Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(285)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/client_cert_store_mac.cc

Issue 2760723002: Check X509Certificate::CreateFromHandle result. (Closed)
Patch Set: 2nd round of updates Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/cert_verify_proc_mac.cc ('K') | « net/cert/x509_certificate.cc ('k') | net/ssl/client_cert_store_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/client_cert_store_mac.h" 5 #include "net/ssl/client_cert_store_mac.h"
6 6
7 #include <CommonCrypto/CommonDigest.h> 7 #include <CommonCrypto/CommonDigest.h>
8 #include <CoreFoundation/CFArray.h> 8 #include <CoreFoundation/CFArray.h>
9 #include <CoreServices/CoreServices.h> 9 #include <CoreServices/CoreServices.h>
10 #include <Security/SecBase.h> 10 #include <Security/SecBase.h>
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after
107 i < chain_count; ++i) { 107 i < chain_count; ++i) {
108 SecCertificateRef cert = reinterpret_cast<SecCertificateRef>( 108 SecCertificateRef cert = reinterpret_cast<SecCertificateRef>(
109 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i))); 109 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i)));
110 intermediates.push_back(cert); 110 intermediates.push_back(cert);
111 } 111 }
112 112
113 scoped_refptr<X509Certificate> new_cert(X509Certificate::CreateFromHandle( 113 scoped_refptr<X509Certificate> new_cert(X509Certificate::CreateFromHandle(
114 cert_handle, intermediates)); 114 cert_handle, intermediates));
115 CFRelease(cert_chain); // Also frees |intermediates|. 115 CFRelease(cert_chain); // Also frees |intermediates|.
116 116
117 if (!new_cert->IsIssuedByEncoded(valid_issuers)) 117 if (!new_cert || !new_cert->IsIssuedByEncoded(valid_issuers))
118 return false; 118 return false;
119 119
120 cert->swap(new_cert); 120 cert->swap(new_cert);
121 return true; 121 return true;
122 } 122 }
123 123
124 // Returns true if |purpose| is listed as allowed in |usage|. This 124 // Returns true if |purpose| is listed as allowed in |usage|. This
125 // function also considers the "Any" purpose. If the attribute is 125 // function also considers the "Any" purpose. If the attribute is
126 // present and empty, we return false. 126 // present and empty, we return false.
127 bool ExtendedKeyUsageAllows(const CE_ExtendedKeyUsage* usage, 127 bool ExtendedKeyUsageAllows(const CE_ExtendedKeyUsage* usage,
(...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after
283 283
284 SecCertificateRef cert_handle; 284 SecCertificateRef cert_handle;
285 err = SecIdentityCopyCertificate(identity, &cert_handle); 285 err = SecIdentityCopyCertificate(identity, &cert_handle);
286 if (err != noErr) 286 if (err != noErr)
287 continue; 287 continue;
288 ScopedCFTypeRef<SecCertificateRef> scoped_cert_handle(cert_handle); 288 ScopedCFTypeRef<SecCertificateRef> scoped_cert_handle(cert_handle);
289 289
290 scoped_refptr<X509Certificate> cert( 290 scoped_refptr<X509Certificate> cert(
291 X509Certificate::CreateFromHandle(cert_handle, 291 X509Certificate::CreateFromHandle(cert_handle,
292 X509Certificate::OSCertHandles())); 292 X509Certificate::OSCertHandles()));
293 if (!cert)
294 continue;
293 295
294 if (preferred_identity && CFEqual(preferred_identity, identity)) { 296 if (preferred_identity && CFEqual(preferred_identity, identity)) {
295 // Only one certificate should match. 297 // Only one certificate should match.
296 DCHECK(!preferred_cert.get()); 298 DCHECK(!preferred_cert.get());
297 preferred_cert = cert; 299 preferred_cert = cert;
298 } else { 300 } else {
299 regular_certs.push_back(cert); 301 regular_certs.push_back(cert);
300 } 302 }
301 } 303 }
302 304
(...skipping 23 matching lines...) Expand all
326 const SSLCertRequestInfo& request, 328 const SSLCertRequestInfo& request,
327 CertificateList* selected_certs) { 329 CertificateList* selected_certs) {
328 GetClientCertsImpl( 330 GetClientCertsImpl(
329 preferred_cert, regular_certs, request, false, selected_certs); 331 preferred_cert, regular_certs, request, false, selected_certs);
330 return true; 332 return true;
331 } 333 }
332 334
333 #pragma clang diagnostic pop // "-Wdeprecated-declarations" 335 #pragma clang diagnostic pop // "-Wdeprecated-declarations"
334 336
335 } // namespace net 337 } // namespace net
OLDNEW
« net/cert/cert_verify_proc_mac.cc ('K') | « net/cert/x509_certificate.cc ('k') | net/ssl/client_cert_store_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698