Chromium Code Reviews Chromium Code Reviews
Issue 2760723002:
Check X509Certificate::CreateFromHandle result. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc_mac.h" | 5 #include "net/cert/cert_verify_proc_mac.h" |
| 6 | 6 |
| 7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
| 8 #include <CoreServices/CoreServices.h> | 8 #include <CoreServices/CoreServices.h> |
| 9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
| 10 | 10 |
| (...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 190 SecCertificateRef chain_cert = reinterpret_cast<SecCertificateRef>( | 190 SecCertificateRef chain_cert = reinterpret_cast<SecCertificateRef>( |
| 191 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i))); | 191 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i))); |
| 192 if (i == 0) { | 192 if (i == 0) { |
| 193 verified_cert = chain_cert; | 193 verified_cert = chain_cert; |
| 194 } else { | 194 } else { |
| 195 verified_chain.push_back(chain_cert); | 195 verified_chain.push_back(chain_cert); |
| 196 } | 196 } |
| 197 } | 197 } |
| 198 if (!verified_cert) { | 198 if (!verified_cert) { |
| 199 NOTREACHED(); | 199 NOTREACHED(); |
| 200 verify_result->cert_status |= CERT_STATUS_INVALID; | |
|
eroman
2017/03/24 22:07:23
same comment as for ios
| |
| 200 return; | 201 return; |
| 201 } | 202 } |
| 202 | 203 |
| 203 verify_result->verified_cert = | 204 scoped_refptr<X509Certificate> verified_cert_with_chain = |
| 204 X509Certificate::CreateFromHandle(verified_cert, verified_chain); | 205 X509Certificate::CreateFromHandle(verified_cert, verified_chain); |
| 206 if (verified_cert_with_chain) | |
| 207 verify_result->verified_cert = std::move(verified_cert_with_chain); | |
| 208 else | |
| 209 verify_result->cert_status |= CERT_STATUS_INVALID; | |
| 205 } | 210 } |
| 206 | 211 |
| 207 // Returns true if the certificate uses MD2, MD4, MD5, or SHA1, and false | 212 // Returns true if the certificate uses MD2, MD4, MD5, or SHA1, and false |
| 208 // otherwise. A return of false also includes the case where the signature | 213 // otherwise. A return of false also includes the case where the signature |
| 209 // algorithm couldn't be conclusively labeled as weak. | 214 // algorithm couldn't be conclusively labeled as weak. |
| 210 bool CertUsesWeakHash(X509Certificate::OSCertHandle cert_handle) { | 215 bool CertUsesWeakHash(X509Certificate::OSCertHandle cert_handle) { |
| 211 x509_util::CSSMCachedCertificate cached_cert; | 216 x509_util::CSSMCachedCertificate cached_cert; |
| 212 OSStatus status = cached_cert.Init(cert_handle); | 217 OSStatus status = cached_cert.Init(cert_handle); |
| 213 if (status) | 218 if (status) |
| 214 return false; | 219 return false; |
| (...skipping 881 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1096 // EV cert and it was covered by CRLSets or revocation checking passed. | 1101 // EV cert and it was covered by CRLSets or revocation checking passed. |
| 1097 verify_result->cert_status |= CERT_STATUS_IS_EV; | 1102 verify_result->cert_status |= CERT_STATUS_IS_EV; |
| 1098 } | 1103 } |
| 1099 | 1104 |
| 1100 return OK; | 1105 return OK; |
| 1101 } | 1106 } |
| 1102 | 1107 |
| 1103 } // namespace net | 1108 } // namespace net |
| 1104 | 1109 |
| 1105 #pragma clang diagnostic pop // "-Wdeprecated-declarations" | 1110 #pragma clang diagnostic pop // "-Wdeprecated-declarations" |
| OLD | NEW |
