Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(276)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_win.cc

Issue 169193002: Convert scoped_ptr_malloc -> scoped_ptr, part 2. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: rebased Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/cert/cert_verify_proc_nss.cc ('k') | net/cert/jwk_serializer_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc_win.h" 5 #include "net/cert/cert_verify_proc_win.h"
6 6
7 #include <string> 7 #include <string>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/memory/scoped_ptr.h" 10 #include "base/memory/scoped_ptr.h"
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after
54 struct FreeCertContextFunctor { 54 struct FreeCertContextFunctor {
55 void operator()(PCCERT_CONTEXT context) const { 55 void operator()(PCCERT_CONTEXT context) const {
56 if (context) 56 if (context)
57 CertFreeCertificateContext(context); 57 CertFreeCertificateContext(context);
58 } 58 }
59 }; 59 };
60 60
61 typedef crypto::ScopedCAPIHandle<HCERTCHAINENGINE, FreeChainEngineFunctor> 61 typedef crypto::ScopedCAPIHandle<HCERTCHAINENGINE, FreeChainEngineFunctor>
62 ScopedHCERTCHAINENGINE; 62 ScopedHCERTCHAINENGINE;
63 63
64 typedef scoped_ptr_malloc<const CERT_CHAIN_CONTEXT, 64 typedef scoped_ptr<const CERT_CHAIN_CONTEXT, FreeCertChainContextFunctor>
65 FreeCertChainContextFunctor>
66 ScopedPCCERT_CHAIN_CONTEXT; 65 ScopedPCCERT_CHAIN_CONTEXT;
67 66
68 typedef scoped_ptr_malloc<const CERT_CONTEXT, 67 typedef scoped_ptr<const CERT_CONTEXT, FreeCertContextFunctor>
69 FreeCertContextFunctor> ScopedPCCERT_CONTEXT; 68 ScopedPCCERT_CONTEXT;
70 69
71 //----------------------------------------------------------------------------- 70 //-----------------------------------------------------------------------------
72 71
73 int MapSecurityError(SECURITY_STATUS err) { 72 int MapSecurityError(SECURITY_STATUS err) {
74 // There are numerous security error codes, but these are the ones we thus 73 // There are numerous security error codes, but these are the ones we thus
75 // far find interesting. 74 // far find interesting.
76 switch (err) { 75 switch (err) {
77 case SEC_E_WRONG_PRINCIPAL: // Schannel 76 case SEC_E_WRONG_PRINCIPAL: // Schannel
78 case CERT_E_CN_NO_MATCH: // CryptoAPI 77 case CERT_E_CN_NO_MATCH: // CryptoAPI
79 return ERR_CERT_COMMON_NAME_INVALID; 78 return ERR_CERT_COMMON_NAME_INVALID;
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after
193 BOOL rv; 192 BOOL rv;
194 rv = CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 193 rv = CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
195 X509_NAME, 194 X509_NAME,
196 cert->pCertInfo->Subject.pbData, 195 cert->pCertInfo->Subject.pbData,
197 cert->pCertInfo->Subject.cbData, 196 cert->pCertInfo->Subject.cbData,
198 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, 197 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG,
199 &decode_para, 198 &decode_para,
200 &name_info, 199 &name_info,
201 &name_info_size); 200 &name_info_size);
202 if (rv) { 201 if (rv) {
203 scoped_ptr_malloc<CERT_NAME_INFO> scoped_name_info(name_info); 202 scoped_ptr<CERT_NAME_INFO, base::FreeDeleter> scoped_name_info(name_info);
204 203
205 // The Subject field may have multiple common names. According to the 204 // The Subject field may have multiple common names. According to the
206 // "PKI Layer Cake" paper, CryptoAPI uses every common name in the 205 // "PKI Layer Cake" paper, CryptoAPI uses every common name in the
207 // Subject field, so we inspect every common name. 206 // Subject field, so we inspect every common name.
208 // 207 //
209 // From RFC 5280: 208 // From RFC 5280:
210 // X520CommonName ::= CHOICE { 209 // X520CommonName ::= CHOICE {
211 // teletexString TeletexString (SIZE (1..ub-common-name)), 210 // teletexString TeletexString (SIZE (1..ub-common-name)),
212 // printableString PrintableString (SIZE (1..ub-common-name)), 211 // printableString PrintableString (SIZE (1..ub-common-name)),
213 // universalString UniversalString (SIZE (1..ub-common-name)), 212 // universalString UniversalString (SIZE (1..ub-common-name)),
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after
342 // Add the root certificate, if present, as it was not added above. 341 // Add the root certificate, if present, as it was not added above.
343 if (has_root_ca) 342 if (has_root_ca)
344 verified_chain.push_back(element[num_elements]->pCertContext); 343 verified_chain.push_back(element[num_elements]->pCertContext);
345 verify_result->verified_cert = 344 verify_result->verified_cert =
346 X509Certificate::CreateFromHandle(verified_cert, verified_chain); 345 X509Certificate::CreateFromHandle(verified_cert, verified_chain);
347 } 346 }
348 } 347 }
349 348
350 // Decodes the cert's certificatePolicies extension into a CERT_POLICIES_INFO 349 // Decodes the cert's certificatePolicies extension into a CERT_POLICIES_INFO
351 // structure and stores it in *output. 350 // structure and stores it in *output.
352 void GetCertPoliciesInfo(PCCERT_CONTEXT cert, 351 void GetCertPoliciesInfo(
353 scoped_ptr_malloc<CERT_POLICIES_INFO>* output) { 352 PCCERT_CONTEXT cert,
353 scoped_ptr<CERT_POLICIES_INFO, base::FreeDeleter>* output) {
354 PCERT_EXTENSION extension = CertFindExtension(szOID_CERT_POLICIES, 354 PCERT_EXTENSION extension = CertFindExtension(szOID_CERT_POLICIES,
355 cert->pCertInfo->cExtension, 355 cert->pCertInfo->cExtension,
356 cert->pCertInfo->rgExtension); 356 cert->pCertInfo->rgExtension);
357 if (!extension) 357 if (!extension)
358 return; 358 return;
359 359
360 CRYPT_DECODE_PARA decode_para; 360 CRYPT_DECODE_PARA decode_para;
361 decode_para.cbSize = sizeof(decode_para); 361 decode_para.cbSize = sizeof(decode_para);
362 decode_para.pfnAlloc = crypto::CryptAlloc; 362 decode_para.pfnAlloc = crypto::CryptAlloc;
363 decode_para.pfnFree = crypto::CryptFree; 363 decode_para.pfnFree = crypto::CryptFree;
(...skipping 199 matching lines...) Expand 10 before | Expand all | Expand 10 after
563 szOID_PKIX_KP_SERVER_AUTH, 563 szOID_PKIX_KP_SERVER_AUTH,
564 szOID_SERVER_GATED_CRYPTO, 564 szOID_SERVER_GATED_CRYPTO,
565 szOID_SGC_NETSCAPE 565 szOID_SGC_NETSCAPE
566 }; 566 };
567 chain_para.RequestedUsage.dwType = USAGE_MATCH_TYPE_OR; 567 chain_para.RequestedUsage.dwType = USAGE_MATCH_TYPE_OR;
568 chain_para.RequestedUsage.Usage.cUsageIdentifier = arraysize(usage); 568 chain_para.RequestedUsage.Usage.cUsageIdentifier = arraysize(usage);
569 chain_para.RequestedUsage.Usage.rgpszUsageIdentifier = 569 chain_para.RequestedUsage.Usage.rgpszUsageIdentifier =
570 const_cast<LPSTR*>(usage); 570 const_cast<LPSTR*>(usage);
571 571
572 // Get the certificatePolicies extension of the certificate. 572 // Get the certificatePolicies extension of the certificate.
573 scoped_ptr_malloc<CERT_POLICIES_INFO> policies_info; 573 scoped_ptr<CERT_POLICIES_INFO, base::FreeDeleter> policies_info;
574 LPSTR ev_policy_oid = NULL; 574 LPSTR ev_policy_oid = NULL;
575 if (flags & CertVerifier::VERIFY_EV_CERT) { 575 if (flags & CertVerifier::VERIFY_EV_CERT) {
576 GetCertPoliciesInfo(cert_handle, &policies_info); 576 GetCertPoliciesInfo(cert_handle, &policies_info);
577 if (policies_info.get()) { 577 if (policies_info.get()) {
578 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance(); 578 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance();
579 for (DWORD i = 0; i < policies_info->cPolicyInfo; ++i) { 579 for (DWORD i = 0; i < policies_info->cPolicyInfo; ++i) {
580 LPSTR policy_oid = policies_info->rgPolicyInfo[i].pszPolicyIdentifier; 580 LPSTR policy_oid = policies_info->rgPolicyInfo[i].pszPolicyIdentifier;
581 if (metadata->IsEVPolicyOID(policy_oid)) { 581 if (metadata->IsEVPolicyOID(policy_oid)) {
582 ev_policy_oid = policy_oid; 582 ev_policy_oid = policy_oid;
583 chain_para.RequestedIssuancePolicy.dwType = USAGE_MATCH_TYPE_AND; 583 chain_para.RequestedIssuancePolicy.dwType = USAGE_MATCH_TYPE_AND;
(...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after
784 return MapCertStatusToNetError(verify_result->cert_status); 784 return MapCertStatusToNetError(verify_result->cert_status);
785 785
786 if (ev_policy_oid && 786 if (ev_policy_oid &&
787 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) { 787 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) {
788 verify_result->cert_status |= CERT_STATUS_IS_EV; 788 verify_result->cert_status |= CERT_STATUS_IS_EV;
789 } 789 }
790 return OK; 790 return OK;
791 } 791 }
792 792
793 } // namespace net 793 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/cert_verify_proc_nss.cc ('k') | net/cert/jwk_serializer_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698