// Copyright 2016 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "components/certificate_transparency/chrome_require_ct_delegate.h" #include <algorithm> #include <iterator> #include <map> #include <set> #include <string> #include <string_view> #include <utility> #include <vector> #include "base/containers/contains.h" #include "base/functional/bind.h" #include "base/functional/callback.h" #include "base/location.h" #include "base/logging.h" #include "base/memory/ref_counted.h" #include "base/strings/string_util.h" #include "base/task/sequenced_task_runner.h" #include "base/values.h" #include "components/url_formatter/url_fixer.h" #include "components/url_matcher/url_matcher.h" #include "crypto/sha2.h" #include "net/base/hash_value.h" #include "net/base/host_port_pair.h" #include "net/cert/asn1_util.h" #include "net/cert/known_roots.h" #include "net/cert/x509_certificate.h" #include "net/cert/x509_util.h" #include "third_party/boringssl/src/pki/name_constraints.h" #include "third_party/boringssl/src/pki/parse_name.h" #include "third_party/boringssl/src/pki/parsed_certificate.h" namespace certificate_transparency { namespace { // Helper that takes a given net::RDNSequence and returns only the // organizationName net::X509NameAttributes. class OrgAttributeFilter { … }; // Returns true if |dn_without_sequence| identifies an // organizationally-validated certificate, per the CA/Browser Forum's Baseline // Requirements, storing the parsed RDNSequence in |*out|. bool ParseOrganizationBoundName(bssl::der::Input dn_without_sequence, bssl::RDNSequence* out) { … } // Returns true if the certificate identified by |leaf_rdn_sequence| is // considered to be issued under the same organizational authority as // |org_cert|. bool AreCertsSameOrganization(const bssl::RDNSequence& leaf_rdn_sequence, CRYPTO_BUFFER* org_cert) { … } } // namespace ChromeRequireCTDelegate::ChromeRequireCTDelegate() : … { … } ChromeRequireCTDelegate::~ChromeRequireCTDelegate() { … } net::TransportSecurityState::RequireCTDelegate::CTRequirementLevel ChromeRequireCTDelegate::IsCTRequiredForHost( const std::string& hostname, const net::X509Certificate* chain, const net::HashValueVector& spki_hashes) { … } void ChromeRequireCTDelegate::UpdateCTPolicies( const std::vector<std::string>& excluded_hosts, const std::vector<std::string>& excluded_spkis) { … } bool ChromeRequireCTDelegate::MatchHostname(const std::string& hostname) const { … } bool ChromeRequireCTDelegate::MatchSPKI( const net::X509Certificate* chain, const net::HashValueVector& hashes) const { … } void ChromeRequireCTDelegate::AddFilters( const std::vector<std::string>& hosts, url_matcher::URLMatcherConditionSet::Vector* conditions) { … } void ChromeRequireCTDelegate::ParseSpkiHashes( const std::vector<std::string> spki_list, net::HashValueVector* hashes) const { … } } // namespace certificate_transparency
Codebase Browser
chromium