OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "ios/web/public/cert_policy.h" | 5 #include "ios/web/public/cert_policy.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "net/cert/x509_certificate.h" | 8 #include "net/cert/x509_certificate.h" |
9 | 9 |
10 namespace web { | 10 namespace web { |
11 | 11 |
12 CertPolicy::CertPolicy() { | 12 CertPolicy::CertPolicy() { |
13 } | 13 } |
14 | 14 |
15 CertPolicy::~CertPolicy() { | 15 CertPolicy::~CertPolicy() { |
16 } | 16 } |
17 | 17 |
18 // We consider a given |cert| to be a match to a saved allowed cert if the | 18 // We consider a given |cert| to be a match to a saved allowed cert if the |
19 // |error| is an exact match to or subset of the errors in the saved CertStatus. | 19 // |error| is an exact match to or subset of the errors in the saved CertStatus. |
20 CertPolicy::Judgment CertPolicy::Check(net::X509Certificate* cert, | 20 CertPolicy::Judgment CertPolicy::Check(net::X509Certificate* cert, |
21 net::CertStatus error) const { | 21 net::CertStatus error) const { |
22 std::map<net::SHA1HashValue, | 22 auto allowed_iter = |
23 net::CertStatus, | 23 allowed_.find(net::X509Certificate::CalculateChainFingerprint256( |
24 net::SHA1HashValueLessThan>::const_iterator allowed_iter = | 24 cert->os_cert_handle(), cert->GetIntermediateCertificates())); |
25 allowed_.find(cert->fingerprint()); | |
26 if ((allowed_iter != allowed_.end()) && (allowed_iter->second & error) && | 25 if ((allowed_iter != allowed_.end()) && (allowed_iter->second & error) && |
27 !(~(allowed_iter->second & error) ^ ~error)) { | 26 !(~(allowed_iter->second & error) ^ ~error)) { |
28 return ALLOWED; | 27 return ALLOWED; |
29 } | 28 } |
30 return UNKNOWN; // We don't have a policy for this cert. | 29 return UNKNOWN; // We don't have a policy for this cert. |
31 } | 30 } |
32 | 31 |
33 void CertPolicy::Allow(net::X509Certificate* cert, net::CertStatus error) { | 32 void CertPolicy::Allow(net::X509Certificate* cert, net::CertStatus error) { |
34 // If this same cert had already been saved with a different error status, | 33 // If this same cert had already been saved with a different error status, |
35 // this will replace it with the new error status. | 34 // this will replace it with the new error status. |
36 allowed_[cert->fingerprint()] = error; | 35 allowed_[net::X509Certificate::CalculateChainFingerprint256( |
| 36 cert->os_cert_handle(), cert->GetIntermediateCertificates())] = error; |
37 } | 37 } |
38 | 38 |
39 } // namespace web | 39 } // namespace web |
OLD | NEW |