| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "net/cert/crl_set.h" | |
| 6 | |
| 7 #include "base/logging.h" | |
| 8 #include "base/time/time.h" | |
| 9 | |
| 10 namespace net { | |
| 11 | |
| 12 CRLSet::CRLSet() | |
| 13 : sequence_(0), | |
| 14 not_after_(0) { | |
| 15 } | |
| 16 | |
| 17 CRLSet::~CRLSet() { | |
| 18 } | |
| 19 | |
| 20 CRLSet::Result CRLSet::CheckSPKI(const base::StringPiece& spki_hash) const { | |
| 21 for (std::vector<std::string>::const_iterator i = blocked_spkis_.begin(); | |
| 22 i != blocked_spkis_.end(); ++i) { | |
| 23 if (spki_hash.size() == i->size() && | |
| 24 memcmp(spki_hash.data(), i->data(), i->size()) == 0) { | |
| 25 return REVOKED; | |
| 26 } | |
| 27 } | |
| 28 | |
| 29 return GOOD; | |
| 30 } | |
| 31 | |
| 32 CRLSet::Result CRLSet::CheckSerial( | |
| 33 const base::StringPiece& serial_number, | |
| 34 const base::StringPiece& issuer_spki_hash) const { | |
| 35 base::StringPiece serial(serial_number); | |
| 36 | |
| 37 if (!serial.empty() && (serial[0] & 0x80) != 0) { | |
| 38 // This serial number is negative but the process which generates CRL sets | |
| 39 // will reject any certificates with negative serial numbers as invalid. | |
| 40 return UNKNOWN; | |
| 41 } | |
| 42 | |
| 43 // Remove any leading zero bytes. | |
| 44 while (serial.size() > 1 && serial[0] == 0x00) | |
| 45 serial.remove_prefix(1); | |
| 46 | |
| 47 base::hash_map<std::string, size_t>::const_iterator crl_index = | |
| 48 crls_index_by_issuer_.find(issuer_spki_hash.as_string()); | |
| 49 if (crl_index == crls_index_by_issuer_.end()) | |
| 50 return UNKNOWN; | |
| 51 const std::vector<std::string>& serials = crls_[crl_index->second].second; | |
| 52 | |
| 53 for (std::vector<std::string>::const_iterator i = serials.begin(); | |
| 54 i != serials.end(); ++i) { | |
| 55 if (base::StringPiece(*i) == serial) | |
| 56 return REVOKED; | |
| 57 } | |
| 58 | |
| 59 return GOOD; | |
| 60 } | |
| 61 | |
| 62 bool CRLSet::IsExpired() const { | |
| 63 if (not_after_ == 0) | |
| 64 return false; | |
| 65 | |
| 66 uint64 now = base::Time::Now().ToTimeT(); | |
| 67 return now > not_after_; | |
| 68 } | |
| 69 | |
| 70 uint32 CRLSet::sequence() const { | |
| 71 return sequence_; | |
| 72 } | |
| 73 | |
| 74 const CRLSet::CRLList& CRLSet::crls() const { | |
| 75 return crls_; | |
| 76 } | |
| 77 | |
| 78 // static | |
| 79 CRLSet* CRLSet::EmptyCRLSetForTesting() { | |
| 80 return ForTesting(false, NULL, ""); | |
| 81 } | |
| 82 | |
| 83 CRLSet* CRLSet::ExpiredCRLSetForTesting() { | |
| 84 return ForTesting(true, NULL, ""); | |
| 85 } | |
| 86 | |
| 87 // static | |
| 88 CRLSet* CRLSet::ForTesting(bool is_expired, | |
| 89 const SHA256HashValue* issuer_spki, | |
| 90 const std::string& serial_number) { | |
| 91 CRLSet* crl_set = new CRLSet; | |
| 92 if (is_expired) | |
| 93 crl_set->not_after_ = 1; | |
| 94 if (issuer_spki != NULL) { | |
| 95 const std::string spki(reinterpret_cast<const char*>(issuer_spki->data), | |
| 96 sizeof(issuer_spki->data)); | |
| 97 crl_set->crls_.push_back(make_pair(spki, std::vector<std::string>())); | |
| 98 crl_set->crls_index_by_issuer_[spki] = 0; | |
| 99 } | |
| 100 | |
| 101 if (!serial_number.empty()) | |
| 102 crl_set->crls_[0].second.push_back(serial_number); | |
| 103 | |
| 104 return crl_set; | |
| 105 } | |
| 106 | |
| 107 } // namespace net | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 992733002:
Remove //net (except for Android test stuff) and sdch (Closed)
Base URL: git@github.com:domokit/mojo.git@master