| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_verify_proc_win.h" | 5 #include "net/base/cert_verify_proc_win.h" |
| 6 | 6 |
| 7 #include "base/memory/scoped_ptr.h" | 7 #include "base/memory/scoped_ptr.h" |
| 8 #include "base/sha1.h" | 8 #include "base/sha1.h" |
| 9 #include "base/string_util.h" | 9 #include "base/string_util.h" |
| 10 #include "base/utf_string_conversions.h" | 10 #include "base/utf_string_conversions.h" |
| 11 #include "crypto/capi_util.h" | 11 #include "crypto/capi_util.h" |
| 12 #include "crypto/scoped_capi_types.h" | 12 #include "crypto/scoped_capi_types.h" |
| 13 #include "crypto/sha2.h" | 13 #include "crypto/sha2.h" |
| 14 #include "net/base/asn1_util.h" | 14 #include "net/base/asn1_util.h" |
| 15 #include "net/base/cert_status_flags.h" | 15 #include "net/base/cert_status_flags.h" |
| 16 #include "net/base/cert_verifier.h" |
| 16 #include "net/base/cert_verify_result.h" | 17 #include "net/base/cert_verify_result.h" |
| 17 #include "net/base/crl_set.h" | 18 #include "net/base/crl_set.h" |
| 18 #include "net/base/ev_root_ca_metadata.h" | 19 #include "net/base/ev_root_ca_metadata.h" |
| 19 #include "net/base/net_errors.h" | 20 #include "net/base/net_errors.h" |
| 20 #include "net/base/test_root_certs.h" | 21 #include "net/base/test_root_certs.h" |
| 21 #include "net/base/x509_certificate.h" | 22 #include "net/base/x509_certificate.h" |
| 22 #include "net/base/x509_certificate_known_roots_win.h" | 23 #include "net/base/x509_certificate_known_roots_win.h" |
| 23 | 24 |
| 24 #pragma comment(lib, "crypt32.lib") | 25 #pragma comment(lib, "crypt32.lib") |
| 25 | 26 |
| (...skipping 512 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 538 szOID_SGC_NETSCAPE | 539 szOID_SGC_NETSCAPE |
| 539 }; | 540 }; |
| 540 chain_para.RequestedUsage.dwType = USAGE_MATCH_TYPE_OR; | 541 chain_para.RequestedUsage.dwType = USAGE_MATCH_TYPE_OR; |
| 541 chain_para.RequestedUsage.Usage.cUsageIdentifier = arraysize(usage); | 542 chain_para.RequestedUsage.Usage.cUsageIdentifier = arraysize(usage); |
| 542 chain_para.RequestedUsage.Usage.rgpszUsageIdentifier = | 543 chain_para.RequestedUsage.Usage.rgpszUsageIdentifier = |
| 543 const_cast<LPSTR*>(usage); | 544 const_cast<LPSTR*>(usage); |
| 544 // We can set CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS to get more chains. | 545 // We can set CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS to get more chains. |
| 545 DWORD chain_flags = CERT_CHAIN_CACHE_END_CERT | | 546 DWORD chain_flags = CERT_CHAIN_CACHE_END_CERT | |
| 546 CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT; | 547 CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT; |
| 547 const bool rev_checking_enabled = | 548 const bool rev_checking_enabled = |
| 548 flags & X509Certificate::VERIFY_REV_CHECKING_ENABLED; | 549 flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED; |
| 549 | 550 |
| 550 if (rev_checking_enabled) { | 551 if (rev_checking_enabled) { |
| 551 verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED; | 552 verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED; |
| 552 } else { | 553 } else { |
| 553 chain_flags |= CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY; | 554 chain_flags |= CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY; |
| 554 } | 555 } |
| 555 | 556 |
| 556 // Get the certificatePolicies extension of the certificate. | 557 // Get the certificatePolicies extension of the certificate. |
| 557 scoped_ptr_malloc<CERT_POLICIES_INFO> policies_info; | 558 scoped_ptr_malloc<CERT_POLICIES_INFO> policies_info; |
| 558 LPSTR ev_policy_oid = NULL; | 559 LPSTR ev_policy_oid = NULL; |
| 559 if (flags & X509Certificate::VERIFY_EV_CERT) { | 560 if (flags & CertVerifier::VERIFY_EV_CERT) { |
| 560 GetCertPoliciesInfo(cert_handle, &policies_info); | 561 GetCertPoliciesInfo(cert_handle, &policies_info); |
| 561 if (policies_info.get()) { | 562 if (policies_info.get()) { |
| 562 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance(); | 563 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance(); |
| 563 for (DWORD i = 0; i < policies_info->cPolicyInfo; ++i) { | 564 for (DWORD i = 0; i < policies_info->cPolicyInfo; ++i) { |
| 564 LPSTR policy_oid = policies_info->rgPolicyInfo[i].pszPolicyIdentifier; | 565 LPSTR policy_oid = policies_info->rgPolicyInfo[i].pszPolicyIdentifier; |
| 565 if (metadata->IsEVPolicyOID(policy_oid)) { | 566 if (metadata->IsEVPolicyOID(policy_oid)) { |
| 566 ev_policy_oid = policy_oid; | 567 ev_policy_oid = policy_oid; |
| 567 chain_para.RequestedIssuancePolicy.dwType = USAGE_MATCH_TYPE_AND; | 568 chain_para.RequestedIssuancePolicy.dwType = USAGE_MATCH_TYPE_AND; |
| 568 chain_para.RequestedIssuancePolicy.Usage.cUsageIdentifier = 1; | 569 chain_para.RequestedIssuancePolicy.Usage.cUsageIdentifier = 1; |
| 569 chain_para.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = | 570 chain_para.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = |
| (...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 733 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(chain_context); | 734 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(chain_context); |
| 734 | 735 |
| 735 if (ev_policy_oid && | 736 if (ev_policy_oid && |
| 736 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) { | 737 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) { |
| 737 verify_result->cert_status |= CERT_STATUS_IS_EV; | 738 verify_result->cert_status |= CERT_STATUS_IS_EV; |
| 738 } | 739 } |
| 739 return OK; | 740 return OK; |
| 740 } | 741 } |
| 741 | 742 |
| 742 } // namespace net | 743 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10855168:
Rename X509Certificate::VerifyFlags to CertVerifier::VerifyFlags (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src