Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(309)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/cert_verify_proc_nss.cc

Issue 10855168: Rename X509Certificate::VerifyFlags to CertVerifier::VerifyFlags (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Compile fix Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/cert_verify_proc_mac.cc ('k') | net/base/cert_verify_proc_openssl.cc » ('j') | net/base/cert_verify_proc_openssl.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/cert_verify_proc_nss.h" 5 #include "net/base/cert_verify_proc_nss.h"
6 6
7 #include <cert.h> 7 #include <cert.h>
8 #include <nss.h> 8 #include <nss.h>
9 #include <prerror.h> 9 #include <prerror.h>
10 #include <secerr.h> 10 #include <secerr.h>
11 #include <sechash.h> 11 #include <sechash.h>
12 #include <sslerr.h> 12 #include <sslerr.h>
13 13
14 #include "base/logging.h" 14 #include "base/logging.h"
15 #include "crypto/nss_util.h" 15 #include "crypto/nss_util.h"
16 #include "crypto/scoped_nss_types.h" 16 #include "crypto/scoped_nss_types.h"
17 #include "crypto/sha2.h" 17 #include "crypto/sha2.h"
18 #include "net/base/asn1_util.h" 18 #include "net/base/asn1_util.h"
19 #include "net/base/cert_status_flags.h" 19 #include "net/base/cert_status_flags.h"
20 #include "net/base/cert_verifier.h"
20 #include "net/base/cert_verify_result.h" 21 #include "net/base/cert_verify_result.h"
21 #include "net/base/crl_set.h" 22 #include "net/base/crl_set.h"
22 #include "net/base/ev_root_ca_metadata.h" 23 #include "net/base/ev_root_ca_metadata.h"
23 #include "net/base/net_errors.h" 24 #include "net/base/net_errors.h"
24 #include "net/base/x509_certificate.h" 25 #include "net/base/x509_certificate.h"
25 #include "net/base/x509_util_nss.h" 26 #include "net/base/x509_util_nss.h"
26 27
27 namespace net { 28 namespace net {
28 29
29 namespace { 30 namespace {
(...skipping 605 matching lines...) Expand 10 before | Expand all | Expand 10 after
635 cvout_index++; 636 cvout_index++;
636 cvout[cvout_index].type = cert_po_trustAnchor; 637 cvout[cvout_index].type = cert_po_trustAnchor;
637 cvout[cvout_index].value.pointer.cert = NULL; 638 cvout[cvout_index].value.pointer.cert = NULL;
638 int cvout_trust_anchor_index = cvout_index; 639 int cvout_trust_anchor_index = cvout_index;
639 cvout_index++; 640 cvout_index++;
640 cvout[cvout_index].type = cert_po_end; 641 cvout[cvout_index].type = cert_po_end;
641 ScopedCERTValOutParam scoped_cvout(cvout); 642 ScopedCERTValOutParam scoped_cvout(cvout);
642 643
643 SECStatus status = PKIXVerifyCert( 644 SECStatus status = PKIXVerifyCert(
644 cert_handle, 645 cert_handle,
645 flags & X509Certificate::VERIFY_REV_CHECKING_ENABLED, 646 flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED,
646 flags & X509Certificate::VERIFY_CERT_IO_ENABLED, 647 flags & CertVerifier::VERIFY_CERT_IO_ENABLED,
647 metadata->GetPolicyOIDs(), 648 metadata->GetPolicyOIDs(),
648 metadata->NumPolicyOIDs(), 649 metadata->NumPolicyOIDs(),
649 cvout); 650 cvout);
650 if (status != SECSuccess) 651 if (status != SECSuccess)
651 return false; 652 return false;
652 653
653 CERTCertificate* root_ca = 654 CERTCertificate* root_ca =
654 cvout[cvout_trust_anchor_index].value.pointer.cert; 655 cvout[cvout_trust_anchor_index].value.pointer.cert;
655 if (root_ca == NULL) 656 if (root_ca == NULL)
656 return false; 657 return false;
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after
711 cvout[cvout_index].value.pointer.chain = NULL; 712 cvout[cvout_index].value.pointer.chain = NULL;
712 int cvout_cert_list_index = cvout_index; 713 int cvout_cert_list_index = cvout_index;
713 cvout_index++; 714 cvout_index++;
714 cvout[cvout_index].type = cert_po_trustAnchor; 715 cvout[cvout_index].type = cert_po_trustAnchor;
715 cvout[cvout_index].value.pointer.cert = NULL; 716 cvout[cvout_index].value.pointer.cert = NULL;
716 int cvout_trust_anchor_index = cvout_index; 717 int cvout_trust_anchor_index = cvout_index;
717 cvout_index++; 718 cvout_index++;
718 cvout[cvout_index].type = cert_po_end; 719 cvout[cvout_index].type = cert_po_end;
719 ScopedCERTValOutParam scoped_cvout(cvout); 720 ScopedCERTValOutParam scoped_cvout(cvout);
720 721
721 bool cert_io_enabled = flags & X509Certificate::VERIFY_CERT_IO_ENABLED; 722 bool cert_io_enabled = flags & CertVerifier::VERIFY_CERT_IO_ENABLED;
722 bool check_revocation = 723 bool check_revocation =
723 (flags & X509Certificate::VERIFY_REV_CHECKING_ENABLED) && 724 (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED) &&
724 cert_io_enabled; 725 cert_io_enabled;
725 if (check_revocation) 726 if (check_revocation)
726 verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED; 727 verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED;
727 728
728 status = PKIXVerifyCert(cert_handle, check_revocation, cert_io_enabled, 729 status = PKIXVerifyCert(cert_handle, check_revocation, cert_io_enabled,
729 NULL, 0, cvout); 730 NULL, 0, cvout);
730 731
731 if (crl_set) { 732 if (crl_set) {
732 CRLSetResult crl_set_result = CheckRevocationWithCRLSet( 733 CRLSetResult crl_set_result = CheckRevocationWithCRLSet(
733 cvout[cvout_cert_list_index].value.pointer.chain, 734 cvout[cvout_cert_list_index].value.pointer.chain,
(...skipping 29 matching lines...) Expand all
763 if (IsCertStatusError(verify_result->cert_status)) 764 if (IsCertStatusError(verify_result->cert_status))
764 return MapCertStatusToNetError(verify_result->cert_status); 765 return MapCertStatusToNetError(verify_result->cert_status);
765 766
766 AppendPublicKeyHashes(cvout[cvout_cert_list_index].value.pointer.chain, 767 AppendPublicKeyHashes(cvout[cvout_cert_list_index].value.pointer.chain,
767 cvout[cvout_trust_anchor_index].value.pointer.cert, 768 cvout[cvout_trust_anchor_index].value.pointer.cert,
768 &verify_result->public_key_hashes); 769 &verify_result->public_key_hashes);
769 770
770 verify_result->is_issued_by_known_root = 771 verify_result->is_issued_by_known_root =
771 IsKnownRoot(cvout[cvout_trust_anchor_index].value.pointer.cert); 772 IsKnownRoot(cvout[cvout_trust_anchor_index].value.pointer.cert);
772 773
773 if ((flags & X509Certificate::VERIFY_EV_CERT) && 774 if ((flags & CertVerifier::VERIFY_EV_CERT) &&
774 VerifyEV(cert_handle, flags, crl_set)) { 775 VerifyEV(cert_handle, flags, crl_set)) {
775 verify_result->cert_status |= CERT_STATUS_IS_EV; 776 verify_result->cert_status |= CERT_STATUS_IS_EV;
776 } 777 }
777 778
778 return OK; 779 return OK;
779 } 780 }
780 781
781 } // namespace net 782 } // namespace net
OLDNEW
« no previous file with comments | « net/base/cert_verify_proc_mac.cc ('k') | net/base/cert_verify_proc_openssl.cc » ('j') | net/base/cert_verify_proc_openssl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698