| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc_android.h" | 5 #include "net/cert/cert_verify_proc_android.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 72 verify_result->verified_cert = verified_cert; | 72 verify_result->verified_cert = verified_cert; |
| 73 } | 73 } |
| 74 | 74 |
| 75 // Extract the algorithm information from the certs | 75 // Extract the algorithm information from the certs |
| 76 X509Certificate::OSCertHandles chain; | 76 X509Certificate::OSCertHandles chain; |
| 77 const X509Certificate::OSCertHandles& intermediates = | 77 const X509Certificate::OSCertHandles& intermediates = |
| 78 verify_result->verified_cert->GetIntermediateCertificates(); | 78 verify_result->verified_cert->GetIntermediateCertificates(); |
| 79 chain.push_back(verify_result->verified_cert->os_cert_handle()); | 79 chain.push_back(verify_result->verified_cert->os_cert_handle()); |
| 80 chain.insert(chain.end(), intermediates.begin(), intermediates.end()); | 80 chain.insert(chain.end(), intermediates.begin(), intermediates.end()); |
| 81 | 81 |
| 82 // If the chain successfully verified, ignore the trust anchor (the last | |
| 83 // certificate). Otherwise, assume the chain is partial. This is not entirely | |
| 84 // correct, as a full chain may have been constructed and then failed to | |
| 85 // validate. However, if that is the case, the more serious error will | |
| 86 // override any SHA-1 considerations. | |
| 87 size_t correction_for_root = | |
| 88 (status == android::CERT_VERIFY_STATUS_ANDROID_OK) ? 1 : 0; | |
| 89 for (size_t i = 0; i < chain.size() - correction_for_root; ++i) { | |
| 90 FillCertVerifyResultWeakSignature(chain[i], i == 0, verify_result); | |
| 91 } | |
| 92 | |
| 93 // Extract the public key hashes. | 82 // Extract the public key hashes. |
| 94 for (size_t i = 0; i < verified_chain.size(); i++) { | 83 for (size_t i = 0; i < verified_chain.size(); i++) { |
| 95 base::StringPiece spki_bytes; | 84 base::StringPiece spki_bytes; |
| 96 if (!asn1::ExtractSPKIFromDERCert(verified_chain[i], &spki_bytes)) | 85 if (!asn1::ExtractSPKIFromDERCert(verified_chain[i], &spki_bytes)) |
| 97 continue; | 86 continue; |
| 98 | 87 |
| 99 HashValue sha1(HASH_VALUE_SHA1); | 88 HashValue sha1(HASH_VALUE_SHA1); |
| 100 base::SHA1HashBytes(reinterpret_cast<const uint8_t*>(spki_bytes.data()), | 89 base::SHA1HashBytes(reinterpret_cast<const uint8_t*>(spki_bytes.data()), |
| 101 spki_bytes.size(), sha1.data()); | 90 spki_bytes.size(), sha1.data()); |
| 102 verify_result->public_key_hashes.push_back(sha1); | 91 verify_result->public_key_hashes.push_back(sha1); |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 165 NOTREACHED(); | 154 NOTREACHED(); |
| 166 return ERR_FAILED; | 155 return ERR_FAILED; |
| 167 } | 156 } |
| 168 if (IsCertStatusError(verify_result->cert_status)) | 157 if (IsCertStatusError(verify_result->cert_status)) |
| 169 return MapCertStatusToNetError(verify_result->cert_status); | 158 return MapCertStatusToNetError(verify_result->cert_status); |
| 170 | 159 |
| 171 return OK; | 160 return OK; |
| 172 } | 161 } |
| 173 | 162 |
| 174 } // namespace net | 163 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2627523002:
Refactor the assignment of CertVerifyResult::has_md2, etc. (Closed)
