Use component installer mechanism instead of extensions for supervised user whitelists.
[chromium-blink-merge.git] / net / cert / crl_set.cc
blob0898557f81bd7aa808c5907024425bbfcc9e2d28
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/cert/crl_set.h"
7 #include "base/logging.h"
8 #include "base/time/time.h"
10 namespace net {
12 CRLSet::CRLSet()
13 : sequence_(0),
14 not_after_(0) {
17 CRLSet::~CRLSet() {
20 CRLSet::Result CRLSet::CheckSPKI(const base::StringPiece& spki_hash) const {
21 for (std::vector<std::string>::const_iterator i = blocked_spkis_.begin();
22 i != blocked_spkis_.end(); ++i) {
23 if (spki_hash.size() == i->size() &&
24 memcmp(spki_hash.data(), i->data(), i->size()) == 0) {
25 return REVOKED;
29 return GOOD;
32 CRLSet::Result CRLSet::CheckSerial(
33 const base::StringPiece& serial_number,
34 const base::StringPiece& issuer_spki_hash) const {
35 base::StringPiece serial(serial_number);
37 if (!serial.empty() && (serial[0] & 0x80) != 0) {
38 // This serial number is negative but the process which generates CRL sets
39 // will reject any certificates with negative serial numbers as invalid.
40 return UNKNOWN;
43 // Remove any leading zero bytes.
44 while (serial.size() > 1 && serial[0] == 0x00)
45 serial.remove_prefix(1);
47 base::hash_map<std::string, size_t>::const_iterator i =
48 crls_index_by_issuer_.find(issuer_spki_hash.as_string());
49 if (i == crls_index_by_issuer_.end())
50 return UNKNOWN;
51 const std::vector<std::string>& serials = crls_[i->second].second;
53 for (std::vector<std::string>::const_iterator i = serials.begin();
54 i != serials.end(); ++i) {
55 if (base::StringPiece(*i) == serial)
56 return REVOKED;
59 return GOOD;
62 bool CRLSet::IsExpired() const {
63 if (not_after_ == 0)
64 return false;
66 uint64 now = base::Time::Now().ToTimeT();
67 return now > not_after_;
70 uint32 CRLSet::sequence() const {
71 return sequence_;
74 const CRLSet::CRLList& CRLSet::crls() const {
75 return crls_;
78 // static
79 CRLSet* CRLSet::EmptyCRLSetForTesting() {
80 return ForTesting(false, NULL, "");
83 CRLSet* CRLSet::ExpiredCRLSetForTesting() {
84 return ForTesting(true, NULL, "");
87 // static
88 CRLSet* CRLSet::ForTesting(bool is_expired,
89 const SHA256HashValue* issuer_spki,
90 const std::string& serial_number) {
91 CRLSet* crl_set = new CRLSet;
92 if (is_expired)
93 crl_set->not_after_ = 1;
94 if (issuer_spki != NULL) {
95 const std::string spki(reinterpret_cast<const char*>(issuer_spki->data),
96 sizeof(issuer_spki->data));
97 crl_set->crls_.push_back(make_pair(spki, std::vector<std::string>()));
98 crl_set->crls_index_by_issuer_[spki] = 0;
101 if (!serial_number.empty())
102 crl_set->crls_[0].second.push_back(serial_number);
104 return crl_set;
107 } // namespace net