OLD | NEW |
---|---|
1 // Copyright 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #import "ios/web/navigation/crw_session_certificate_policy_manager.h" | 5 #import "ios/web/navigation/crw_session_certificate_policy_manager.h" |
6 | 6 |
7 #include <map> | 7 #include <map> |
8 #include <set> | 8 #include <set> |
9 | 9 |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
11 #include "base/location.h" | 11 #include "base/location.h" |
12 #include "base/logging.h" | 12 #include "base/logging.h" |
13 #include "base/strings/sys_string_conversions.h" | 13 #include "base/strings/sys_string_conversions.h" |
14 #include "ios/web/public/certificate_policy_cache.h" | 14 #include "ios/web/public/certificate_policy_cache.h" |
15 #include "ios/web/public/web_thread.h" | 15 #include "ios/web/public/web_thread.h" |
16 #include "net/base/hash_value.h" | |
16 #include "net/cert/x509_certificate.h" | 17 #include "net/cert/x509_certificate.h" |
17 | 18 |
18 // Break if we detect that CertStatus values changed, because we persist them on | 19 // Break if we detect that CertStatus values changed, because we persist them on |
19 // disk and thus require them to be consistent. | 20 // disk and thus require them to be consistent. |
20 static_assert(net::CERT_STATUS_ALL_ERRORS == 0xFFFF, | 21 static_assert(net::CERT_STATUS_ALL_ERRORS == 0xFFFF, |
21 "The value of CERT_STATUS_ALL_ERRORS changed!"); | 22 "The value of CERT_STATUS_ALL_ERRORS changed!"); |
22 static_assert(net::CERT_STATUS_COMMON_NAME_INVALID == 1 << 0, | 23 static_assert(net::CERT_STATUS_COMMON_NAME_INVALID == 1 << 0, |
23 "The value of CERT_STATUS_COMMON_NAME_INVALID changed!"); | 24 "The value of CERT_STATUS_COMMON_NAME_INVALID changed!"); |
24 static_assert(net::CERT_STATUS_DATE_INVALID == 1 << 1, | 25 static_assert(net::CERT_STATUS_DATE_INVALID == 1 << 1, |
25 "The value of CERT_STATUS_DATE_INVALID changed!"); | 26 "The value of CERT_STATUS_DATE_INVALID changed!"); |
(...skipping 17 matching lines...) Expand all Loading... | |
43 "The value of CERT_STATUS_IS_EV changed!"); | 44 "The value of CERT_STATUS_IS_EV changed!"); |
44 static_assert(net::CERT_STATUS_REV_CHECKING_ENABLED == 1 << 17, | 45 static_assert(net::CERT_STATUS_REV_CHECKING_ENABLED == 1 << 17, |
45 "The value of CERT_STATUS_REV_CHECKING_ENABLED changed!"); | 46 "The value of CERT_STATUS_REV_CHECKING_ENABLED changed!"); |
46 | 47 |
47 namespace { | 48 namespace { |
48 | 49 |
49 NSString* const kAllowedCertificatesKey = @"allowedCertificates"; | 50 NSString* const kAllowedCertificatesKey = @"allowedCertificates"; |
50 | 51 |
51 struct AllowedCertificate { | 52 struct AllowedCertificate { |
52 scoped_refptr<net::X509Certificate> certificate; | 53 scoped_refptr<net::X509Certificate> certificate; |
54 net::SHA256HashValue certificateHash; | |
53 std::string host; | 55 std::string host; |
54 }; | 56 }; |
55 | 57 |
56 class LessThan { | 58 class LessThan { |
57 public: | 59 public: |
58 bool operator() (const AllowedCertificate& lhs, | 60 bool operator() (const AllowedCertificate& lhs, |
59 const AllowedCertificate& rhs) const { | 61 const AllowedCertificate& rhs) const { |
60 if (lhs.host != rhs.host) | 62 if (lhs.host != rhs.host) |
61 return lhs.host < rhs.host; | 63 return lhs.host < rhs.host; |
62 return certificateCompare_(lhs.certificate, rhs.certificate); | 64 return hashCompare_(lhs.certificateHash, rhs.certificateHash); |
63 } | 65 } |
64 private: | 66 private: |
65 net::X509Certificate::LessThan certificateCompare_; | 67 net::SHA256HashValueLessThan hashCompare_; |
Eugene But (OOO till 7-30)
2016/06/16 01:14:34
Optional NIT: Since you touching this could you pl
Ryan Sleevi
2016/06/16 01:19:44
Happy to. This file seemed to follow obj-C naming
Eugene But (OOO till 7-30)
2016/06/16 01:36:23
This was a mix of C++ and Obj-C. In Obj-C leading
| |
66 }; | 68 }; |
67 | 69 |
68 typedef std::map<AllowedCertificate, net::CertStatus, LessThan> | 70 typedef std::map<AllowedCertificate, net::CertStatus, LessThan> |
69 AllowedCertificates; | 71 AllowedCertificates; |
70 | 72 |
71 NSData* CertificateToNSData(net::X509Certificate* certificate) { | 73 NSData* CertificateToNSData(net::X509Certificate* certificate) { |
72 std::string s; | 74 std::string s; |
73 bool success = | 75 bool success = |
74 net::X509Certificate::GetDEREncoded(certificate->os_cert_handle(), &s); | 76 net::X509Certificate::GetDEREncoded(certificate->os_cert_handle(), &s); |
75 DCHECK(success); | 77 DCHECK(success); |
(...skipping 22 matching lines...) Expand all Loading... | |
98 @private | 100 @private |
99 AllowedCertificates allowed_; | 101 AllowedCertificates allowed_; |
100 } | 102 } |
101 | 103 |
102 - (void)registerAllowedCertificate: | 104 - (void)registerAllowedCertificate: |
103 (const scoped_refptr<net::X509Certificate>)certificate | 105 (const scoped_refptr<net::X509Certificate>)certificate |
104 forHost:(const std::string&)host | 106 forHost:(const std::string&)host |
105 status:(net::CertStatus)status { | 107 status:(net::CertStatus)status { |
106 DCHECK([NSThread isMainThread]); | 108 DCHECK([NSThread isMainThread]); |
107 DCHECK(certificate); | 109 DCHECK(certificate); |
108 AllowedCertificate allowedCertificate = {certificate, host}; | 110 AllowedCertificate allowedCertificate = { |
111 certificate, net::X509Certificate::CalculateChainFingerprint256( | |
112 certificate->os_cert_handle(), | |
113 certificate->GetIntermediateCertificates()), | |
114 host}; | |
109 allowed_[allowedCertificate] = status; | 115 allowed_[allowedCertificate] = status; |
110 } | 116 } |
111 | 117 |
112 - (void)clearCertificates { | 118 - (void)clearCertificates { |
113 DCHECK([NSThread isMainThread]); | 119 DCHECK([NSThread isMainThread]); |
114 allowed_.clear(); | 120 allowed_.clear(); |
115 } | 121 } |
116 | 122 |
117 - (void)updateCertificatePolicyCache: | 123 - (void)updateCertificatePolicyCache: |
118 (const scoped_refptr<web::CertificatePolicyCache>&)cache { | 124 (const scoped_refptr<web::CertificatePolicyCache>&)cache { |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
175 } | 181 } |
176 | 182 |
177 - (id)copyWithZone:(NSZone*)zone { | 183 - (id)copyWithZone:(NSZone*)zone { |
178 DCHECK([NSThread isMainThread]); | 184 DCHECK([NSThread isMainThread]); |
179 CRWSessionCertificatePolicyManager* copy = [[[self class] alloc] init]; | 185 CRWSessionCertificatePolicyManager* copy = [[[self class] alloc] init]; |
180 copy->allowed_ = allowed_; | 186 copy->allowed_ = allowed_; |
181 return copy; | 187 return copy; |
182 } | 188 } |
183 | 189 |
184 @end | 190 @end |
OLD | NEW |