Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(921)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/cert_verify_proc_win.cc

Issue 10855168: Rename X509Certificate::VerifyFlags to CertVerifier::VerifyFlags (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: One missed mac define Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/cert_verify_proc_unittest.cc ('k') | net/base/multi_threaded_cert_verifier_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/cert_verify_proc_win.h" 5 #include "net/base/cert_verify_proc_win.h"
6 6
7 #include "base/memory/scoped_ptr.h" 7 #include "base/memory/scoped_ptr.h"
8 #include "base/sha1.h" 8 #include "base/sha1.h"
9 #include "base/string_util.h" 9 #include "base/string_util.h"
10 #include "base/utf_string_conversions.h" 10 #include "base/utf_string_conversions.h"
11 #include "crypto/capi_util.h" 11 #include "crypto/capi_util.h"
12 #include "crypto/scoped_capi_types.h" 12 #include "crypto/scoped_capi_types.h"
13 #include "crypto/sha2.h" 13 #include "crypto/sha2.h"
14 #include "net/base/asn1_util.h" 14 #include "net/base/asn1_util.h"
15 #include "net/base/cert_status_flags.h" 15 #include "net/base/cert_status_flags.h"
16 #include "net/base/cert_verifier.h"
16 #include "net/base/cert_verify_result.h" 17 #include "net/base/cert_verify_result.h"
17 #include "net/base/crl_set.h" 18 #include "net/base/crl_set.h"
18 #include "net/base/ev_root_ca_metadata.h" 19 #include "net/base/ev_root_ca_metadata.h"
19 #include "net/base/net_errors.h" 20 #include "net/base/net_errors.h"
20 #include "net/base/test_root_certs.h" 21 #include "net/base/test_root_certs.h"
21 #include "net/base/x509_certificate.h" 22 #include "net/base/x509_certificate.h"
22 #include "net/base/x509_certificate_known_roots_win.h" 23 #include "net/base/x509_certificate_known_roots_win.h"
23 24
24 #pragma comment(lib, "crypt32.lib") 25 #pragma comment(lib, "crypt32.lib")
25 26
(...skipping 512 matching lines...) Expand 10 before | Expand all | Expand 10 after
538 szOID_SGC_NETSCAPE 539 szOID_SGC_NETSCAPE
539 }; 540 };
540 chain_para.RequestedUsage.dwType = USAGE_MATCH_TYPE_OR; 541 chain_para.RequestedUsage.dwType = USAGE_MATCH_TYPE_OR;
541 chain_para.RequestedUsage.Usage.cUsageIdentifier = arraysize(usage); 542 chain_para.RequestedUsage.Usage.cUsageIdentifier = arraysize(usage);
542 chain_para.RequestedUsage.Usage.rgpszUsageIdentifier = 543 chain_para.RequestedUsage.Usage.rgpszUsageIdentifier =
543 const_cast<LPSTR*>(usage); 544 const_cast<LPSTR*>(usage);
544 545
545 // Get the certificatePolicies extension of the certificate. 546 // Get the certificatePolicies extension of the certificate.
546 scoped_ptr_malloc<CERT_POLICIES_INFO> policies_info; 547 scoped_ptr_malloc<CERT_POLICIES_INFO> policies_info;
547 LPSTR ev_policy_oid = NULL; 548 LPSTR ev_policy_oid = NULL;
548 if (flags & X509Certificate::VERIFY_EV_CERT) { 549 if (flags & CertVerifier::VERIFY_EV_CERT) {
549 GetCertPoliciesInfo(cert_handle, &policies_info); 550 GetCertPoliciesInfo(cert_handle, &policies_info);
550 if (policies_info.get()) { 551 if (policies_info.get()) {
551 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance(); 552 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance();
552 for (DWORD i = 0; i < policies_info->cPolicyInfo; ++i) { 553 for (DWORD i = 0; i < policies_info->cPolicyInfo; ++i) {
553 LPSTR policy_oid = policies_info->rgPolicyInfo[i].pszPolicyIdentifier; 554 LPSTR policy_oid = policies_info->rgPolicyInfo[i].pszPolicyIdentifier;
554 if (metadata->IsEVPolicyOID(policy_oid)) { 555 if (metadata->IsEVPolicyOID(policy_oid)) {
555 ev_policy_oid = policy_oid; 556 ev_policy_oid = policy_oid;
556 chain_para.RequestedIssuancePolicy.dwType = USAGE_MATCH_TYPE_AND; 557 chain_para.RequestedIssuancePolicy.dwType = USAGE_MATCH_TYPE_AND;
557 chain_para.RequestedIssuancePolicy.Usage.cUsageIdentifier = 1; 558 chain_para.RequestedIssuancePolicy.Usage.cUsageIdentifier = 1;
558 chain_para.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = 559 chain_para.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier =
559 &ev_policy_oid; 560 &ev_policy_oid;
560 break; 561 break;
561 } 562 }
562 } 563 }
563 } 564 }
564 } 565 }
565 566
566 // We can set CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS to get more chains. 567 // We can set CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS to get more chains.
567 DWORD chain_flags = CERT_CHAIN_CACHE_END_CERT | 568 DWORD chain_flags = CERT_CHAIN_CACHE_END_CERT |
568 CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT; 569 CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
569 const bool rev_checking_enabled = 570 const bool rev_checking_enabled =
570 (flags & X509Certificate::VERIFY_REV_CHECKING_ENABLED) || 571 (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED) ||
571 (ev_policy_oid != NULL && 572 (ev_policy_oid != NULL &&
572 (flags & X509Certificate::VERIFY_REV_CHECKING_ENABLED_EV_ONLY)); 573 (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY));
573 574
574 if (rev_checking_enabled) { 575 if (rev_checking_enabled) {
575 verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED; 576 verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED;
576 } else { 577 } else {
577 chain_flags |= CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY; 578 chain_flags |= CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY;
578 } 579 }
579 580
580 // For non-test scenarios, use the default HCERTCHAINENGINE, NULL, which 581 // For non-test scenarios, use the default HCERTCHAINENGINE, NULL, which
581 // corresponds to HCCE_CURRENT_USER and is is initialized as needed by 582 // corresponds to HCCE_CURRENT_USER and is is initialized as needed by
582 // crypt32. However, when testing, it is necessary to create a new 583 // crypt32. However, when testing, it is necessary to create a new
(...skipping 153 matching lines...) Expand 10 before | Expand all | Expand 10 after
736 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(chain_context); 737 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(chain_context);
737 738
738 if (ev_policy_oid && 739 if (ev_policy_oid &&
739 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) { 740 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) {
740 verify_result->cert_status |= CERT_STATUS_IS_EV; 741 verify_result->cert_status |= CERT_STATUS_IS_EV;
741 } 742 }
742 return OK; 743 return OK;
743 } 744 }
744 745
745 } // namespace net 746 } // namespace net
OLDNEW
« no previous file with comments | « net/base/cert_verify_proc_unittest.cc ('k') | net/base/multi_threaded_cert_verifier_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698