Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1775)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_mac.cc

Issue 2803513003: Remove ParsedCertificate::unparsed_extensions(). (Closed)
Patch Set: remove unused Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/cast_certificate/cast_cert_validator.cc ('k') | net/cert/internal/parsed_certificate.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc_mac.h" 5 #include "net/cert/cert_verify_proc_mac.h"
6 6
7 #include <CommonCrypto/CommonDigest.h> 7 #include <CommonCrypto/CommonDigest.h>
8 #include <CoreServices/CoreServices.h> 8 #include <CoreServices/CoreServices.h>
9 #include <Security/Security.h> 9 #include <Security/Security.h>
10 10
(...skipping 260 matching lines...) Expand 10 before | Expand all | Expand 10 after
271 leaf_uses_weak_hash = true; 271 leaf_uses_weak_hash = true;
272 } else { 272 } else {
273 intermediates_contain_weak_hash = true; 273 intermediates_contain_weak_hash = true;
274 } 274 }
275 } 275 }
276 } 276 }
277 277
278 return !leaf_uses_weak_hash && intermediates_contain_weak_hash; 278 return !leaf_uses_weak_hash && intermediates_contain_weak_hash;
279 } 279 }
280 280
281 using ExtensionsMap = std::map<net::der::Input, net::ParsedExtension>;
282
283 // Helper that looks up an extension by OID given a map of extensions.
284 bool GetExtensionValue(const ExtensionsMap& extensions,
285 const net::der::Input& oid,
286 net::der::Input* value) {
287 auto it = extensions.find(oid);
288 if (it == extensions.end())
289 return false;
290 *value = it->second.value;
291 return true;
292 }
293
294 // Checks if |*cert| has a Certificate Policies extension containing either 281 // Checks if |*cert| has a Certificate Policies extension containing either
295 // of |ev_policy_oid| or anyPolicy. 282 // of |ev_policy_oid| or anyPolicy.
296 bool HasPolicyOrAnyPolicy(const ParsedCertificate* cert, 283 bool HasPolicyOrAnyPolicy(const ParsedCertificate* cert,
297 const der::Input& ev_policy_oid) { 284 const der::Input& ev_policy_oid) {
298 der::Input extension_value; 285 if (!cert->has_policy_oids())
299 if (!GetExtensionValue(cert->unparsed_extensions(), CertificatePoliciesOid(),
300 &extension_value)) {
301 return false;
302 }
303
304 std::vector<der::Input> policies;
305 if (!ParseCertificatePoliciesExtension(extension_value, &policies))
306 return false; 286 return false;
307 287
308 for (const der::Input& policy_oid : policies) { 288 for (const der::Input& policy_oid : cert->policy_oids()) {
309 if (policy_oid == ev_policy_oid || policy_oid == AnyPolicy()) 289 if (policy_oid == ev_policy_oid || policy_oid == AnyPolicy())
310 return true; 290 return true;
311 } 291 }
312 return false; 292 return false;
313 } 293 }
314 294
315 // Looks for known EV policy OIDs in |cert_input|, if one is found it will be 295 // Looks for known EV policy OIDs in |cert_input|, if one is found it will be
316 // stored in |*ev_policy_oid| as a DER-encoded OID value (no tag or length). 296 // stored in |*ev_policy_oid| as a DER-encoded OID value (no tag or length).
317 void GetCandidateEVPolicy(const X509Certificate* cert_input, 297 void GetCandidateEVPolicy(const X509Certificate* cert_input,
318 std::string* ev_policy_oid) { 298 std::string* ev_policy_oid) {
319 ev_policy_oid->clear(); 299 ev_policy_oid->clear();
320 300
321 std::string der_cert; 301 std::string der_cert;
322 if (!X509Certificate::GetDEREncoded(cert_input->os_cert_handle(), 302 if (!X509Certificate::GetDEREncoded(cert_input->os_cert_handle(),
323 &der_cert)) { 303 &der_cert)) {
324 return; 304 return;
325 } 305 }
326 306
327 scoped_refptr<ParsedCertificate> cert(ParsedCertificate::Create( 307 scoped_refptr<ParsedCertificate> cert(ParsedCertificate::Create(
328 x509_util::CreateCryptoBuffer(der_cert), {}, nullptr)); 308 x509_util::CreateCryptoBuffer(der_cert), {}, nullptr));
329 if (!cert) 309 if (!cert)
330 return; 310 return;
331 311
332 der::Input extension_value; 312 if (!cert->has_policy_oids())
333 if (!GetExtensionValue(cert->unparsed_extensions(), CertificatePoliciesOid(),
334 &extension_value)) {
335 return;
336 }
337
338 std::vector<der::Input> policies;
339 if (!ParseCertificatePoliciesExtension(extension_value, &policies))
340 return; 313 return;
341 314
342 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance(); 315 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance();
343 for (const der::Input& policy_oid : policies) { 316 for (const der::Input& policy_oid : cert->policy_oids()) {
344 if (metadata->IsEVPolicyOID(policy_oid)) { 317 if (metadata->IsEVPolicyOID(policy_oid)) {
345 *ev_policy_oid = policy_oid.AsString(); 318 *ev_policy_oid = policy_oid.AsString();
346 319
347 // De-prioritize the CA/Browser forum Extended Validation policy 320 // De-prioritize the CA/Browser forum Extended Validation policy
348 // (2.23.140.1.1). See crbug.com/705285. 321 // (2.23.140.1.1). See crbug.com/705285.
349 if (!EVRootCAMetadata::IsCaBrowserForumEvOid(policy_oid)) 322 if (!EVRootCAMetadata::IsCaBrowserForumEvOid(policy_oid))
350 break; 323 break;
351 } 324 }
352 } 325 }
353 } 326 }
(...skipping 751 matching lines...) Expand 10 before | Expand all | Expand 10 after
1105 // EV cert and it was covered by CRLSets or revocation checking passed. 1078 // EV cert and it was covered by CRLSets or revocation checking passed.
1106 verify_result->cert_status |= CERT_STATUS_IS_EV; 1079 verify_result->cert_status |= CERT_STATUS_IS_EV;
1107 } 1080 }
1108 1081
1109 return OK; 1082 return OK;
1110 } 1083 }
1111 1084
1112 } // namespace net 1085 } // namespace net
1113 1086
1114 #pragma clang diagnostic pop // "-Wdeprecated-declarations" 1087 #pragma clang diagnostic pop // "-Wdeprecated-declarations"
OLDNEW
« no previous file with comments | « components/cast_certificate/cast_cert_validator.cc ('k') | net/cert/internal/parsed_certificate.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698