OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
6 | 6 |
7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
8 #include "base/metrics/histogram.h" | 8 #include "base/metrics/histogram.h" |
9 #include "base/sha1.h" | 9 #include "base/sha1.h" |
10 #include "base/strings/stringprintf.h" | 10 #include "base/strings/stringprintf.h" |
(...skipping 563 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
574 // C=IN, O=India PKI, CN=CCA India 2014 | 574 // C=IN, O=India PKI, CN=CCA India 2014 |
575 // Expires: March 5 2024. | 575 // Expires: March 5 2024. |
576 { | 576 { |
577 {0x36, 0x8c, 0x4a, 0x1e, 0x2d, 0xb7, 0x81, 0xe8, 0x6b, 0xed, | 577 {0x36, 0x8c, 0x4a, 0x1e, 0x2d, 0xb7, 0x81, 0xe8, 0x6b, 0xed, |
578 0x5a, 0x0a, 0x42, 0xb8, 0xc5, 0xcf, 0x6d, 0xb3, 0x57, 0xe1}, | 578 0x5a, 0x0a, 0x42, 0xb8, 0xc5, 0xcf, 0x6d, 0xb3, 0x57, 0xe1}, |
579 kDomainsIndiaCCA, | 579 kDomainsIndiaCCA, |
580 }, | 580 }, |
581 // Not a real certificate - just for testing. This is the SPKI hash of | 581 // Not a real certificate - just for testing. This is the SPKI hash of |
582 // the keys used in net/data/ssl/certificates/name_constraint_*.crt. | 582 // the keys used in net/data/ssl/certificates/name_constraint_*.crt. |
583 { | 583 { |
584 {0x15, 0x45, 0xd7, 0x3b, 0x58, 0x6b, 0x47, 0xcf, 0xc1, 0x44, | 584 {0x61, 0xec, 0x82, 0x8b, 0xdb, 0x5c, 0x78, 0x2a, 0x8f, 0xcc, |
585 0xa2, 0xc9, 0xaa, 0xab, 0x98, 0x3d, 0x21, 0xcc, 0x42, 0xde}, | 585 0x4f, 0x0f, 0x14, 0xbb, 0x85, 0x31, 0x93, 0x9f, 0xf7, 0x3d}, |
586 kDomainsTest, | 586 kDomainsTest, |
587 }, | 587 }, |
588 }; | 588 }; |
589 | 589 |
590 for (unsigned i = 0; i < arraysize(kLimits); ++i) { | 590 for (unsigned i = 0; i < arraysize(kLimits); ++i) { |
591 for (HashValueVector::const_iterator j = public_key_hashes.begin(); | 591 for (HashValueVector::const_iterator j = public_key_hashes.begin(); |
592 j != public_key_hashes.end(); ++j) { | 592 j != public_key_hashes.end(); ++j) { |
593 if (j->tag == HASH_VALUE_SHA1 && | 593 if (j->tag == HASH_VALUE_SHA1 && |
594 memcmp(j->data(), kLimits[i].public_key, base::kSHA1Length) == 0) { | 594 memcmp(j->data(), kLimits[i].public_key, base::kSHA1Length) == 0) { |
595 if (dns_names.empty() && ip_addrs.empty()) { | 595 if (dns_names.empty() && ip_addrs.empty()) { |
596 std::vector<std::string> dns_names; | 596 std::vector<std::string> dns_names; |
597 dns_names.push_back(common_name); | 597 dns_names.push_back(common_name); |
598 if (!CheckNameConstraints(dns_names, kLimits[i].domains)) | 598 if (!CheckNameConstraints(dns_names, kLimits[i].domains)) |
599 return true; | 599 return true; |
600 } else { | 600 } else { |
601 if (!CheckNameConstraints(dns_names, kLimits[i].domains)) | 601 if (!CheckNameConstraints(dns_names, kLimits[i].domains)) |
602 return true; | 602 return true; |
603 } | 603 } |
604 } | 604 } |
605 } | 605 } |
606 } | 606 } |
607 | 607 |
608 return false; | 608 return false; |
609 } | 609 } |
610 | 610 |
611 } // namespace net | 611 } // namespace net |
OLD | NEW |