1 // Copyright (c) 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/cert/cert_verify_proc_whitelist.h"
9 #include "net/cert/x509_certificate.h"
16 const uint8_t kBuiltinWhitelistHashes
[][crypto::kSHA256Length
] = {
20 const PublicKeyWhitelist kBuiltinWhitelist
[] = {
22 kBuiltinWhitelistHashes
, 0},
25 const size_t kBuiltinWhitelistSize
= 0;
27 const PublicKeyWhitelist
* g_whitelist
= kBuiltinWhitelist
;
28 size_t g_whitelist_size
= kBuiltinWhitelistSize
;
30 // Comparator to compare a SHA256HashValue with a uint8_t array containing a
32 // Return value follows memcmp semantics.
33 int CompareHashValueToRawHash(const void* key
, const void* element
) {
34 const SHA256HashValue
* search_key
=
35 reinterpret_cast<const SHA256HashValue
*>(key
);
36 return memcmp(search_key
->data
, element
, sizeof(search_key
->data
));
41 bool IsNonWhitelistedCertificate(const X509Certificate
& cert
,
42 const HashValueVector
& public_key_hashes
) {
43 if (g_whitelist_size
== 0)
45 for (size_t i
= 0; i
< g_whitelist_size
; ++i
) {
46 for (const auto& hash
: public_key_hashes
) {
47 if (hash
.tag
!= HASH_VALUE_SHA256
)
49 if (memcmp(hash
.data(), g_whitelist
[i
].public_key
,
50 crypto::kSHA256Length
) != 0) {
53 const SHA256HashValue leaf_hash
=
54 X509Certificate::CalculateFingerprint256(cert
.os_cert_handle());
55 void* result
= bsearch(&leaf_hash
, g_whitelist
[i
].whitelist
,
56 g_whitelist
[i
].whitelist_size
,
57 crypto::kSHA256Length
, CompareHashValueToRawHash
);
58 if (result
== nullptr)
66 void SetCertificateWhitelistForTesting(const PublicKeyWhitelist
* whitelist
,
67 size_t whitelist_size
) {
68 if (whitelist
== nullptr || whitelist_size
== 0) {
69 g_whitelist
= kBuiltinWhitelist
;
70 g_whitelist_size
= kBuiltinWhitelistSize
;
74 g_whitelist
= whitelist
;
75 g_whitelist_size
= whitelist_size
;
