Chromium Code Reviews Chromium Code Reviews
Issue 1322193003:
WKWebView(iOS9): correctly update SSL status for current navigation item (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@reland_cert_verification| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #import "ios/web/web_state/wk_web_view_security_util.h" | 5 #import "ios/web/web_state/wk_web_view_security_util.h" |
| 6 | 6 |
| 7 #include "base/mac/scoped_cftyperef.h" | 7 #include "base/mac/scoped_cftyperef.h" |
| 8 #include "base/strings/sys_string_conversions.h" | 8 #include "base/strings/sys_string_conversions.h" |
| 9 #include "net/cert/x509_certificate.h" | 9 #include "net/cert/x509_certificate.h" |
| 10 #include "net/ssl/ssl_info.h" | 10 #include "net/ssl/ssl_info.h" |
| (...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 87 } | 87 } |
| 88 | 88 |
| 89 net::X509Certificate::OSCertHandles intermediates; | 89 net::X509Certificate::OSCertHandles intermediates; |
| 90 for (CFIndex i = 1; i < cert_count; i++) { | 90 for (CFIndex i = 1; i < cert_count; i++) { |
| 91 intermediates.push_back(SecTrustGetCertificateAtIndex(trust, i)); | 91 intermediates.push_back(SecTrustGetCertificateAtIndex(trust, i)); |
| 92 } | 92 } |
| 93 return net::X509Certificate::CreateFromHandle( | 93 return net::X509Certificate::CreateFromHandle( |
| 94 SecTrustGetCertificateAtIndex(trust, 0), intermediates); | 94 SecTrustGetCertificateAtIndex(trust, 0), intermediates); |
| 95 } | 95 } |
| 96 | 96 |
| 97 base::ScopedCFTypeRef<SecTrustRef> CreateServerTrustFromChain(NSArray* certs, | |
| 98 NSString* host) { | |
| 99 base::ScopedCFTypeRef<SecTrustRef> scoped_result; | |
| 100 if (certs.count == 0) | |
| 101 return scoped_result; | |
| 102 | |
| 103 base::ScopedCFTypeRef<SecPolicyRef> policy( | |
| 104 SecPolicyCreateSSL(TRUE, static_cast<CFStringRef>(host))); | |
|
davidben
2015/10/05 22:19:11
(Shouldn't this be YES, or is that a different boo
Eugene But (OOO till 7-30)
2015/10/06 03:10:09
YES is for Objective-C BOOL type.
TRUE is for C Bo
| |
| 105 SecTrustRef ref_result = nullptr; | |
| 106 if (SecTrustCreateWithCertificates(certs, policy, &ref_result) == | |
| 107 errSecSuccess) { | |
| 108 scoped_result.reset(ref_result); | |
| 109 } | |
| 110 return scoped_result; | |
| 111 } | |
| 112 | |
| 97 void EnsureFutureTrustEvaluationSucceeds(SecTrustRef trust) { | 113 void EnsureFutureTrustEvaluationSucceeds(SecTrustRef trust) { |
| 98 base::ScopedCFTypeRef<CFDataRef> exceptions(SecTrustCopyExceptions(trust)); | 114 base::ScopedCFTypeRef<CFDataRef> exceptions(SecTrustCopyExceptions(trust)); |
| 99 SecTrustSetExceptions(trust, exceptions); | 115 SecTrustSetExceptions(trust, exceptions); |
| 100 } | 116 } |
| 101 | 117 |
| 102 BOOL IsWKWebViewSSLError(NSError* error) { | 118 BOOL IsWKWebViewSSLError(NSError* error) { |
| 103 // SSL errors range is (-2000..-1200], represented by kCFURLError constants: | 119 // SSL errors range is (-2000..-1200], represented by kCFURLError constants: |
| 104 // (kCFURLErrorCannotLoadFromNetwork..kCFURLErrorSecureConnectionFailed]. | 120 // (kCFURLErrorCannotLoadFromNetwork..kCFURLErrorSecureConnectionFailed]. |
| 105 // It's reasonable to expect that all SSL errors will have the error code | 121 // It's reasonable to expect that all SSL errors will have the error code |
| 106 // less or equal to NSURLErrorSecureConnectionFailed but greater than | 122 // less or equal to NSURLErrorSecureConnectionFailed but greater than |
| 107 // NSURLErrorCannotLoadFromNetwork. | 123 // NSURLErrorCannotLoadFromNetwork. |
| 108 return [error.domain isEqualToString:NSURLErrorDomain] && | 124 return [error.domain isEqualToString:NSURLErrorDomain] && |
| 109 (error.code <= NSURLErrorSecureConnectionFailed && | 125 (error.code <= NSURLErrorSecureConnectionFailed && |
| 110 NSURLErrorCannotLoadFromNetwork < error.code); | 126 NSURLErrorCannotLoadFromNetwork < error.code); |
| 111 } | 127 } |
| 112 | 128 |
| 113 void GetSSLInfoFromWKWebViewSSLError(NSError* error, net::SSLInfo* ssl_info) { | 129 void GetSSLInfoFromWKWebViewSSLError(NSError* error, net::SSLInfo* ssl_info) { |
| 114 DCHECK(IsWKWebViewSSLError(error)); | 130 DCHECK(IsWKWebViewSSLError(error)); |
| 115 ssl_info->cert_status = GetCertStatusFromNSErrorCode(error.code); | 131 ssl_info->cert_status = GetCertStatusFromNSErrorCode(error.code); |
| 116 ssl_info->cert = CreateCertFromSSLError(error); | 132 ssl_info->cert = CreateCertFromSSLError(error); |
| 117 } | 133 } |
| 118 | 134 |
| 135 SecurityStyle GetSecurityStyleFromTrustResult(SecTrustResultType result) { | |
| 136 switch (result) { | |
| 137 case kSecTrustResultInvalid: | |
| 138 return SECURITY_STYLE_UNKNOWN; | |
| 139 case kSecTrustResultProceed: | |
| 140 case kSecTrustResultUnspecified: | |
| 141 return SECURITY_STYLE_AUTHENTICATED; | |
| 142 case kSecTrustResultDeny: | |
| 143 case kSecTrustResultRecoverableTrustFailure: | |
| 144 case kSecTrustResultFatalTrustFailure: | |
| 145 case kSecTrustResultOtherError: | |
| 146 return SECURITY_STYLE_AUTHENTICATION_BROKEN; | |
| 147 } | |
| 148 NOTREACHED(); | |
| 149 return SECURITY_STYLE_UNKNOWN; | |
| 150 } | |
| 151 | |
| 119 } // namespace web | 152 } // namespace web |
| OLD | NEW |
