net/cert/x509_certificate_mac.cc - Issue 2610903003: [refactor] Extract the CertVerifyResult assignment of has_md2, has_md4,

Side by Side Diff: net/cert/x509_certificate_mac.cc

Issue 2610903003: [refactor] Extract the CertVerifyResult assignment of has_md2, has_md4, (Closed)

Patch Set: moar Created 3 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/x509_certificate.h"	5 #include "net/cert/x509_certificate.h"

6	6

7 #include <CommonCrypto/CommonDigest.h>	7 #include <CommonCrypto/CommonDigest.h>

8 #include <CoreServices/CoreServices.h>	8 #include <CoreServices/CoreServices.h>

9 #include <Security/Security.h>	9 #include <Security/Security.h>

10	10

(...skipping 500 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
511 case CSSM_ALGID_DH:	511 case CSSM_ALGID_DH:

512 *type = kPublicKeyTypeDH;	512 *type = kPublicKeyTypeDH;

513 break;	513 break;

514 default:	514 default:

515 *type = kPublicKeyTypeUnknown;	515 *type = kPublicKeyTypeUnknown;

516 *size_bits = 0;	516 *size_bits = 0;

517 break;	517 break;

518 }	518 }

519 }	519 }

520	520

	521 X509Certificate::SignatureHashAlgorithm

	522 X509Certificate::GetSignatureHashAlgorithm(OSCertHandle cert_handle) {

	523 x509_util::CSSMCachedCertificate cached_cert;

	524 OSStatus status = cached_cert.Init(cert_handle);

	525 if (status)

	526 return kSignatureHashAlgorithmOther;

	527 x509_util::CSSMFieldValue signature_field;
	Ryan Sleevi 2017/01/05 22:48:24 suggestion: newline between 526 & 527 suggestion: newline between 526 & 527 eroman 2017/01/05 23:36:31 Done. Show quoted text On 2017/01/05 22:48:24, Ryan Sleevi wrote: > suggestion: newline between 526 & 527 Done.
	528 status =

	529 cached_cert.GetField(&CSSMOID_X509V1SignatureAlgorithm, &signature_field);

	530 if (status \|\| !signature_field.field())

	531 return kSignatureHashAlgorithmOther;

	532 // Match the behaviour of OS X system tools and defensively check that

	533 // sizes are appropriate. This would indicate a critical failure of the

	534 // OS X certificate library, but based on history, it is best to play it

	535 // safe.
	Ryan Sleevi 2017/01/05 22:48:24 Can delete 532-535. I should have left those as CL Can delete 532-535. I should have left those as CL review comments. I would suggest a newline between 531 and 536 though. eroman 2017/01/05 23:36:31 Done. Show quoted text On 2017/01/05 22:48:24, Ryan Sleevi wrote: > Can delete 532-535. I should have left those as CL review comments. I would > suggest a newline between 531 and 536 though. Done.
	536 const CSSM_X509_ALGORITHM_IDENTIFIER* sig_algorithm =

	537 signature_field.GetAs<CSSM_X509_ALGORITHM_IDENTIFIER>();

	538 if (!sig_algorithm)

	539 return kSignatureHashAlgorithmOther;

	540

	541 const CSSM_OID* alg_oid = &sig_algorithm->algorithm;

	542 if (CSSMOIDEqual(alg_oid, &CSSMOID_MD2WithRSA))

	543 return kSignatureHashAlgorithmMd2;

	544 if (CSSMOIDEqual(alg_oid, &CSSMOID_MD4WithRSA))

	545 return kSignatureHashAlgorithmMd4;

	546 if (CSSMOIDEqual(alg_oid, &CSSMOID_MD5WithRSA))

	547 return kSignatureHashAlgorithmMd5;

	548 if (CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithRSA) \|\|

	549 CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithRSA_OIW) \|\|

	550 CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithDSA) \|\|

	551 CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithDSA_CMS) \|\|

	552 CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithDSA_JDK) \|\|

	553 CSSMOIDEqual(alg_oid, &CSSMOID_ECDSA_WithSHA1)) {

	554 return kSignatureHashAlgorithmSha1;

	555 }

	556

	557 return kSignatureHashAlgorithmOther;

	558 }

	559

521 // static	560 // static

522 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {	561 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {

523 x509_util::CSSMCachedCertificate cached_cert;	562 x509_util::CSSMCachedCertificate cached_cert;

524 OSStatus status = cached_cert.Init(cert_handle);	563 OSStatus status = cached_cert.Init(cert_handle);

525 if (status != noErr)	564 if (status != noErr)

526 return false;	565 return false;

527	566

528 x509_util::CSSMFieldValue subject;	567 x509_util::CSSMFieldValue subject;

529 status = cached_cert.GetField(&CSSMOID_X509V1SubjectNameStd, &subject);	568 status = cached_cert.GetField(&CSSMOID_X509V1SubjectNameStd, &subject);

530 if (status != CSSM_OK \|\| !subject.field())	569 if (status != CSSM_OK \|\| !subject.field())

(...skipping 20 matching lines...) Expand all Loading...
551 return false;	590 return false;

552	591

553 if (CSSM_CL_CertVerify(cl_handle, 0, &cert_data, &cert_data, NULL, 0))	592 if (CSSM_CL_CertVerify(cl_handle, 0, &cert_data, &cert_data, NULL, 0))

554 return false;	593 return false;

555 return true;	594 return true;

556 }	595 }

557	596

558 #pragma clang diagnostic pop // "-Wdeprecated-declarations"	597 #pragma clang diagnostic pop // "-Wdeprecated-declarations"

559	598

560 } // namespace net	599 } // namespace net

OLD	NEW

« net/cert/x509_certificate_ios.cc ('K') | « net/cert/x509_certificate_ios.cc ('k') | net/cert/x509_certificate_nss.cc » ('j') | no next file with comments »