| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc_nss.h" | 5 #include "net/cert/cert_verify_proc_nss.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <nss.h> | 8 #include <nss.h> |
| 9 #include <prerror.h> | 9 #include <prerror.h> |
| 10 #include <secerr.h> | 10 #include <secerr.h> |
| (...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 185 // whose key is equal to |next_cert|, and not a self-issued | 185 // whose key is equal to |next_cert|, and not a self-issued |
| 186 // certificate signed by another key of the same CA. | 186 // certificate signed by another key of the same CA. |
| 187 if (next_cert && SECITEM_ItemsAreEqual(&node->cert->derPublicKey, | 187 if (next_cert && SECITEM_ItemsAreEqual(&node->cert->derPublicKey, |
| 188 &next_cert->derPublicKey)) { | 188 &next_cert->derPublicKey)) { |
| 189 continue; | 189 continue; |
| 190 } | 190 } |
| 191 } | 191 } |
| 192 verified_chain.push_back(node->cert); | 192 verified_chain.push_back(node->cert); |
| 193 } | 193 } |
| 194 | 194 |
| 195 SECAlgorithmID& signature = node->cert->signature; | 195 FillCertVerifyResultWeakSignature(node->cert, i == 0, verify_result); |
| 196 SECOidTag oid_tag = SECOID_FindOIDTag(&signature.algorithm); | |
| 197 switch (oid_tag) { | |
| 198 case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: | |
| 199 verify_result->has_md5 = true; | |
| 200 break; | |
| 201 case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: | |
| 202 verify_result->has_md2 = true; | |
| 203 break; | |
| 204 case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION: | |
| 205 verify_result->has_md4 = true; | |
| 206 break; | |
| 207 case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: | |
| 208 case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE: | |
| 209 case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST: | |
| 210 case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: | |
| 211 verify_result->has_sha1 = true; | |
| 212 if (i == 0) | |
| 213 verify_result->has_sha1_leaf = true; | |
| 214 break; | |
| 215 default: | |
| 216 break; | |
| 217 } | |
| 218 } | 196 } |
| 219 | 197 |
| 220 if (root_cert) | 198 if (root_cert) |
| 221 verified_chain.push_back(root_cert); | 199 verified_chain.push_back(root_cert); |
| 222 verify_result->verified_cert = | 200 verify_result->verified_cert = |
| 223 X509Certificate::CreateFromHandle(verified_cert, verified_chain); | 201 X509Certificate::CreateFromHandle(verified_cert, verified_chain); |
| 224 } | 202 } |
| 225 | 203 |
| 226 // IsKnownRoot returns true if the given certificate is one that we believe | 204 // IsKnownRoot returns true if the given certificate is one that we believe |
| 227 // is a standard (as opposed to user-installed) root. | 205 // is a standard (as opposed to user-installed) root. |
| (...skipping 755 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 983 CRLSet* crl_set, | 961 CRLSet* crl_set, |
| 984 const CertificateList& additional_trust_anchors, | 962 const CertificateList& additional_trust_anchors, |
| 985 CertVerifyResult* verify_result) { | 963 CertVerifyResult* verify_result) { |
| 986 return VerifyInternalImpl(cert, hostname, ocsp_response, flags, crl_set, | 964 return VerifyInternalImpl(cert, hostname, ocsp_response, flags, crl_set, |
| 987 additional_trust_anchors, | 965 additional_trust_anchors, |
| 988 NULL, // chain_verify_callback | 966 NULL, // chain_verify_callback |
| 989 verify_result); | 967 verify_result); |
| 990 } | 968 } |
| 991 | 969 |
| 992 } // namespace net | 970 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2610903003:
[refactor] Extract the CertVerifyResult assignment of has_md2, has_md4, (Closed)
