OLD | NEW |
---|---|
1 // Copyright 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #import "ios/web/navigation/crw_session_certificate_policy_manager.h" | 5 #import "ios/web/navigation/crw_session_certificate_policy_manager.h" |
6 | 6 |
7 #include <map> | 7 #include <map> |
8 #include <set> | 8 #include <set> |
9 | 9 |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
11 #include "base/location.h" | 11 #include "base/location.h" |
12 #include "base/logging.h" | 12 #include "base/logging.h" |
13 #include "base/strings/sys_string_conversions.h" | 13 #include "base/strings/sys_string_conversions.h" |
14 #include "ios/web/public/certificate_policy_cache.h" | 14 #include "ios/web/public/certificate_policy_cache.h" |
15 #include "ios/web/public/web_thread.h" | 15 #include "ios/web/public/web_thread.h" |
16 #include "net/base/hash_value.h" | |
16 #include "net/cert/x509_certificate.h" | 17 #include "net/cert/x509_certificate.h" |
17 | 18 |
18 // Break if we detect that CertStatus values changed, because we persist them on | 19 // Break if we detect that CertStatus values changed, because we persist them on |
19 // disk and thus require them to be consistent. | 20 // disk and thus require them to be consistent. |
20 static_assert(net::CERT_STATUS_ALL_ERRORS == 0xFFFF, | 21 static_assert(net::CERT_STATUS_ALL_ERRORS == 0xFFFF, |
21 "The value of CERT_STATUS_ALL_ERRORS changed!"); | 22 "The value of CERT_STATUS_ALL_ERRORS changed!"); |
22 static_assert(net::CERT_STATUS_COMMON_NAME_INVALID == 1 << 0, | 23 static_assert(net::CERT_STATUS_COMMON_NAME_INVALID == 1 << 0, |
23 "The value of CERT_STATUS_COMMON_NAME_INVALID changed!"); | 24 "The value of CERT_STATUS_COMMON_NAME_INVALID changed!"); |
24 static_assert(net::CERT_STATUS_DATE_INVALID == 1 << 1, | 25 static_assert(net::CERT_STATUS_DATE_INVALID == 1 << 1, |
25 "The value of CERT_STATUS_DATE_INVALID changed!"); | 26 "The value of CERT_STATUS_DATE_INVALID changed!"); |
(...skipping 17 matching lines...) Expand all Loading... | |
43 "The value of CERT_STATUS_IS_EV changed!"); | 44 "The value of CERT_STATUS_IS_EV changed!"); |
44 static_assert(net::CERT_STATUS_REV_CHECKING_ENABLED == 1 << 17, | 45 static_assert(net::CERT_STATUS_REV_CHECKING_ENABLED == 1 << 17, |
45 "The value of CERT_STATUS_REV_CHECKING_ENABLED changed!"); | 46 "The value of CERT_STATUS_REV_CHECKING_ENABLED changed!"); |
46 | 47 |
47 namespace { | 48 namespace { |
48 | 49 |
49 NSString* const kAllowedCertificatesKey = @"allowedCertificates"; | 50 NSString* const kAllowedCertificatesKey = @"allowedCertificates"; |
50 | 51 |
51 struct AllowedCertificate { | 52 struct AllowedCertificate { |
52 scoped_refptr<net::X509Certificate> certificate; | 53 scoped_refptr<net::X509Certificate> certificate; |
54 net::SHA256HashValue certificateHash; | |
eroman
2016/06/09 22:18:25
Is the use of camel case here intentional?
(Not fa
Ryan Sleevi
2016/06/09 22:59:36
Yeah, obj-C rules - https://google.github.io/style
| |
53 std::string host; | 55 std::string host; |
54 }; | 56 }; |
55 | 57 |
56 class LessThan { | 58 class LessThan { |
57 public: | 59 public: |
58 bool operator() (const AllowedCertificate& lhs, | 60 bool operator() (const AllowedCertificate& lhs, |
59 const AllowedCertificate& rhs) const { | 61 const AllowedCertificate& rhs) const { |
60 if (lhs.host != rhs.host) | 62 if (lhs.host != rhs.host) |
61 return lhs.host < rhs.host; | 63 return lhs.host < rhs.host; |
62 return certificateCompare_(lhs.certificate, rhs.certificate); | 64 return hashCompare_(lhs.certificateHash, rhs.certificateHash); |
eroman
2016/06/09 22:18:25
IMPORTANT: Where is certificateHash initialized?
Ryan Sleevi
2016/06/09 22:59:36
It's an object itself (an object functor) so it's
| |
63 } | 65 } |
64 private: | 66 private: |
65 net::X509Certificate::LessThan certificateCompare_; | 67 net::SHA256HashValue::LessThan hashCompare_; |
eroman
2016/06/09 22:18:25
I thought it was SHA256HashValueLessThan?
Also wei
Ryan Sleevi
2016/06/09 22:59:36
You're right, it's a typo.
| |
66 }; | 68 }; |
67 | 69 |
68 typedef std::map<AllowedCertificate, net::CertStatus, LessThan> | 70 typedef std::map<AllowedCertificate, net::CertStatus, LessThan> |
69 AllowedCertificates; | 71 AllowedCertificates; |
70 | 72 |
71 NSData* CertificateToNSData(net::X509Certificate* certificate) { | 73 NSData* CertificateToNSData(net::X509Certificate* certificate) { |
72 std::string s; | 74 std::string s; |
73 bool success = | 75 bool success = |
74 net::X509Certificate::GetDEREncoded(certificate->os_cert_handle(), &s); | 76 net::X509Certificate::GetDEREncoded(certificate->os_cert_handle(), &s); |
75 DCHECK(success); | 77 DCHECK(success); |
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
175 } | 177 } |
176 | 178 |
177 - (id)copyWithZone:(NSZone*)zone { | 179 - (id)copyWithZone:(NSZone*)zone { |
178 DCHECK([NSThread isMainThread]); | 180 DCHECK([NSThread isMainThread]); |
179 CRWSessionCertificatePolicyManager* copy = [[[self class] alloc] init]; | 181 CRWSessionCertificatePolicyManager* copy = [[[self class] alloc] init]; |
180 copy->allowed_ = allowed_; | 182 copy->allowed_ = allowed_; |
181 return copy; | 183 return copy; |
182 } | 184 } |
183 | 185 |
184 @end | 186 @end |
OLD | NEW |