Rename X509Certificate::VerifyFlags to CertVerifier::VerifyFlags

net/base/cert_verify_proc_mac.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/cert_verify_proc_mac.h"
 
 #include <CommonCrypto/CommonDigest.h>
 #include <CoreServices/CoreServices.h>
 #include <Security/Security.h>
 
 #include "base/logging.h"
 #include "base/mac/mac_logging.h"
 #include "base/mac/scoped_cftyperef.h"
 #include "base/sha1.h"
 #include "base/string_piece.h"
 #include "crypto/nss_util.h"
 #include "crypto/sha2.h"
 #include "net/base/asn1_util.h"
 #include "net/base/cert_status_flags.h"
+#include "net/base/cert_verifier.h"
 #include "net/base/cert_verify_result.h"
 #include "net/base/crl_set.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_root_certs.h"
 #include "net/base/x509_certificate.h"
 #include "net/base/x509_certificate_known_roots_mac.h"
 #include "net/base/x509_util_mac.h"
 
 // From 10.7.2 libsecurity_keychain-55035/lib/SecTrustPriv.h, for use with
 // SecTrustCopyExtendedResult.
@@ skipping 119 matching lines @@
   OSStatus status = x509_util::CreateSSLServerPolicy(hostname, &ssl_policy);
   if (status)
     return status;
   CFArrayAppendValue(local_policies, ssl_policy);
   CFRelease(ssl_policy);
 
   // Explicitly add revocation policies, in order to override system
   // revocation checking policies and instead respect the application-level
   // revocation preference.
   status = x509_util::CreateRevocationPolicies(
-      (flags & X509Certificate::VERIFY_REV_CHECKING_ENABLED),
-      (flags & X509Certificate::VERIFY_REV_CHECKING_ENABLED_EV_ONLY),
+      (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED),
+      (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY),
       local_policies);
   if (status)
     return status;
 
   policies->reset(local_policies.release());
   return noErr;
 }
 
 // Saves some information about the certificate chain |cert_chain| in
 // |*verify_result|. The caller MUST initialize |*verify_result| before
@@ skipping 205 matching lines @@
   CSSM_APPLE_TP_ACTION_DATA tp_action_data;
   memset(&tp_action_data, 0, sizeof(tp_action_data));
   tp_action_data.Version = CSSM_APPLE_TP_ACTION_VERSION;
   // Allow CSSM to download any missing intermediate certificates if an
   // authorityInfoAccess extension or issuerAltName extension is present.
   tp_action_data.ActionFlags = CSSM_TP_ACTION_FETCH_CERT_FROM_NET |
                                CSSM_TP_ACTION_TRUST_SETTINGS;
 
   // Note: For EV certificates, the Apple TP will handle setting these flags
   // as part of EV evaluation.
-  if (flags & X509Certificate::VERIFY_REV_CHECKING_ENABLED) {
+  if (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED) {
     // Require a positive result from an OCSP responder or a CRL (or both)
     // for every certificate in the chain. The Apple TP automatically
     // excludes the self-signed root from this requirement. If a certificate
     // is missing both a crlDistributionPoints extension and an
     // authorityInfoAccess extension with an OCSP responder URL, then we
     // will get a kSecTrustResultRecoverableTrustFailure back from
     // SecTrustEvaluate(), with a
     // CSSMERR_APPLETP_INCOMPLETE_REVOCATION_CHECK error code. In that case,
     // we'll set our own result to include
     // CERT_STATUS_NO_REVOCATION_MECHANISM. If one or both extensions are
@@ skipping 132 matching lines @@
     verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;
 
   // TODO(wtc): Suppress CERT_STATUS_NO_REVOCATION_MECHANISM for now to be
   // compatible with Windows, which in turn implements this behavior to be
   // compatible with WinHTTP, which doesn't report this error (bug 3004).
   verify_result->cert_status &= ~CERT_STATUS_NO_REVOCATION_MECHANISM;
 
   if (IsCertStatusError(verify_result->cert_status))
     return MapCertStatusToNetError(verify_result->cert_status);
 
-  if (flags & X509Certificate::VERIFY_EV_CERT) {
+  if (flags & CertVerifier::VERIFY_EV_CERT) {
     // Determine the certificate's EV status using SecTrustCopyExtendedResult(),
     // which we need to look up because the function wasn't added until
     // Mac OS X 10.5.7.
     // Note: "ExtendedResult" means extended validation results.
     CFBundleRef bundle =
         CFBundleGetBundleWithIdentifier(CFSTR("com.apple.security"));
     if (bundle) {
       SecTrustCopyExtendedResultFuncPtr copy_extended_result =
           reinterpret_cast<SecTrustCopyExtendedResultFuncPtr>(
               CFBundleGetFunctionPointerForName(bundle,
@@ skipping 10 matching lines @@
           // releases, SecTrustCopyExtendedResult would only return noErr and
           // populate ev_dict for EV certificates, but would always include
           // kSecEVOrganizationName in that case, so checking for this key is
           // appropriate for all known versions of SecTrustCopyExtendedResult.
           // The actual organization name is unneeded here and can be accessed
           // through other means. All that matters here is the OS' conception
           // of whether or not the certificate is EV.
           if (CFDictionaryContainsKey(ev_dict,
                                       kSecEVOrganizationName)) {
             verify_result->cert_status |= CERT_STATUS_IS_EV;
-            if (flags & X509Certificate::VERIFY_REV_CHECKING_ENABLED_EV_ONLY)
+            if (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY)
               verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED;
           }
         }
       }
     }
   }
 
   AppendPublicKeyHashes(completed_chain, &verify_result->public_key_hashes);
   verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(completed_chain);
 
   return OK;
 }
 
 }  // namespace net