| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <map> | 9 #include <map> |
| 10 #include <string> | 10 #include <string> |
| (...skipping 519 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 530 X509Certificate::~X509Certificate() { | 530 X509Certificate::~X509Certificate() { |
| 531 // We might not be in the cache, but it is safe to remove ourselves anyway. | 531 // We might not be in the cache, but it is safe to remove ourselves anyway. |
| 532 g_x509_certificate_cache.Get().Remove(this); | 532 g_x509_certificate_cache.Get().Remove(this); |
| 533 if (cert_handle_) | 533 if (cert_handle_) |
| 534 FreeOSCertHandle(cert_handle_); | 534 FreeOSCertHandle(cert_handle_); |
| 535 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) | 535 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) |
| 536 FreeOSCertHandle(intermediate_ca_certs_[i]); | 536 FreeOSCertHandle(intermediate_ca_certs_[i]); |
| 537 } | 537 } |
| 538 | 538 |
| 539 bool X509Certificate::IsBlacklisted() const { | 539 bool X509Certificate::IsBlacklisted() const { |
| 540 static const unsigned kNumSerials = 257; | 540 static const unsigned kNumSerials = 256; |
| 541 static const unsigned kSerialBytes = 16; | 541 static const unsigned kSerialBytes = 16; |
| 542 static const uint8 kSerials[kNumSerials][kSerialBytes] = { | 542 static const uint8 kSerials[kNumSerials][kSerialBytes] = { |
| 543 // Not a real certificate. For testing only. | 543 // Not a real certificate. For testing only. |
| 544 {0x07,0x7a,0x59,0xbc,0xd5,0x34,0x59,0x60,0x1c,0xa6,0x90,0x72,0x67,0xa6,0xdd,
0x1c}, | 544 {0x07,0x7a,0x59,0xbc,0xd5,0x34,0x59,0x60,0x1c,0xa6,0x90,0x72,0x67,0xa6,0xdd,
0x1c}, |
| 545 | 545 |
| 546 // The next nine certificates all expire on Fri Mar 14 23:59:59 2014. | 546 // The next nine certificates all expire on Fri Mar 14 23:59:59 2014. |
| 547 // Some serial numbers actually have a leading 0x00 byte required to | 547 // Some serial numbers actually have a leading 0x00 byte required to |
| 548 // encode a positive integer in DER if the most significant bit is 0. | 548 // encode a positive integer in DER if the most significant bit is 0. |
| 549 // We omit the leading 0x00 bytes to make all serial numbers 16 bytes. | 549 // We omit the leading 0x00 bytes to make all serial numbers 16 bytes. |
| 550 | 550 |
| (...skipping 285 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 836 } | 836 } |
| 837 | 837 |
| 838 // Special case for DigiNotar: this serial number had a leading 0x00 byte | 838 // Special case for DigiNotar: this serial number had a leading 0x00 byte |
| 839 static const uint8 kDigiNotarLeadingZero[15] = { | 839 static const uint8 kDigiNotarLeadingZero[15] = { |
| 840 0x17,0x7f,0xb6,0x53,0x6b,0x98,0xce,0x40,0xd5,0x4b,0x8b,0x24,0xe3,0x16,0x05 | 840 0x17,0x7f,0xb6,0x53,0x6b,0x98,0xce,0x40,0xd5,0x4b,0x8b,0x24,0xe3,0x16,0x05 |
| 841 }; | 841 }; |
| 842 | 842 |
| 843 if (serial_number_.size() == sizeof(kDigiNotarLeadingZero) && | 843 if (serial_number_.size() == sizeof(kDigiNotarLeadingZero) && |
| 844 memcmp(serial_number_.data(), kDigiNotarLeadingZero, | 844 memcmp(serial_number_.data(), kDigiNotarLeadingZero, |
| 845 sizeof(kDigiNotarLeadingZero)) == 0) { | 845 sizeof(kDigiNotarLeadingZero)) == 0) { |
| 846 UMA_HISTOGRAM_ENUMERATION("Net.SSLCertBlacklisted", kNumSerials, kNumSer
ials + 1); | 846 UMA_HISTOGRAM_ENUMERATION("Net.SSLCertBlacklisted", kNumSerials, |
| 847 return true; | 847 kNumSerials + 1); |
| 848 return true; |
| 848 } | 849 } |
| 849 | 850 |
| 850 return false; | 851 return false; |
| 851 } | 852 } |
| 852 | 853 |
| 853 // static | 854 // static |
| 854 bool X509Certificate::IsPublicKeyBlacklisted( | 855 bool X509Certificate::IsPublicKeyBlacklisted( |
| 855 const std::vector<SHA1Fingerprint>& public_key_hashes) { | 856 const std::vector<SHA1Fingerprint>& public_key_hashes) { |
| 856 static const unsigned kNumHashes = 3; | 857 static const unsigned kNumHashes = 3; |
| 857 static const uint8 kHashes[kNumHashes][base::SHA1_LENGTH] = { | 858 static const uint8 kHashes[kNumHashes][base::SHA1_LENGTH] = { |
| (...skipping 27 matching lines...) Expand all Loading... |
| 885 bool X509Certificate::IsSHA1HashInSortedArray(const SHA1Fingerprint& hash, | 886 bool X509Certificate::IsSHA1HashInSortedArray(const SHA1Fingerprint& hash, |
| 886 const uint8* array, | 887 const uint8* array, |
| 887 size_t array_byte_len) { | 888 size_t array_byte_len) { |
| 888 DCHECK_EQ(0u, array_byte_len % base::SHA1_LENGTH); | 889 DCHECK_EQ(0u, array_byte_len % base::SHA1_LENGTH); |
| 889 const unsigned arraylen = array_byte_len / base::SHA1_LENGTH; | 890 const unsigned arraylen = array_byte_len / base::SHA1_LENGTH; |
| 890 return NULL != bsearch(hash.data, array, arraylen, base::SHA1_LENGTH, | 891 return NULL != bsearch(hash.data, array, arraylen, base::SHA1_LENGTH, |
| 891 CompareSHA1Hashes); | 892 CompareSHA1Hashes); |
| 892 } | 893 } |
| 893 | 894 |
| 894 } // namespace net | 895 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7737010:
Merge 99494 - Fix a benign off-by-one error of kNumSerials in IsBlacklisted. (Closed)
Base URL: svn://svn.chromium.org/chrome/branches/782/src/