Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(539)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/x509_certificate_mac.cc

Issue 2610903003: [refactor] Extract the CertVerifyResult assignment of has_md2, has_md4, (Closed)
Patch Set: moar Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cert/x509_certificate_ios.cc ('K') | « net/cert/x509_certificate_ios.cc ('k') | net/cert/x509_certificate_nss.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/x509_certificate_mac.cc
diff --git a/net/cert/x509_certificate_mac.cc b/net/cert/x509_certificate_mac.cc
index 8e6ecf9fb42a026f72c2a1813fa71ed851930f52..175543d7d4c69150d9f9630fde27ae4d184299bf 100644
--- a/net/cert/x509_certificate_mac.cc
+++ b/net/cert/x509_certificate_mac.cc
@@ -518,6 +518,45 @@ void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,
}
}
+X509Certificate::SignatureHashAlgorithm
+X509Certificate::GetSignatureHashAlgorithm(OSCertHandle cert_handle) {
+ x509_util::CSSMCachedCertificate cached_cert;
+ OSStatus status = cached_cert.Init(cert_handle);
+ if (status)
+ return kSignatureHashAlgorithmOther;
+ x509_util::CSSMFieldValue signature_field;
Ryan Sleevi 2017/01/05 22:48:24 suggestion: newline between 526 & 527
eroman 2017/01/05 23:36:31 Done.
+ status =
+ cached_cert.GetField(&CSSMOID_X509V1SignatureAlgorithm, &signature_field);
+ if (status || !signature_field.field())
+ return kSignatureHashAlgorithmOther;
+ // Match the behaviour of OS X system tools and defensively check that
+ // sizes are appropriate. This would indicate a critical failure of the
+ // OS X certificate library, but based on history, it is best to play it
+ // safe.
Ryan Sleevi 2017/01/05 22:48:24 Can delete 532-535. I should have left those as CL
eroman 2017/01/05 23:36:31 Done.
+ const CSSM_X509_ALGORITHM_IDENTIFIER* sig_algorithm =
+ signature_field.GetAs<CSSM_X509_ALGORITHM_IDENTIFIER>();
+ if (!sig_algorithm)
+ return kSignatureHashAlgorithmOther;
+
+ const CSSM_OID* alg_oid = &sig_algorithm->algorithm;
+ if (CSSMOIDEqual(alg_oid, &CSSMOID_MD2WithRSA))
+ return kSignatureHashAlgorithmMd2;
+ if (CSSMOIDEqual(alg_oid, &CSSMOID_MD4WithRSA))
+ return kSignatureHashAlgorithmMd4;
+ if (CSSMOIDEqual(alg_oid, &CSSMOID_MD5WithRSA))
+ return kSignatureHashAlgorithmMd5;
+ if (CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithRSA) ||
+ CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithRSA_OIW) ||
+ CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithDSA) ||
+ CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithDSA_CMS) ||
+ CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithDSA_JDK) ||
+ CSSMOIDEqual(alg_oid, &CSSMOID_ECDSA_WithSHA1)) {
+ return kSignatureHashAlgorithmSha1;
+ }
+
+ return kSignatureHashAlgorithmOther;
+}
+
// static
bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {
x509_util::CSSMCachedCertificate cached_cert;
« net/cert/x509_certificate_ios.cc ('K') | « net/cert/x509_certificate_ios.cc ('k') | net/cert/x509_certificate_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698