[ios] Removed CertVerifierBlockAdapter.

net/cert/cert_verify_proc_ios.cc

 // Copyright (c) 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/cert_verify_proc_ios.h"
 
 #include <CommonCrypto/CommonDigest.h>
-#include <Security/Security.h>
 
 #include "base/logging.h"
 #include "base/mac/scoped_cftyperef.h"
 #include "crypto/sha2.h"
 #include "net/base/net_errors.h"
 #include "net/cert/asn1_util.h"
 #include "net/cert/cert_verify_result.h"
 #include "net/cert/test_root_certs.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/openssl_ssl_util.h"
@@ skipping 146 matching lines @@
   }
   if (!verified_cert) {
     NOTREACHED();
     return;
   }
 
   verify_result->verified_cert =
       X509Certificate::CreateFromHandle(verified_cert, verified_chain);
 }
 
+}  // namespace
+
+CertVerifyProcIOS::CertVerifyProcIOS() {}
+
 // The iOS APIs don't expose an API-stable set of reasons for certificate
 // validation failures. However, internally, the reason is tracked, and it's
 // converted to user-facing localized strings.
 //
 // In the absence of a consistent API, convert the English strings to their
 // localized counterpart, and then compare that with the error properties. If
 // they're equal, it's a strong sign that this was the cause for the error.
 // While this will break if/when iOS changes the contents of these strings,
 // it's sufficient enough for now.
 //
 // TODO(rsleevi): https://crbug.com/601915 - Use a less brittle solution when
 // possible.
-CertStatus GetFailureFromTrustProperties(CFArrayRef properties) {
+// static
+CertStatus CertVerifyProcIOS::GetCertFailureStatusFromTrust(SecTrustRef trust) {
   CertStatus reason = 0;
 
+  base::ScopedCFTypeRef<CFArrayRef> properties(SecTrustCopyProperties(trust));
   if (!properties)
     return CERT_STATUS_INVALID;
 
   const CFIndex properties_length = CFArrayGetCount(properties);
   if (properties_length == 0)
     return CERT_STATUS_INVALID;
 
   CFBundleRef bundle =
       CFBundleGetBundleWithIdentifier(CFSTR("com.apple.Security"));
   CFStringRef date_string =
       CFSTR("One or more certificates have expired or are not valid yet.");
   ScopedCFTypeRef<CFStringRef> date_error(CFBundleCopyLocalizedString(
       bundle, date_string, date_string, CFSTR("SecCertificate")));
   CFStringRef trust_string = CFSTR("Root certificate is not trusted.");
   ScopedCFTypeRef<CFStringRef> trust_error(CFBundleCopyLocalizedString(
       bundle, trust_string, trust_string, CFSTR("SecCertificate")));
   CFStringRef weak_string =
       CFSTR("One or more certificates is using a weak key size.");
   ScopedCFTypeRef<CFStringRef> weak_error(CFBundleCopyLocalizedString(
       bundle, weak_string, weak_string, CFSTR("SecCertificate")));
+  CFStringRef hostname_mismatch_string = CFSTR("Hostname mismatch.");
+  ScopedCFTypeRef<CFStringRef> hostname_mismatch_error(
+      CFBundleCopyLocalizedString(bundle, hostname_mismatch_string,
+                                  hostname_mismatch_string,
+                                  CFSTR("SecCertificate")));
 
   for (CFIndex i = 0; i < properties_length; ++i) {
     CFDictionaryRef dict = reinterpret_cast<CFDictionaryRef>(
         const_cast<void*>(CFArrayGetValueAtIndex(properties, i)));
     CFStringRef error = reinterpret_cast<CFStringRef>(
         const_cast<void*>(CFDictionaryGetValue(dict, CFSTR("value"))));
 
     if (CFEqual(error, date_error)) {
       reason |= CERT_STATUS_DATE_INVALID;
     } else if (CFEqual(error, trust_error)) {
       reason |= CERT_STATUS_AUTHORITY_INVALID;
     } else if (CFEqual(error, weak_error)) {
       reason |= CERT_STATUS_WEAK_KEY;
+    } else if (CFEqual(error, hostname_mismatch_error)) {
+      reason |= CERT_STATUS_COMMON_NAME_INVALID;
     } else {
       reason |= CERT_STATUS_INVALID;
     }
   }
 
   return reason;
 }
 
-}  // namespace
-
-CertVerifyProcIOS::CertVerifyProcIOS() {}
-
-CertVerifyProcIOS::~CertVerifyProcIOS() {}
-
 bool CertVerifyProcIOS::SupportsAdditionalTrustAnchors() const {
   return false;
 }
 
 bool CertVerifyProcIOS::SupportsOCSPStapling() const {
   return false;
 }
 
+CertVerifyProcIOS::~CertVerifyProcIOS() = default;
+
 int CertVerifyProcIOS::VerifyInternal(
     X509Certificate* cert,
     const std::string& hostname,
     const std::string& ocsp_response,
     int flags,
     CRLSet* crl_set,
     const CertificateList& additional_trust_anchors,
     CertVerifyResult* verify_result) {
   ScopedCFTypeRef<CFArrayRef> trust_policies;
   OSStatus status = CreateTrustPolicies(&trust_policies);
@@ skipping 16 matching lines @@
 
   // TODO(sleevi): Support CRLSet revocation.
   switch (trust_result) {
     case kSecTrustResultUnspecified:
     case kSecTrustResultProceed:
       break;
     case kSecTrustResultDeny:
       verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID;
       break;
     default:
-      ScopedCFTypeRef<CFArrayRef> properties(SecTrustCopyProperties(trust_ref));
-      verify_result->cert_status |= GetFailureFromTrustProperties(properties);
+      verify_result->cert_status |= GetCertFailureStatusFromTrust(trust_ref);
   }
 
   GetCertChainInfo(final_chain, verify_result);
 
   // Perform hostname verification independent of SecTrustEvaluate.
   if (!verify_result->verified_cert->VerifyNameMatch(
           hostname, &verify_result->common_name_fallback_used)) {
     verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;
   }
 
   verify_result->is_issued_by_known_root = false;
 
   if (IsCertStatusError(verify_result->cert_status))
     return MapCertStatusToNetError(verify_result->cert_status);
 
   return OK;
 }
 
 }  // namespace net