1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/cert/cert_verifier.h"
#include <algorithm>
#include "base/strings/string_util.h"
#include "build/build_config.h"
#include "net/cert/cert_verify_proc.h"
#include "third_party/boringssl/src/include/openssl/pool.h"
#include "third_party/boringssl/src/include/openssl/sha.h"
#if defined(OS_NACL)
#include "base/logging.h"
#else
#include "net/cert/caching_cert_verifier.h"
#include "net/cert/multi_threaded_cert_verifier.h"
#endif
namespace net {
CertVerifier::RequestParams::RequestParams(
scoped_refptr<X509Certificate> certificate,
const std::string& hostname,
int flags,
const std::string& ocsp_response,
CertificateList additional_trust_anchors)
: certificate_(std::move(certificate)),
hostname_(hostname),
flags_(flags),
ocsp_response_(ocsp_response),
additional_trust_anchors_(std::move(additional_trust_anchors)) {
// For efficiency sake, rather than compare all of the fields for each
// comparison, compute a hash of their values. This is done directly in
// this class, rather than as an overloaded hash operator, for efficiency's
// sake.
SHA256_CTX ctx;
SHA256_Init(&ctx);
SHA256_Update(&ctx, CRYPTO_BUFFER_data(certificate_->cert_buffer()),
CRYPTO_BUFFER_len(certificate_->cert_buffer()));
for (const auto& cert_handle : certificate_->intermediate_buffers()) {
SHA256_Update(&ctx, CRYPTO_BUFFER_data(cert_handle.get()),
CRYPTO_BUFFER_len(cert_handle.get()));
}
SHA256_Update(&ctx, hostname_.data(), hostname.size());
SHA256_Update(&ctx, &flags, sizeof(flags));
SHA256_Update(&ctx, ocsp_response.data(), ocsp_response.size());
for (const auto& trust_anchor : additional_trust_anchors_) {
SHA256_Update(&ctx, CRYPTO_BUFFER_data(trust_anchor->cert_buffer()),
CRYPTO_BUFFER_len(trust_anchor->cert_buffer()));
}
SHA256_Final(reinterpret_cast<uint8_t*>(
base::WriteInto(&key_, SHA256_DIGEST_LENGTH + 1)),
&ctx);
}
CertVerifier::RequestParams::RequestParams(const RequestParams& other) =
default;
CertVerifier::RequestParams::~RequestParams() = default;
bool CertVerifier::RequestParams::operator==(
const CertVerifier::RequestParams& other) const {
return key_ == other.key_;
}
bool CertVerifier::RequestParams::operator<(
const CertVerifier::RequestParams& other) const {
return key_ < other.key_;
}
bool CertVerifier::SupportsOCSPStapling() {
return false;
}
std::unique_ptr<CertVerifier> CertVerifier::CreateDefault() {
#if defined(OS_NACL)
NOTIMPLEMENTED();
return std::unique_ptr<CertVerifier>();
#else
return std::make_unique<CachingCertVerifier>(
std::make_unique<MultiThreadedCertVerifier>(
CertVerifyProc::CreateDefault()));
#endif
}
} // namespace net
|
