net/cert/x509_certificate_mac.cc - Issue 2753143002: move X509Certificate::SupportsSSLClientAuth to client_cert_store_mac.cc

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/x509_certificate_mac.cc

Issue 2753143002: move X509Certificate::SupportsSSLClientAuth to client_cert_store_mac.cc (Closed)

Patch Set: . Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/x509_certificate_mac.cc

diff --git a/net/cert/x509_certificate_mac.cc b/net/cert/x509_certificate_mac.cc

index 3c3c8cfc94a56c4bd3b1eedab664f3ba7bb3603b..3a89f9150cface2bd2a072c66419565e3258f462 100644

--- a/net/cert/x509_certificate_mac.cc

+++ b/net/cert/x509_certificate_mac.cc

@@ -113,20 +113,6 @@ std::string GetCertSerialNumber(

serial_number.field()->Length);

}

-// Returns true if |purpose| is listed as allowed in |usage|. This

-// function also considers the "Any" purpose. If the attribute is

-// present and empty, we return false.

-bool ExtendedKeyUsageAllows(const CE_ExtendedKeyUsage* usage,

- const CSSM_OID* purpose) {

- for (unsigned p = 0; p < usage->numPurposes; ++p) {

- if (CSSMOIDEqual(&usage->purposes[p], purpose))

- return true;

- if (CSSMOIDEqual(&usage->purposes[p], &CSSMOID_ExtendedKeyUsageAny))

- return true;

- }

- return false;

// Test that a given |cert_handle| is actually a valid X.509 certificate, and

// return true if it is.

@@ -398,42 +384,6 @@ SHA256HashValue X509Certificate::CalculateCAFingerprint256(

return sha256;

}

-bool X509Certificate::SupportsSSLClientAuth() const {

- x509_util::CSSMCachedCertificate cached_cert;

- OSStatus status = cached_cert.Init(cert_handle_);

- if (status)

- return false;

- // RFC5280 says to take the intersection of the two extensions.

- //

- // Our underlying crypto libraries don't expose

- // ClientCertificateType, so for now we will not support fixed

- // Diffie-Hellman mechanisms. For rsa_sign, we need the

- // digitalSignature bit.

- //

- // In particular, if a key has the nonRepudiation bit and not the

- // digitalSignature one, we will not offer it to the user.

- x509_util::CSSMFieldValue key_usage;

- status = cached_cert.GetField(&CSSMOID_KeyUsage, &key_usage);

- if (status == CSSM_OK && key_usage.field()) {

- const CSSM_X509_EXTENSION* ext = key_usage.GetAs<CSSM_X509_EXTENSION>();

- const CE_KeyUsage* key_usage_value =

- reinterpret_cast<const CE_KeyUsage*>(ext->value.parsedValue);

- if (!((*key_usage_value) & CE_KU_DigitalSignature))

- return false;

- }

- status = cached_cert.GetField(&CSSMOID_ExtendedKeyUsage, &key_usage);

- if (status == CSSM_OK && key_usage.field()) {

- const CSSM_X509_EXTENSION* ext = key_usage.GetAs<CSSM_X509_EXTENSION>();

- const CE_ExtendedKeyUsage* ext_key_usage =

- reinterpret_cast<const CE_ExtendedKeyUsage*>(ext->value.parsedValue);

- if (!ExtendedKeyUsageAllows(ext_key_usage, &CSSMOID_ClientAuth))

- return false;

- }

- return true;

CFMutableArrayRef X509Certificate::CreateOSCertChainForCert() const {

CFMutableArrayRef cert_list =

CFArrayCreateMutable(kCFAllocatorDefault, 0,

« no previous file with comments | « net/cert/x509_certificate_ios.cc ('k') | net/ssl/client_cert_store_mac.cc » ('j') | no next file with comments »