Chromium Code Reviews Chromium Code Reviews
Issue 6874039:
Return the constructed certificate chain in X509Certificate::Verify() (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
| 8 #include <CoreServices/CoreServices.h> | 8 #include <CoreServices/CoreServices.h> |
| 9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
| 10 #include <time.h> | 10 #include <time.h> |
| (...skipping 782 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 793 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { | 793 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { |
| 794 CFArrayAppendValue(cert_list, intermediate_ca_certs_[i]); | 794 CFArrayAppendValue(cert_list, intermediate_ca_certs_[i]); |
| 795 } | 795 } |
| 796 | 796 |
| 797 return cert_list; | 797 return cert_list; |
| 798 } | 798 } |
| 799 | 799 |
| 800 int X509Certificate::Verify(const std::string& hostname, int flags, | 800 int X509Certificate::Verify(const std::string& hostname, int flags, |
| 801 CertVerifyResult* verify_result) const { | 801 CertVerifyResult* verify_result) const { |
| 802 verify_result->Reset(); | 802 verify_result->Reset(); |
| 803 verify_result->verified_cert = | |
| 804 CreateFromHandle(cert_handle_, GetIntermediateCertificates()); | |
|
wtc
2011/07/26 00:16:35
Use intermediate_ca_certs_ instead of GetIntermedi
| |
| 803 | 805 |
| 804 if (IsBlacklisted()) { | 806 if (IsBlacklisted()) { |
| 805 verify_result->cert_status |= CERT_STATUS_REVOKED; | 807 verify_result->cert_status |= CERT_STATUS_REVOKED; |
| 806 return ERR_CERT_REVOKED; | 808 return ERR_CERT_REVOKED; |
| 807 } | 809 } |
| 808 | 810 |
| 809 ScopedCFTypeRef<CFArrayRef> trust_policies; | 811 ScopedCFTypeRef<CFArrayRef> trust_policies; |
| 810 OSStatus status = CreateTrustPolicies(hostname, flags, &trust_policies); | 812 OSStatus status = CreateTrustPolicies(hostname, flags, &trust_policies); |
| 811 if (status) | 813 if (status) |
| 812 return NetErrorFromOSStatus(status); | 814 return NetErrorFromOSStatus(status); |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 891 if (status) | 893 if (status) |
| 892 return NetErrorFromOSStatus(status); | 894 return NetErrorFromOSStatus(status); |
| 893 CFArrayRef completed_chain = NULL; | 895 CFArrayRef completed_chain = NULL; |
| 894 CSSM_TP_APPLE_EVIDENCE_INFO* chain_info; | 896 CSSM_TP_APPLE_EVIDENCE_INFO* chain_info; |
| 895 status = SecTrustGetResult(trust_ref, &trust_result, &completed_chain, | 897 status = SecTrustGetResult(trust_ref, &trust_result, &completed_chain, |
| 896 &chain_info); | 898 &chain_info); |
| 897 if (status) | 899 if (status) |
| 898 return NetErrorFromOSStatus(status); | 900 return NetErrorFromOSStatus(status); |
| 899 ScopedCFTypeRef<CFArrayRef> scoped_completed_chain(completed_chain); | 901 ScopedCFTypeRef<CFArrayRef> scoped_completed_chain(completed_chain); |
| 900 | 902 |
| 903 SecCertificateRef verified_cert = NULL; | |
| 904 std::vector<SecCertificateRef> verified_chain; | |
|
wtc
2011/07/26 00:16:35
Nit: it is not obvious that verified_chain does no
| |
| 905 for (CFIndex i = 0, count = CFArrayGetCount(completed_chain); | |
| 906 i < count; ++i) { | |
| 907 SecCertificateRef chain_cert = reinterpret_cast<SecCertificateRef>( | |
| 908 const_cast<void*>(CFArrayGetValueAtIndex(completed_chain, i))); | |
| 909 if (i == 0) { | |
| 910 verified_cert = chain_cert; | |
| 911 } else { | |
| 912 verified_chain.push_back(chain_cert); | |
| 913 } | |
| 914 } | |
| 915 if (verified_cert) { | |
| 916 verify_result->verified_cert = CreateFromHandle(verified_cert, | |
| 917 verified_chain); | |
| 918 } | |
| 919 | |
| 901 // Evaluate the results | 920 // Evaluate the results |
| 902 OSStatus cssm_result; | 921 OSStatus cssm_result; |
| 903 bool got_certificate_error = false; | 922 bool got_certificate_error = false; |
| 904 switch (trust_result) { | 923 switch (trust_result) { |
| 905 case kSecTrustResultUnspecified: | 924 case kSecTrustResultUnspecified: |
| 906 case kSecTrustResultProceed: | 925 case kSecTrustResultProceed: |
| 907 // Certificate chain is valid and trusted ("unspecified" indicates that | 926 // Certificate chain is valid and trusted ("unspecified" indicates that |
| 908 // the user has not explicitly set a trust setting) | 927 // the user has not explicitly set a trust setting) |
| 909 break; | 928 break; |
| 910 | 929 |
| (...skipping 435 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1346 CSSM_DATA cert_data; | 1365 CSSM_DATA cert_data; |
| 1347 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); | 1366 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); |
| 1348 if (status) | 1367 if (status) |
| 1349 return false; | 1368 return false; |
| 1350 | 1369 |
| 1351 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), | 1370 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), |
| 1352 cert_data.Length); | 1371 cert_data.Length); |
| 1353 } | 1372 } |
| 1354 | 1373 |
| 1355 } // namespace net | 1374 } // namespace net |
| OLD | NEW |
