Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(384)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: ios/web/web_state/wk_web_view_security_util.mm

Issue 1322193003: WKWebView(iOS9): correctly update SSL status for current navigation item (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@reland_cert_verification
Patch Set: Minor comments update. Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« ios/web/web_state/ui/crw_wk_web_view_web_controller.mm ('K') | « ios/web/web_state/wk_web_view_security_util.h ('k') | ios/web/web_state/wk_web_view_security_util_unittest.mm » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #import "ios/web/web_state/wk_web_view_security_util.h" 5 #import "ios/web/web_state/wk_web_view_security_util.h"
6 6
7 #include "base/mac/scoped_cftyperef.h" 7 #include "base/mac/scoped_cftyperef.h"
8 #include "base/strings/sys_string_conversions.h" 8 #include "base/strings/sys_string_conversions.h"
9 #include "net/cert/x509_certificate.h" 9 #include "net/cert/x509_certificate.h"
10 #include "net/ssl/ssl_info.h" 10 #include "net/ssl/ssl_info.h"
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after
87 } 87 }
88 88
89 net::X509Certificate::OSCertHandles intermediates; 89 net::X509Certificate::OSCertHandles intermediates;
90 for (CFIndex i = 1; i < cert_count; i++) { 90 for (CFIndex i = 1; i < cert_count; i++) {
91 intermediates.push_back(SecTrustGetCertificateAtIndex(trust, i)); 91 intermediates.push_back(SecTrustGetCertificateAtIndex(trust, i));
92 } 92 }
93 return net::X509Certificate::CreateFromHandle( 93 return net::X509Certificate::CreateFromHandle(
94 SecTrustGetCertificateAtIndex(trust, 0), intermediates); 94 SecTrustGetCertificateAtIndex(trust, 0), intermediates);
95 } 95 }
96 96
97 base::ScopedCFTypeRef<SecTrustRef> CreateServerTrustFromChain(NSArray* certs,
98 NSString* host) {
99 base::ScopedCFTypeRef<SecTrustRef> scoped_result;
100 if (certs.count == 0)
101 return scoped_result;
102
103 base::ScopedCFTypeRef<SecPolicyRef> policy(
104 SecPolicyCreateSSL(TRUE, static_cast<CFStringRef>(host)));
105 SecTrustRef ref_result = nullptr;
106 if (SecTrustCreateWithCertificates(certs, policy, &ref_result) ==
107 errSecSuccess) {
108 scoped_result.reset(ref_result);
109 }
110 return scoped_result;
111 }
112
97 void EnsureFutureTrustEvaluationSucceeds(SecTrustRef trust) { 113 void EnsureFutureTrustEvaluationSucceeds(SecTrustRef trust) {
98 base::ScopedCFTypeRef<CFDataRef> exceptions(SecTrustCopyExceptions(trust)); 114 base::ScopedCFTypeRef<CFDataRef> exceptions(SecTrustCopyExceptions(trust));
99 SecTrustSetExceptions(trust, exceptions); 115 SecTrustSetExceptions(trust, exceptions);
100 } 116 }
101 117
102 BOOL IsWKWebViewSSLError(NSError* error) { 118 BOOL IsWKWebViewSSLError(NSError* error) {
103 // SSL errors range is (-2000..-1200], represented by kCFURLError constants: 119 // SSL errors range is (-2000..-1200], represented by kCFURLError constants:
104 // (kCFURLErrorCannotLoadFromNetwork..kCFURLErrorSecureConnectionFailed]. 120 // (kCFURLErrorCannotLoadFromNetwork..kCFURLErrorSecureConnectionFailed].
105 // It's reasonable to expect that all SSL errors will have the error code 121 // It's reasonable to expect that all SSL errors will have the error code
106 // less or equal to NSURLErrorSecureConnectionFailed but greater than 122 // less or equal to NSURLErrorSecureConnectionFailed but greater than
107 // NSURLErrorCannotLoadFromNetwork. 123 // NSURLErrorCannotLoadFromNetwork.
108 return [error.domain isEqualToString:NSURLErrorDomain] && 124 return [error.domain isEqualToString:NSURLErrorDomain] &&
109 (error.code <= NSURLErrorSecureConnectionFailed && 125 (error.code <= NSURLErrorSecureConnectionFailed &&
110 NSURLErrorCannotLoadFromNetwork < error.code); 126 NSURLErrorCannotLoadFromNetwork < error.code);
111 } 127 }
112 128
113 void GetSSLInfoFromWKWebViewSSLError(NSError* error, net::SSLInfo* ssl_info) { 129 void GetSSLInfoFromWKWebViewSSLError(NSError* error, net::SSLInfo* ssl_info) {
114 DCHECK(IsWKWebViewSSLError(error)); 130 DCHECK(IsWKWebViewSSLError(error));
115 ssl_info->cert_status = GetCertStatusFromNSErrorCode(error.code); 131 ssl_info->cert_status = GetCertStatusFromNSErrorCode(error.code);
116 ssl_info->cert = CreateCertFromSSLError(error); 132 ssl_info->cert = CreateCertFromSSLError(error);
117 } 133 }
118 134
135 SecurityStyle GetSecurityStyleFromTrustResult(SecTrustResultType result) {
136 switch (result) {
137 case kSecTrustResultInvalid:
138 return SECURITY_STYLE_UNKNOWN;
139 case kSecTrustResultProceed:
140 case kSecTrustResultUnspecified:
141 return SECURITY_STYLE_AUTHENTICATED;
142 case kSecTrustResultDeny:
143 case kSecTrustResultRecoverableTrustFailure:
144 case kSecTrustResultFatalTrustFailure:
145 case kSecTrustResultOtherError:
146 return SECURITY_STYLE_AUTHENTICATION_BROKEN;
147 }
148 NOTREACHED();
149 return SECURITY_STYLE_UNKNOWN;
150 }
151
119 } // namespace web 152 } // namespace web
OLDNEW
« ios/web/web_state/ui/crw_wk_web_view_web_controller.mm ('K') | « ios/web/web_state/wk_web_view_security_util.h ('k') | ios/web/web_state/wk_web_view_security_util_unittest.mm » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698