| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_chain.h" | 5 #include "net/base/x509_chain.h" |
| 6 | 6 |
| 7 #include <Security/Security.h> | 7 #include <Security/Security.h> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/scoped_cftyperef.h" | 10 #include "base/scoped_cftyperef.h" |
| (...skipping 272 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 283 if (status) | 283 if (status) |
| 284 return NetErrorFromOSStatus(status); | 284 return NetErrorFromOSStatus(status); |
| 285 CFArrayRef completed_chain = NULL; | 285 CFArrayRef completed_chain = NULL; |
| 286 CSSM_TP_APPLE_EVIDENCE_INFO* chain_info; | 286 CSSM_TP_APPLE_EVIDENCE_INFO* chain_info; |
| 287 status = SecTrustGetResult(trust_ref, &trust_result, &completed_chain, | 287 status = SecTrustGetResult(trust_ref, &trust_result, &completed_chain, |
| 288 &chain_info); | 288 &chain_info); |
| 289 if (status) | 289 if (status) |
| 290 return NetErrorFromOSStatus(status); | 290 return NetErrorFromOSStatus(status); |
| 291 scoped_cftyperef<CFArrayRef> scoped_completed_chain(completed_chain); | 291 scoped_cftyperef<CFArrayRef> scoped_completed_chain(completed_chain); |
| 292 | 292 |
| 293 // Copy the certificate chain, regardless of the results, if requested. |
| 294 if (flags & VERIFY_RETURN_CHAIN) { |
| 295 X509Certificate::OSCertHandles intermediates; |
| 296 for (CFIndex i = 1, count = CFArrayGetCount(completed_chain); i < count; |
| 297 ++i) { |
| 298 intermediates.push_back(reinterpret_cast<SecCertificateRef>( |
| 299 const_cast<void*>(CFArrayGetValueAtIndex(completed_chain, i)))); |
| 300 } |
| 301 |
| 302 SecCertificateRef server_cert = reinterpret_cast<SecCertificateRef>( |
| 303 const_cast<void*>(CFArrayGetValueAtIndex(completed_chain, 0))); |
| 304 verify_result->certificate = X509Certificate::CreateFromHandle( |
| 305 server_cert, intermediates); |
| 306 } |
| 307 |
| 293 // Evaluate the results | 308 // Evaluate the results |
| 294 OSStatus cssm_result; | 309 OSStatus cssm_result; |
| 295 bool got_certificate_error = false; | 310 bool got_certificate_error = false; |
| 296 switch (trust_result) { | 311 switch (trust_result) { |
| 297 case kSecTrustResultUnspecified: | 312 case kSecTrustResultUnspecified: |
| 298 case kSecTrustResultProceed: | 313 case kSecTrustResultProceed: |
| 299 // Certificate chain is valid and trusted ("unspecified" indicates that | 314 // Certificate chain is valid and trusted ("unspecified" indicates that |
| 300 // the user has not explicitly set a trust setting) | 315 // the user has not explicitly set a trust setting) |
| 301 break; | 316 break; |
| 302 | 317 |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 409 } | 424 } |
| 410 } | 425 } |
| 411 } | 426 } |
| 412 | 427 |
| 413 return OK; | 428 return OK; |
| 414 } | 429 } |
| 415 | 430 |
| 416 } // namespace x509_chain | 431 } // namespace x509_chain |
| 417 | 432 |
| 418 } // namespace net | 433 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3146034:
Allow the constructed certificate chain to be returned in CertVerifyResult (Closed)
