Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(61)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_mac.cc

Issue 2867026: Make X509Certificate::CreateFromHandle() copy the OSCertHandle, rather than assume ownership (Closed)
Patch Set: Deleted one comment too many Created 10 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/base/x509_certificate.cc ('k') | net/base/x509_certificate_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #include <CommonCrypto/CommonDigest.h> 7 #include <CommonCrypto/CommonDigest.h>
8 #include <Security/Security.h> 8 #include <Security/Security.h>
9 #include <time.h> 9 #include <time.h>
10 10
(...skipping 717 matching lines...) Expand 10 before | Expand all | Expand 10 after
728 result = CopyCertChain(os_cert_handle(), &cert_chain); 728 result = CopyCertChain(os_cert_handle(), &cert_chain);
729 if (result != noErr) 729 if (result != noErr)
730 return false; 730 return false;
731 scoped_cftyperef<CFArrayRef> scoped_cert_chain(cert_chain); 731 scoped_cftyperef<CFArrayRef> scoped_cert_chain(cert_chain);
732 732
733 // Check all the certs in the chain for a match. 733 // Check all the certs in the chain for a match.
734 int n = CFArrayGetCount(cert_chain); 734 int n = CFArrayGetCount(cert_chain);
735 for (int i = 0; i < n; ++i) { 735 for (int i = 0; i < n; ++i) {
736 SecCertificateRef cert_handle = reinterpret_cast<SecCertificateRef>( 736 SecCertificateRef cert_handle = reinterpret_cast<SecCertificateRef>(
737 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i))); 737 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i)));
738 CFRetain(cert_handle);
739 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( 738 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle(
740 cert_handle, 739 cert_handle,
741 X509Certificate::SOURCE_LONE_CERT_IMPORT, 740 X509Certificate::SOURCE_LONE_CERT_IMPORT,
742 X509Certificate::OSCertHandles()); 741 X509Certificate::OSCertHandles());
743 for (unsigned j = 0; j < valid_issuers.size(); j++) { 742 for (unsigned j = 0; j < valid_issuers.size(); j++) {
744 if (cert->subject().Matches(valid_issuers[j])) 743 if (cert->subject().Matches(valid_issuers[j]))
745 return true; 744 return true;
746 } 745 }
747 } 746 }
748 return false; 747 return false;
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
788 SecIdentityRef identity = NULL; 787 SecIdentityRef identity = NULL;
789 err = SecIdentitySearchCopyNext(search, &identity); 788 err = SecIdentitySearchCopyNext(search, &identity);
790 if (err) 789 if (err)
791 break; 790 break;
792 scoped_cftyperef<SecIdentityRef> scoped_identity(identity); 791 scoped_cftyperef<SecIdentityRef> scoped_identity(identity);
793 792
794 SecCertificateRef cert_handle; 793 SecCertificateRef cert_handle;
795 err = SecIdentityCopyCertificate(identity, &cert_handle); 794 err = SecIdentityCopyCertificate(identity, &cert_handle);
796 if (err != noErr) 795 if (err != noErr)
797 continue; 796 continue;
797 scoped_cftyperef<SecCertificateRef> scoped_cert_handle(cert_handle);
798 798
799 scoped_refptr<X509Certificate> cert( 799 scoped_refptr<X509Certificate> cert(
800 CreateFromHandle(cert_handle, SOURCE_LONE_CERT_IMPORT, 800 CreateFromHandle(cert_handle, SOURCE_LONE_CERT_IMPORT,
801 OSCertHandles())); 801 OSCertHandles()));
802 // cert_handle is adoped by cert, so I don't need to release it myself. 802 // cert_handle is adoped by cert, so I don't need to release it myself.
803 if (cert->HasExpired() || !cert->SupportsSSLClientAuth()) 803 if (cert->HasExpired() || !cert->SupportsSSLClientAuth())
804 continue; 804 continue;
805 805
806 // Skip duplicates (a cert may be in multiple keychains). 806 // Skip duplicates (a cert may be in multiple keychains).
807 X509Certificate::Fingerprint fingerprint = cert->fingerprint(); 807 X509Certificate::Fingerprint fingerprint = cert->fingerprint();
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after
867 } 867 }
868 CFRelease(cert_chain); 868 CFRelease(cert_chain);
869 } 869 }
870 exit: 870 exit:
871 if (result) 871 if (result)
872 LOG(ERROR) << "CreateIdentityCertificateChain error " << result; 872 LOG(ERROR) << "CreateIdentityCertificateChain error " << result;
873 return chain.release(); 873 return chain.release();
874 } 874 }
875 875
876 } // namespace net 876 } // namespace net
OLDNEW
« no previous file with comments | « net/base/x509_certificate.cc ('k') | net/base/x509_certificate_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698