mirror/naiveproxy
1
0
Fork 0
mirror of https://github.com/klzgrad/naiveproxy.git synced 2024-11-24 14:26:09 +03:00
Code Issues Projects Releases Wiki Activity
19bc836227
naiveproxy/net/cert/known_roots_win.cc
klzgrad 19bc836227 Import chromium-63.0.3239.132
2018-01-29 00:30:36 +08:00

58 lines
2.1 KiB
C++
Raw Blame History

// Copyright (c) 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/cert/known_roots_win.h"
#include "base/metrics/histogram_macros.h"
#include "crypto/sha2.h"
#include "net/base/hash_value.h"
#include "net/cert/x509_certificate_known_roots_win.h"
#include "net/cert/x509_util_win.h"
namespace net {
bool IsKnownRoot(PCCERT_CONTEXT cert) {
SHA256HashValue hash = x509_util::CalculateFingerprint256(cert);
bool is_builtin =
IsSHA256HashInSortedArray(HashValue(hash), kKnownRootCertSHA256Hashes,
kKnownRootCertSHA256HashesLength);
// Test to see if the use of a built-in set of known roots on Windows can be
// replaced with using AuthRoot's SHA-256 property. On any system other than
// a fresh RTM with no AuthRoot updates, this property should always exist for
// roots delivered via AuthRoot.stl, but should not exist on any manually or
// administratively deployed roots.
BYTE hash_prop[32] = {0};
DWORD size = sizeof(hash_prop);
bool found_property =
CertGetCertificateContextProperty(
cert, CERT_AUTH_ROOT_SHA256_HASH_PROP_ID, &hash_prop, &size) &&
size == sizeof(hash_prop);
enum BuiltinStatus {
BUILT_IN_PROPERTY_NOT_FOUND_BUILTIN_NOT_SET = 0,
BUILT_IN_PROPERTY_NOT_FOUND_BUILTIN_SET = 1,
BUILT_IN_PROPERTY_FOUND_BUILTIN_NOT_SET = 2,
BUILT_IN_PROPERTY_FOUND_BUILTIN_SET = 3,
BUILT_IN_MAX_VALUE,
} status;
if (!found_property && !is_builtin) {
status = BUILT_IN_PROPERTY_NOT_FOUND_BUILTIN_NOT_SET;
} else if (!found_property && is_builtin) {
status = BUILT_IN_PROPERTY_NOT_FOUND_BUILTIN_SET;
} else if (found_property && !is_builtin) {
status = BUILT_IN_PROPERTY_FOUND_BUILTIN_NOT_SET;
} else if (found_property && is_builtin) {
status = BUILT_IN_PROPERTY_FOUND_BUILTIN_SET;
} else {
status = BUILT_IN_MAX_VALUE;
}
UMA_HISTOGRAM_ENUMERATION("Net.SSL_AuthRootConsistency", status,
BUILT_IN_MAX_VALUE);
return is_builtin;
}
} // namespace net
Reference in New Issue View Git Blame Copy Permalink