Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(185)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_android.cc

Issue 2610903003: [refactor] Extract the CertVerifyResult assignment of has_md2, has_md4, (Closed)
Patch Set: address comments Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/cert_verify_proc.cc ('k') | net/cert/cert_verify_proc_ios.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc_android.h" 5 #include "net/cert/cert_verify_proc_android.h"
6 6
7 #include <string> 7 #include <string>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after
80 chain.insert(chain.end(), intermediates.begin(), intermediates.end()); 80 chain.insert(chain.end(), intermediates.begin(), intermediates.end());
81 81
82 // If the chain successfully verified, ignore the trust anchor (the last 82 // If the chain successfully verified, ignore the trust anchor (the last
83 // certificate). Otherwise, assume the chain is partial. This is not entirely 83 // certificate). Otherwise, assume the chain is partial. This is not entirely
84 // correct, as a full chain may have been constructed and then failed to 84 // correct, as a full chain may have been constructed and then failed to
85 // validate. However, if that is the case, the more serious error will 85 // validate. However, if that is the case, the more serious error will
86 // override any SHA-1 considerations. 86 // override any SHA-1 considerations.
87 size_t correction_for_root = 87 size_t correction_for_root =
88 (status == android::CERT_VERIFY_STATUS_ANDROID_OK) ? 1 : 0; 88 (status == android::CERT_VERIFY_STATUS_ANDROID_OK) ? 1 : 0;
89 for (size_t i = 0; i < chain.size() - correction_for_root; ++i) { 89 for (size_t i = 0; i < chain.size() - correction_for_root; ++i) {
90 int sig_alg = OBJ_obj2nid(chain[i]->sig_alg->algorithm); 90 FillCertVerifyResultWeakSignature(chain[i], i == 0, verify_result);
91 if (sig_alg == NID_md2WithRSAEncryption) {
92 verify_result->has_md2 = true;
93 } else if (sig_alg == NID_md4WithRSAEncryption) {
94 verify_result->has_md4 = true;
95 } else if (sig_alg == NID_md5WithRSAEncryption ||
96 sig_alg == NID_md5WithRSA) {
97 verify_result->has_md5 = true;
98 } else if (sig_alg == NID_sha1WithRSAEncryption ||
99 sig_alg == NID_dsaWithSHA || sig_alg == NID_dsaWithSHA1 ||
100 sig_alg == NID_dsaWithSHA1_2 || sig_alg == NID_sha1WithRSA ||
101 sig_alg == NID_ecdsa_with_SHA1) {
102 verify_result->has_sha1 = true;
103 if (i == 0)
104 verify_result->has_sha1_leaf = true;
105 }
106 } 91 }
107 92
108 // Extract the public key hashes. 93 // Extract the public key hashes.
109 for (size_t i = 0; i < verified_chain.size(); i++) { 94 for (size_t i = 0; i < verified_chain.size(); i++) {
110 base::StringPiece spki_bytes; 95 base::StringPiece spki_bytes;
111 if (!asn1::ExtractSPKIFromDERCert(verified_chain[i], &spki_bytes)) 96 if (!asn1::ExtractSPKIFromDERCert(verified_chain[i], &spki_bytes))
112 continue; 97 continue;
113 98
114 HashValue sha1(HASH_VALUE_SHA1); 99 HashValue sha1(HASH_VALUE_SHA1);
115 base::SHA1HashBytes(reinterpret_cast<const uint8_t*>(spki_bytes.data()), 100 base::SHA1HashBytes(reinterpret_cast<const uint8_t*>(spki_bytes.data()),
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after
180 NOTREACHED(); 165 NOTREACHED();
181 return ERR_FAILED; 166 return ERR_FAILED;
182 } 167 }
183 if (IsCertStatusError(verify_result->cert_status)) 168 if (IsCertStatusError(verify_result->cert_status))
184 return MapCertStatusToNetError(verify_result->cert_status); 169 return MapCertStatusToNetError(verify_result->cert_status);
185 170
186 return OK; 171 return OK;
187 } 172 }
188 173
189 } // namespace net 174 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/cert_verify_proc.cc ('k') | net/cert/cert_verify_proc_ios.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698