Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(176)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/cert_verify_proc_mac.cc

Issue 2610903003: [refactor] Extract the CertVerifyResult assignment of has_md2, has_md4, (Closed)
Patch Set: moar Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cert/cert_verify_proc.cc ('K') | « net/cert/cert_verify_proc_ios.cc ('k') | net/cert/cert_verify_proc_nss.cc » ('j') | net/cert/x509_certificate.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/cert_verify_proc_mac.cc
diff --git a/net/cert/cert_verify_proc_mac.cc b/net/cert/cert_verify_proc_mac.cc
index 08f1b887f59dbcad6b8a2c2d304bce7117ed5e53..375e4108fab0197f68c1d3fa06ccbe5ff3863405 100644
--- a/net/cert/cert_verify_proc_mac.cc
+++ b/net/cert/cert_verify_proc_mac.cc
@@ -215,49 +215,11 @@ void GetCertChainInfo(CFArrayRef cert_chain,
continue;
}
- x509_util::CSSMCachedCertificate cached_cert;
- OSStatus status = cached_cert.Init(chain_cert);
- if (status)
- continue;
- x509_util::CSSMFieldValue signature_field;
- status = cached_cert.GetField(&CSSMOID_X509V1SignatureAlgorithm,
- &signature_field);
- if (status || !signature_field.field())
- continue;
- // Match the behaviour of OS X system tools and defensively check that
- // sizes are appropriate. This would indicate a critical failure of the
- // OS X certificate library, but based on history, it is best to play it
- // safe.
- const CSSM_X509_ALGORITHM_IDENTIFIER* sig_algorithm =
- signature_field.GetAs<CSSM_X509_ALGORITHM_IDENTIFIER>();
- if (!sig_algorithm)
- continue;
-
- const CSSM_OID* alg_oid = &sig_algorithm->algorithm;
- if (CSSMOIDEqual(alg_oid, &CSSMOID_MD2WithRSA)) {
- verify_result->has_md2 = true;
- if (i == 0)
- *leaf_is_weak = true;
- } else if (CSSMOIDEqual(alg_oid, &CSSMOID_MD4WithRSA)) {
- verify_result->has_md4 = true;
- if (i == 0)
- *leaf_is_weak = true;
- } else if (CSSMOIDEqual(alg_oid, &CSSMOID_MD5WithRSA)) {
- verify_result->has_md5 = true;
- if (i == 0)
- *leaf_is_weak = true;
- } else if (CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithRSA) ||
- CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithRSA_OIW) ||
- CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithDSA) ||
- CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithDSA_CMS) ||
- CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithDSA_JDK) ||
- CSSMOIDEqual(alg_oid, &CSSMOID_ECDSA_WithSHA1)) {
- verify_result->has_sha1 = true;
- if (i == 0) {
- verify_result->has_sha1_leaf = true;
- *leaf_is_weak = true;
- }
- }
+ bool is_leaf = i == 0;
+ auto hash_is_weak =
Ryan Sleevi 2017/01/05 22:48:24 I would definitely argue this use of "auto" is not
eroman 2017/01/05 23:21:53 Agreed auto is wrong here (left over from earlier
eroman 2017/01/05 23:36:30 Done.
+ FillCertVerifyResultWeakSignature(chain_cert, is_leaf, verify_result);
+ if (is_leaf && hash_is_weak)
+ *leaf_is_weak = hash_is_weak;
}
if (!verified_cert) {
NOTREACHED();
« net/cert/cert_verify_proc.cc ('K') | « net/cert/cert_verify_proc_ios.cc ('k') | net/cert/cert_verify_proc_nss.cc » ('j') | net/cert/x509_certificate.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698