Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(139)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_android.cc

Issue 266243004: Clang format slam. Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/base/mime_util_unittest.cc ('K') | « net/cert/cert_verify_proc.cc ('k') | net/cert/cert_verify_proc_mac.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc_android.h" 5 #include "net/cert/cert_verify_proc_android.h"
6 6
7 #include <string> 7 #include <string>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 14 matching lines...) Expand all
25 25
26 // Returns true if the certificate verification call was successful (regardless 26 // Returns true if the certificate verification call was successful (regardless
27 // of its result), i.e. if |verify_result| was set. Otherwise returns false. 27 // of its result), i.e. if |verify_result| was set. Otherwise returns false.
28 bool VerifyFromAndroidTrustManager(const std::vector<std::string>& cert_bytes, 28 bool VerifyFromAndroidTrustManager(const std::vector<std::string>& cert_bytes,
29 const std::string& hostname, 29 const std::string& hostname,
30 CertVerifyResult* verify_result) { 30 CertVerifyResult* verify_result) {
31 android::CertVerifyStatusAndroid status; 31 android::CertVerifyStatusAndroid status;
32 std::vector<std::string> verified_chain; 32 std::vector<std::string> verified_chain;
33 33
34 // TODO(joth): Fetch the authentication type from SSL rather than hardcode. 34 // TODO(joth): Fetch the authentication type from SSL rather than hardcode.
35 android::VerifyX509CertChain(cert_bytes, "RSA", hostname, 35 android::VerifyX509CertChain(cert_bytes,
36 &status, &verify_result->is_issued_by_known_root, 36 "RSA",
37 hostname,
38 &status,
39 &verify_result->is_issued_by_known_root,
37 &verified_chain); 40 &verified_chain);
38 switch (status) { 41 switch (status) {
39 case android::VERIFY_FAILED: 42 case android::VERIFY_FAILED:
40 return false; 43 return false;
41 case android::VERIFY_OK: 44 case android::VERIFY_OK:
42 break; 45 break;
43 case android::VERIFY_NO_TRUSTED_ROOT: 46 case android::VERIFY_NO_TRUSTED_ROOT:
44 verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID; 47 verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID;
45 break; 48 break;
46 case android::VERIFY_EXPIRED: 49 case android::VERIFY_EXPIRED:
(...skipping 25 matching lines...) Expand all
72 } 75 }
73 76
74 // Extract the public key hashes. 77 // Extract the public key hashes.
75 for (size_t i = 0; i < verified_chain.size(); i++) { 78 for (size_t i = 0; i < verified_chain.size(); i++) {
76 base::StringPiece spki_bytes; 79 base::StringPiece spki_bytes;
77 if (!asn1::ExtractSPKIFromDERCert(verified_chain[i], &spki_bytes)) 80 if (!asn1::ExtractSPKIFromDERCert(verified_chain[i], &spki_bytes))
78 continue; 81 continue;
79 82
80 HashValue sha1(HASH_VALUE_SHA1); 83 HashValue sha1(HASH_VALUE_SHA1);
81 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()), 84 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()),
82 spki_bytes.size(), sha1.data()); 85 spki_bytes.size(),
86 sha1.data());
83 verify_result->public_key_hashes.push_back(sha1); 87 verify_result->public_key_hashes.push_back(sha1);
84 88
85 HashValue sha256(HASH_VALUE_SHA256); 89 HashValue sha256(HASH_VALUE_SHA256);
86 crypto::SHA256HashString(spki_bytes, sha256.data(), crypto::kSHA256Length); 90 crypto::SHA256HashString(spki_bytes, sha256.data(), crypto::kSHA256Length);
87 verify_result->public_key_hashes.push_back(sha256); 91 verify_result->public_key_hashes.push_back(sha256);
88 } 92 }
89 93
90 return true; 94 return true;
91 } 95 }
92 96
93 bool GetChainDEREncodedBytes(X509Certificate* cert, 97 bool GetChainDEREncodedBytes(X509Certificate* cert,
94 std::vector<std::string>* chain_bytes) { 98 std::vector<std::string>* chain_bytes) {
95 X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle(); 99 X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle();
96 X509Certificate::OSCertHandles cert_handles = 100 X509Certificate::OSCertHandles cert_handles =
97 cert->GetIntermediateCertificates(); 101 cert->GetIntermediateCertificates();
98 102
99 // Make sure the peer's own cert is the first in the chain, if it's not 103 // Make sure the peer's own cert is the first in the chain, if it's not
100 // already there. 104 // already there.
101 if (cert_handles.empty() || cert_handles[0] != cert_handle) 105 if (cert_handles.empty() || cert_handles[0] != cert_handle)
102 cert_handles.insert(cert_handles.begin(), cert_handle); 106 cert_handles.insert(cert_handles.begin(), cert_handle);
103 107
104 chain_bytes->reserve(cert_handles.size()); 108 chain_bytes->reserve(cert_handles.size());
105 for (X509Certificate::OSCertHandles::const_iterator it = 109 for (X509Certificate::OSCertHandles::const_iterator it = cert_handles.begin();
106 cert_handles.begin(); it != cert_handles.end(); ++it) { 110 it != cert_handles.end();
111 ++it) {
107 std::string cert_bytes; 112 std::string cert_bytes;
108 if(!X509Certificate::GetDEREncoded(*it, &cert_bytes)) 113 if (!X509Certificate::GetDEREncoded(*it, &cert_bytes))
109 return false; 114 return false;
110 chain_bytes->push_back(cert_bytes); 115 chain_bytes->push_back(cert_bytes);
111 } 116 }
112 return true; 117 return true;
113 } 118 }
114 119
115 } // namespace 120 } // namespace
116 121
117 CertVerifyProcAndroid::CertVerifyProcAndroid() {} 122 CertVerifyProcAndroid::CertVerifyProcAndroid() {
123 }
118 124
119 CertVerifyProcAndroid::~CertVerifyProcAndroid() {} 125 CertVerifyProcAndroid::~CertVerifyProcAndroid() {
126 }
120 127
121 bool CertVerifyProcAndroid::SupportsAdditionalTrustAnchors() const { 128 bool CertVerifyProcAndroid::SupportsAdditionalTrustAnchors() const {
122 return false; 129 return false;
123 } 130 }
124 131
125 int CertVerifyProcAndroid::VerifyInternal( 132 int CertVerifyProcAndroid::VerifyInternal(
126 X509Certificate* cert, 133 X509Certificate* cert,
127 const std::string& hostname, 134 const std::string& hostname,
128 int flags, 135 int flags,
129 CRLSet* crl_set, 136 CRLSet* crl_set,
(...skipping 11 matching lines...) Expand all
141 NOTREACHED(); 148 NOTREACHED();
142 return ERR_FAILED; 149 return ERR_FAILED;
143 } 150 }
144 if (IsCertStatusError(verify_result->cert_status)) 151 if (IsCertStatusError(verify_result->cert_status))
145 return MapCertStatusToNetError(verify_result->cert_status); 152 return MapCertStatusToNetError(verify_result->cert_status);
146 153
147 return OK; 154 return OK;
148 } 155 }
149 156
150 } // namespace net 157 } // namespace net
OLDNEW
« net/base/mime_util_unittest.cc ('K') | « net/cert/cert_verify_proc.cc ('k') | net/cert/cert_verify_proc_mac.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698