OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
8 #include <CoreServices/CoreServices.h> | 8 #include <CoreServices/CoreServices.h> |
9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
10 #include <time.h> | 10 #include <time.h> |
(...skipping 782 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
793 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { | 793 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { |
794 CFArrayAppendValue(cert_list, intermediate_ca_certs_[i]); | 794 CFArrayAppendValue(cert_list, intermediate_ca_certs_[i]); |
795 } | 795 } |
796 | 796 |
797 return cert_list; | 797 return cert_list; |
798 } | 798 } |
799 | 799 |
800 int X509Certificate::Verify(const std::string& hostname, int flags, | 800 int X509Certificate::Verify(const std::string& hostname, int flags, |
801 CertVerifyResult* verify_result) const { | 801 CertVerifyResult* verify_result) const { |
802 verify_result->Reset(); | 802 verify_result->Reset(); |
803 verify_result->verified_cert = | |
804 CreateFromHandle(cert_handle_, GetIntermediateCertificates()); | |
wtc
2011/07/26 00:16:35
Use intermediate_ca_certs_ instead of GetIntermedi
| |
803 | 805 |
804 if (IsBlacklisted()) { | 806 if (IsBlacklisted()) { |
805 verify_result->cert_status |= CERT_STATUS_REVOKED; | 807 verify_result->cert_status |= CERT_STATUS_REVOKED; |
806 return ERR_CERT_REVOKED; | 808 return ERR_CERT_REVOKED; |
807 } | 809 } |
808 | 810 |
809 ScopedCFTypeRef<CFArrayRef> trust_policies; | 811 ScopedCFTypeRef<CFArrayRef> trust_policies; |
810 OSStatus status = CreateTrustPolicies(hostname, flags, &trust_policies); | 812 OSStatus status = CreateTrustPolicies(hostname, flags, &trust_policies); |
811 if (status) | 813 if (status) |
812 return NetErrorFromOSStatus(status); | 814 return NetErrorFromOSStatus(status); |
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
891 if (status) | 893 if (status) |
892 return NetErrorFromOSStatus(status); | 894 return NetErrorFromOSStatus(status); |
893 CFArrayRef completed_chain = NULL; | 895 CFArrayRef completed_chain = NULL; |
894 CSSM_TP_APPLE_EVIDENCE_INFO* chain_info; | 896 CSSM_TP_APPLE_EVIDENCE_INFO* chain_info; |
895 status = SecTrustGetResult(trust_ref, &trust_result, &completed_chain, | 897 status = SecTrustGetResult(trust_ref, &trust_result, &completed_chain, |
896 &chain_info); | 898 &chain_info); |
897 if (status) | 899 if (status) |
898 return NetErrorFromOSStatus(status); | 900 return NetErrorFromOSStatus(status); |
899 ScopedCFTypeRef<CFArrayRef> scoped_completed_chain(completed_chain); | 901 ScopedCFTypeRef<CFArrayRef> scoped_completed_chain(completed_chain); |
900 | 902 |
903 SecCertificateRef verified_cert = NULL; | |
904 std::vector<SecCertificateRef> verified_chain; | |
wtc
2011/07/26 00:16:35
Nit: it is not obvious that verified_chain does no
| |
905 for (CFIndex i = 0, count = CFArrayGetCount(completed_chain); | |
906 i < count; ++i) { | |
907 SecCertificateRef chain_cert = reinterpret_cast<SecCertificateRef>( | |
908 const_cast<void*>(CFArrayGetValueAtIndex(completed_chain, i))); | |
909 if (i == 0) { | |
910 verified_cert = chain_cert; | |
911 } else { | |
912 verified_chain.push_back(chain_cert); | |
913 } | |
914 } | |
915 if (verified_cert) { | |
916 verify_result->verified_cert = CreateFromHandle(verified_cert, | |
917 verified_chain); | |
918 } | |
919 | |
901 // Evaluate the results | 920 // Evaluate the results |
902 OSStatus cssm_result; | 921 OSStatus cssm_result; |
903 bool got_certificate_error = false; | 922 bool got_certificate_error = false; |
904 switch (trust_result) { | 923 switch (trust_result) { |
905 case kSecTrustResultUnspecified: | 924 case kSecTrustResultUnspecified: |
906 case kSecTrustResultProceed: | 925 case kSecTrustResultProceed: |
907 // Certificate chain is valid and trusted ("unspecified" indicates that | 926 // Certificate chain is valid and trusted ("unspecified" indicates that |
908 // the user has not explicitly set a trust setting) | 927 // the user has not explicitly set a trust setting) |
909 break; | 928 break; |
910 | 929 |
(...skipping 435 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1346 CSSM_DATA cert_data; | 1365 CSSM_DATA cert_data; |
1347 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); | 1366 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); |
1348 if (status) | 1367 if (status) |
1349 return false; | 1368 return false; |
1350 | 1369 |
1351 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), | 1370 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), |
1352 cert_data.Length); | 1371 cert_data.Length); |
1353 } | 1372 } |
1354 | 1373 |
1355 } // namespace net | 1374 } // namespace net |
OLD | NEW |