi 2014/10/01 20:15:43 No longer the correct type now, is it?
Eran Messeri 2014/10/03 12:00:11 Done.
326
327 // Use crypto::SHA256HashString for two reasons:
328 // * < Windows Vista does not have universal SHA-256 support.
329 // * More efficient on Windows > Vista (less overhead since non-default CSP
330 // is not needed).
331 base::StringPiece der_cert(reinterpret_cast<const char*>(cert->pbCertEncoded),
332 cert->cbCertEncoded);
333 crypto::SHA256HashString(der_cert, sha256.data, sha256_size);
334 return sha256;
335 }
336
318 // TODO(wtc): This function is implemented with NSS low-level hash 337 // TODO(wtc): This function is implemented with NSS low-level hash
319 // functions to ensure it is fast. Reimplement this function with 338 // functions to ensure it is fast. Reimplement this function with
320 // CryptoAPI. May need to cache the HCRYPTPROV to reduce the overhead. 339 // CryptoAPI. May need to cache the HCRYPTPROV to reduce the overhead.
321 // static 340 // static
322 SHA1HashValue X509Certificate::CalculateCAFingerprint( 341 SHA1HashValue X509Certificate::CalculateCAFingerprint(
323 const OSCertHandles& intermediates) { 342 const OSCertHandles& intermediates) {
324 SHA1HashValue sha1; 343 SHA1HashValue sha1;
325 memset(sha1.data, 0, sizeof(sha1.data)); 344 memset(sha1.data, 0, sizeof(sha1.data));
326 345
327 SHA1Context* sha1_ctx = SHA1_NewContext(); 346 SHA1Context* sha1_ctx = SHA1_NewContext();
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after
447 if (IsCertNameBlobInIssuerList(&(*it)->pCertInfo->Issuer, 466 if (IsCertNameBlobInIssuerList(&(*it)->pCertInfo->Issuer,
448 valid_issuers)) { 467 valid_issuers)) {
449 return true; 468 return true;
450 } 469 }
451 } 470 }
452 471
453 return false; 472 return false;
454 } 473 }
455 474
456 } // namespace net 475 } // namespace net
OLDNEW
« net/cert/ct_ev_whitelist_unittest.cc ('K') | « net/cert/x509_certificate_unittest.cc ('k') | net/net.gypi » ('j') | net/socket/ssl_client_socket_nss.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698