OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #import "ios/web/web_state/wk_web_view_security_util.h" | 5 #import "ios/web/web_state/wk_web_view_security_util.h" |
6 | 6 |
7 #include "base/mac/scoped_cftyperef.h" | 7 #include "base/mac/scoped_cftyperef.h" |
8 #include "base/strings/sys_string_conversions.h" | 8 #include "base/strings/sys_string_conversions.h" |
9 #include "net/cert/x509_certificate.h" | 9 #include "net/cert/x509_certificate.h" |
10 #include "net/ssl/ssl_info.h" | 10 #include "net/ssl/ssl_info.h" |
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
87 } | 87 } |
88 | 88 |
89 net::X509Certificate::OSCertHandles intermediates; | 89 net::X509Certificate::OSCertHandles intermediates; |
90 for (CFIndex i = 1; i < cert_count; i++) { | 90 for (CFIndex i = 1; i < cert_count; i++) { |
91 intermediates.push_back(SecTrustGetCertificateAtIndex(trust, i)); | 91 intermediates.push_back(SecTrustGetCertificateAtIndex(trust, i)); |
92 } | 92 } |
93 return net::X509Certificate::CreateFromHandle( | 93 return net::X509Certificate::CreateFromHandle( |
94 SecTrustGetCertificateAtIndex(trust, 0), intermediates); | 94 SecTrustGetCertificateAtIndex(trust, 0), intermediates); |
95 } | 95 } |
96 | 96 |
| 97 base::ScopedCFTypeRef<SecTrustRef> CreateServerTrustFromChain(NSArray* certs, |
| 98 NSString* host) { |
| 99 if (certs.count == 0) |
| 100 return base::ScopedCFTypeRef<SecTrustRef>(); |
| 101 |
| 102 base::ScopedCFTypeRef<SecPolicyRef> policy( |
| 103 SecPolicyCreateSSL(TRUE, static_cast<CFStringRef>(host))); |
| 104 SecTrustRef result = nullptr; |
| 105 if (SecTrustCreateWithCertificates(certs, policy, &result) == errSecSuccess) { |
| 106 return base::ScopedCFTypeRef<SecTrustRef>(result); |
| 107 } |
| 108 return base::ScopedCFTypeRef<SecTrustRef>(); |
| 109 } |
| 110 |
97 void EnsureFutureTrustEvaluationSucceeds(SecTrustRef trust) { | 111 void EnsureFutureTrustEvaluationSucceeds(SecTrustRef trust) { |
98 base::ScopedCFTypeRef<CFDataRef> exceptions(SecTrustCopyExceptions(trust)); | 112 base::ScopedCFTypeRef<CFDataRef> exceptions(SecTrustCopyExceptions(trust)); |
99 SecTrustSetExceptions(trust, exceptions); | 113 SecTrustSetExceptions(trust, exceptions); |
100 } | 114 } |
101 | 115 |
102 BOOL IsWKWebViewSSLError(NSError* error) { | 116 BOOL IsWKWebViewSSLError(NSError* error) { |
103 // SSL errors range is (-2000..-1200], represented by kCFURLError constants: | 117 // SSL errors range is (-2000..-1200], represented by kCFURLError constants: |
104 // (kCFURLErrorCannotLoadFromNetwork..kCFURLErrorSecureConnectionFailed]. | 118 // (kCFURLErrorCannotLoadFromNetwork..kCFURLErrorSecureConnectionFailed]. |
105 // It's reasonable to expect that all SSL errors will have the error code | 119 // It's reasonable to expect that all SSL errors will have the error code |
106 // less or equal to NSURLErrorSecureConnectionFailed but greater than | 120 // less or equal to NSURLErrorSecureConnectionFailed but greater than |
107 // NSURLErrorCannotLoadFromNetwork. | 121 // NSURLErrorCannotLoadFromNetwork. |
108 return [error.domain isEqualToString:NSURLErrorDomain] && | 122 return [error.domain isEqualToString:NSURLErrorDomain] && |
109 (error.code <= NSURLErrorSecureConnectionFailed && | 123 (error.code <= NSURLErrorSecureConnectionFailed && |
110 NSURLErrorCannotLoadFromNetwork < error.code); | 124 NSURLErrorCannotLoadFromNetwork < error.code); |
111 } | 125 } |
112 | 126 |
113 void GetSSLInfoFromWKWebViewSSLError(NSError* error, net::SSLInfo* ssl_info) { | 127 void GetSSLInfoFromWKWebViewSSLError(NSError* error, net::SSLInfo* ssl_info) { |
114 DCHECK(IsWKWebViewSSLError(error)); | 128 DCHECK(IsWKWebViewSSLError(error)); |
115 ssl_info->cert_status = GetCertStatusFromNSErrorCode(error.code); | 129 ssl_info->cert_status = GetCertStatusFromNSErrorCode(error.code); |
116 ssl_info->cert = CreateCertFromSSLError(error); | 130 ssl_info->cert = CreateCertFromSSLError(error); |
117 } | 131 } |
118 | 132 |
| 133 SecurityStyle GetSecurityStyleFromTrustResult(SecTrustResultType result) { |
| 134 switch (result) { |
| 135 case kSecTrustResultInvalid: |
| 136 return SECURITY_STYLE_UNKNOWN; |
| 137 case kSecTrustResultProceed: |
| 138 case kSecTrustResultUnspecified: |
| 139 return SECURITY_STYLE_AUTHENTICATED; |
| 140 case kSecTrustResultDeny: |
| 141 case kSecTrustResultRecoverableTrustFailure: |
| 142 case kSecTrustResultFatalTrustFailure: |
| 143 case kSecTrustResultOtherError: |
| 144 return SECURITY_STYLE_AUTHENTICATION_BROKEN; |
| 145 } |
| 146 NOTREACHED(); |
| 147 return SECURITY_STYLE_UNKNOWN; |
| 148 } |
| 149 |
119 } // namespace web | 150 } // namespace web |
OLD | NEW |