Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(143)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: ios/web/web_state/wk_web_view_security_util.mm

Issue 1322193003: WKWebView(iOS9): correctly update SSL status for current navigation item (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@reland_cert_verification
Patch Set: Updated comment Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « ios/web/web_state/wk_web_view_security_util.h ('k') | ios/web/web_state/wk_web_view_security_util_unittest.mm » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #import "ios/web/web_state/wk_web_view_security_util.h" 5 #import "ios/web/web_state/wk_web_view_security_util.h"
6 6
7 #include "base/mac/scoped_cftyperef.h" 7 #include "base/mac/scoped_cftyperef.h"
8 #include "base/strings/sys_string_conversions.h" 8 #include "base/strings/sys_string_conversions.h"
9 #include "net/cert/x509_certificate.h" 9 #include "net/cert/x509_certificate.h"
10 #include "net/ssl/ssl_info.h" 10 #include "net/ssl/ssl_info.h"
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
66 } 66 }
67 67
68 net::X509Certificate::OSCertHandles intermediates; 68 net::X509Certificate::OSCertHandles intermediates;
69 for (CFIndex i = 1; i < cert_count; i++) { 69 for (CFIndex i = 1; i < cert_count; i++) {
70 intermediates.push_back(SecTrustGetCertificateAtIndex(trust, i)); 70 intermediates.push_back(SecTrustGetCertificateAtIndex(trust, i));
71 } 71 }
72 return net::X509Certificate::CreateFromHandle( 72 return net::X509Certificate::CreateFromHandle(
73 SecTrustGetCertificateAtIndex(trust, 0), intermediates); 73 SecTrustGetCertificateAtIndex(trust, 0), intermediates);
74 } 74 }
75 75
76 base::ScopedCFTypeRef<SecTrustRef> CreateServerTrustFromChain(NSArray* certs,
77 NSString* host) {
78 base::ScopedCFTypeRef<SecTrustRef> scoped_result;
79 if (certs.count == 0)
80 return scoped_result;
81
82 base::ScopedCFTypeRef<SecPolicyRef> policy(
83 SecPolicyCreateSSL(TRUE, static_cast<CFStringRef>(host)));
84 SecTrustRef ref_result = nullptr;
85 if (SecTrustCreateWithCertificates(certs, policy, &ref_result) ==
86 errSecSuccess) {
87 scoped_result.reset(ref_result);
88 }
89 return scoped_result;
90 }
91
76 void EnsureFutureTrustEvaluationSucceeds(SecTrustRef trust) { 92 void EnsureFutureTrustEvaluationSucceeds(SecTrustRef trust) {
77 base::ScopedCFTypeRef<CFDataRef> exceptions(SecTrustCopyExceptions(trust)); 93 base::ScopedCFTypeRef<CFDataRef> exceptions(SecTrustCopyExceptions(trust));
78 SecTrustSetExceptions(trust, exceptions); 94 SecTrustSetExceptions(trust, exceptions);
79 } 95 }
80 96
81 BOOL IsWKWebViewSSLCertError(NSError* error) { 97 BOOL IsWKWebViewSSLCertError(NSError* error) {
82 if (![error.domain isEqualToString:NSURLErrorDomain]) { 98 if (![error.domain isEqualToString:NSURLErrorDomain]) {
83 return NO; 99 return NO;
84 } 100 }
85 101
(...skipping 15 matching lines...) Expand all
101 } 117 }
102 118
103 void GetSSLInfoFromWKWebViewSSLCertError(NSError* error, 119 void GetSSLInfoFromWKWebViewSSLCertError(NSError* error,
104 net::SSLInfo* ssl_info) { 120 net::SSLInfo* ssl_info) {
105 DCHECK(IsWKWebViewSSLCertError(error)); 121 DCHECK(IsWKWebViewSSLCertError(error));
106 ssl_info->cert_status = GetCertStatusFromNSErrorCode(error.code); 122 ssl_info->cert_status = GetCertStatusFromNSErrorCode(error.code);
107 ssl_info->cert = web::CreateCertFromChain( 123 ssl_info->cert = web::CreateCertFromChain(
108 error.userInfo[web::kNSErrorPeerCertificateChainKey]); 124 error.userInfo[web::kNSErrorPeerCertificateChainKey]);
109 } 125 }
110 126
127 SecurityStyle GetSecurityStyleFromTrustResult(SecTrustResultType result) {
128 switch (result) {
129 case kSecTrustResultInvalid:
130 return SECURITY_STYLE_UNKNOWN;
131 case kSecTrustResultProceed:
132 case kSecTrustResultUnspecified:
133 return SECURITY_STYLE_AUTHENTICATED;
134 case kSecTrustResultDeny:
135 case kSecTrustResultRecoverableTrustFailure:
136 case kSecTrustResultFatalTrustFailure:
137 case kSecTrustResultOtherError:
138 return SECURITY_STYLE_AUTHENTICATION_BROKEN;
139 }
140 NOTREACHED();
141 return SECURITY_STYLE_UNKNOWN;
142 }
143
111 } // namespace web 144 } // namespace web
OLDNEW
« no previous file with comments | « ios/web/web_state/wk_web_view_security_util.h ('k') | ios/web/web_state/wk_web_view_security_util_unittest.mm » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698