OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc_android.h" | 5 #include "net/cert/cert_verify_proc_android.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
84 return false; | 84 return false; |
85 } | 85 } |
86 | 86 |
87 int CertVerifyProcAndroid::VerifyInternal( | 87 int CertVerifyProcAndroid::VerifyInternal( |
88 X509Certificate* cert, | 88 X509Certificate* cert, |
89 const std::string& hostname, | 89 const std::string& hostname, |
90 int flags, | 90 int flags, |
91 CRLSet* crl_set, | 91 CRLSet* crl_set, |
92 const CertificateList& additional_trust_anchors, | 92 const CertificateList& additional_trust_anchors, |
93 CertVerifyResult* verify_result) { | 93 CertVerifyResult* verify_result) { |
94 if (!cert->VerifyNameMatch(hostname)) | 94 if (!cert->VerifyNameMatch(hostname, |
| 95 &verify_result->common_name_fallback_used)) { |
95 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; | 96 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; |
| 97 } |
96 | 98 |
97 std::vector<std::string> cert_bytes; | 99 std::vector<std::string> cert_bytes; |
98 if (!GetChainDEREncodedBytes(cert, &cert_bytes)) | 100 if (!GetChainDEREncodedBytes(cert, &cert_bytes)) |
99 return ERR_CERT_INVALID; | 101 return ERR_CERT_INVALID; |
100 if (!VerifyFromAndroidTrustManager(cert_bytes, verify_result)) { | 102 if (!VerifyFromAndroidTrustManager(cert_bytes, verify_result)) { |
101 NOTREACHED(); | 103 NOTREACHED(); |
102 return ERR_FAILED; | 104 return ERR_FAILED; |
103 } | 105 } |
104 if (IsCertStatusError(verify_result->cert_status)) | 106 if (IsCertStatusError(verify_result->cert_status)) |
105 return MapCertStatusToNetError(verify_result->cert_status); | 107 return MapCertStatusToNetError(verify_result->cert_status); |
106 | 108 |
107 // TODO(ppi): Implement missing functionality: yielding the constructed trust | 109 // TODO(ppi): Implement missing functionality: yielding the constructed trust |
108 // chain, public key hashes of its certificates and |is_issued_by_known_root| | 110 // chain, public key hashes of its certificates and |is_issued_by_known_root| |
109 // flag. All of the above require specific support from the platform, missing | 111 // flag. All of the above require specific support from the platform, missing |
110 // in the Java APIs. See also: http://crbug.com/116838 | 112 // in the Java APIs. See also: http://crbug.com/116838 |
111 | 113 |
112 // Until the required support is available in the platform, we don't know if | 114 // Until the required support is available in the platform, we don't know if |
113 // the trust root at the end of the chain was standard or user-added, so we | 115 // the trust root at the end of the chain was standard or user-added, so we |
114 // mark all correctly verified certificates as issued by a known root. | 116 // mark all correctly verified certificates as issued by a known root. |
115 verify_result->is_issued_by_known_root = true; | 117 verify_result->is_issued_by_known_root = true; |
116 | 118 |
117 return OK; | 119 return OK; |
118 } | 120 } |
119 | 121 |
120 } // namespace net | 122 } // namespace net |
OLD | NEW |