net/base/x509_certificate_openssl_android.cc - Issue 7538029: Upstream certificate and mime Android implementation.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/x509_certificate_openssl_android.cc

Issue 7538029: Upstream certificate and mime Android implementation. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Sync again Created 9 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/base/x509_certificate_openssl_android.cc

diff --git a/net/base/x509_certificate_openssl_android.cc b/net/base/x509_certificate_openssl_android.cc

new file mode 100644

index 0000000000000000000000000000000000000000..4e1bbd2c0186ee8722317f92caae2ffd1ffa07b2

--- /dev/null

+++ b/net/base/x509_certificate_openssl_android.cc

@@ -0,0 +1,63 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+#include "net/base/x509_certificate.h"

+#include "base/logging.h"

+#include "net/android/network_library.h"

+#include "net/base/cert_status_flags.h"

+#include "net/base/cert_verify_result.h"

+#include "net/base/net_errors.h"

+namespace net {

+int X509Certificate::VerifyInternal(const std::string& hostname,

+ int flags,

+ CertVerifyResult* verify_result) const {

+ if (!VerifyNameMatch(hostname))

+ verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;

+ std::vector<std::string> cert_bytes;

+ GetChainDEREncodedBytes(&cert_bytes);

+ // TODO(joth): Fetch the authentication type from SSL rather than hardcode.

+ android::VerifyResult result =

+ android::VerifyX509CertChain(cert_bytes, hostname, "RSA");

+ switch (result) {

+ case android::VERIFY_OK:

+ return OK;

+ case android::VERIFY_BAD_HOSTNAME:

+ verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;

+ break;

+ case android::VERIFY_NO_TRUSTED_ROOT:

+ verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID;

+ break;

+ case android::VERIFY_INVOCATION_ERROR:

+ default:

+ verify_result->cert_status |= ERR_CERT_INVALID;

+ break;

+ }

+ return MapCertStatusToNetError(verify_result->cert_status);

+void X509Certificate::GetChainDEREncodedBytes(

+ std::vector<std::string>* chain_bytes) const {

+ OSCertHandles cert_handles(intermediate_ca_certs_);

+ // Make sure the peer's own cert is the first in the chain, if it's not

+ // already there.

+ if (cert_handles.empty())

+ cert_handles.insert(cert_handles.begin(), cert_handle_);

+ chain_bytes->reserve(cert_handles.size());

+ for (OSCertHandles::const_iterator it = cert_handles.begin();

+ it != cert_handles.end(); ++it) {

+ DERCache der_cache = {0};

+ GetDERAndCacheIfNeeded(*it, &der_cache);

+ std::string cert_bytes (

+ reinterpret_cast<const char*>(der_cache.data), der_cache.data_length);

+ chain_bytes->push_back(cert_bytes);

+ }

+} // namespace net

« no previous file with comments | « net/base/x509_certificate_openssl.cc ('k') | no next file » | no next file with comments »