Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(368)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/sec_trust_util.cc

Issue 2225483002: [ios] Removed CertVerifierBlockAdapter. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Self review Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/sec_trust_util.h ('K') | « net/cert/sec_trust_util.h ('k') | net/cert/sec_trust_util_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/sec_trust_util.h"
6
7 #include "base/mac/scoped_cftyperef.h"
8
9 using base::ScopedCFTypeRef;
10
11 namespace net {
12
13 // The iOS APIs don't expose an API-stable set of reasons for certificate
14 // validation failures. However, internally, the reason is tracked, and it's
15 // converted to user-facing localized strings.
16 //
17 // In the absence of a consistent API, convert the English strings to their
18 // localized counterpart, and then compare that with the error properties. If
19 // they're equal, it's a strong sign that this was the cause for the error.
20 // While this will break if/when iOS changes the contents of these strings,
21 // it's sufficient enough for now.
22 //
23 // TODO(rsleevi): https://crbug.com/601915 - Use a less brittle solution when
24 // possible.
25 CertStatus GetCertFailureStatusFromTrust(SecTrustRef trust) {
26 CertStatus reason = 0;
27
28 base::ScopedCFTypeRef<CFArrayRef> properties(SecTrustCopyProperties(trust));
29 if (!properties)
30 return CERT_STATUS_INVALID;
31
32 const CFIndex properties_length = CFArrayGetCount(properties);
33 if (properties_length == 0)
34 return CERT_STATUS_INVALID;
35
36 CFBundleRef bundle =
37 CFBundleGetBundleWithIdentifier(CFSTR("com.apple.Security"));
38 CFStringRef date_string =
39 CFSTR("One or more certificates have expired or are not valid yet.");
40 ScopedCFTypeRef<CFStringRef> date_error(CFBundleCopyLocalizedString(
41 bundle, date_string, date_string, CFSTR("SecCertificate")));
42 CFStringRef trust_string = CFSTR("Root certificate is not trusted.");
43 ScopedCFTypeRef<CFStringRef> trust_error(CFBundleCopyLocalizedString(
44 bundle, trust_string, trust_string, CFSTR("SecCertificate")));
45 CFStringRef weak_string =
46 CFSTR("One or more certificates is using a weak key size.");
47 ScopedCFTypeRef<CFStringRef> weak_error(CFBundleCopyLocalizedString(
48 bundle, weak_string, weak_string, CFSTR("SecCertificate")));
49
50 for (CFIndex i = 0; i < properties_length; ++i) {
51 CFDictionaryRef dict = reinterpret_cast<CFDictionaryRef>(
52 const_cast<void*>(CFArrayGetValueAtIndex(properties, i)));
53 CFStringRef error = reinterpret_cast<CFStringRef>(
54 const_cast<void*>(CFDictionaryGetValue(dict, CFSTR("value"))));
55
56 if (CFEqual(error, date_error)) {
57 reason |= CERT_STATUS_DATE_INVALID;
58 } else if (CFEqual(error, trust_error)) {
59 reason |= CERT_STATUS_AUTHORITY_INVALID;
60 } else if (CFEqual(error, weak_error)) {
61 reason |= CERT_STATUS_WEAK_KEY;
62 } else {
63 reason |= CERT_STATUS_INVALID;
64 }
65 }
66
67 return reason;
68 }
69
70 } // namespace net
OLDNEW
« net/cert/sec_trust_util.h ('K') | « net/cert/sec_trust_util.h ('k') | net/cert/sec_trust_util_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698