Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(32)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: ios/web/net/crw_cert_verification_controller.mm

Issue 2864133002: Convert iOS to use X509CertificateBytes. (Closed)
Patch Set: static_cast, more unittest Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/ui/certificate_viewer_mac.mm ('k') | ios/web/net/crw_cert_verification_controller_unittest.mm » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #import "ios/web/net/crw_cert_verification_controller.h" 5 #import "ios/web/net/crw_cert_verification_controller.h"
6 6
7 #include <memory> 7 #include <memory>
8 8
9 #import "base/ios/block_types.h" 9 #import "base/ios/block_types.h"
10 #include "base/logging.h" 10 #include "base/logging.h"
11 #import "base/mac/bind_objc_block.h" 11 #import "base/mac/bind_objc_block.h"
12 #include "base/memory/ref_counted.h" 12 #include "base/memory/ref_counted.h"
13 #include "base/strings/sys_string_conversions.h" 13 #include "base/strings/sys_string_conversions.h"
14 #include "base/task_scheduler/post_task.h" 14 #include "base/task_scheduler/post_task.h"
15 #include "ios/web/public/browser_state.h" 15 #include "ios/web/public/browser_state.h"
16 #include "ios/web/public/certificate_policy_cache.h" 16 #include "ios/web/public/certificate_policy_cache.h"
17 #include "ios/web/public/web_thread.h" 17 #include "ios/web/public/web_thread.h"
18 #import "ios/web/web_state/wk_web_view_security_util.h" 18 #import "ios/web/web_state/wk_web_view_security_util.h"
19 #include "net/cert/cert_verify_proc_ios.h" 19 #include "net/cert/cert_verify_proc_ios.h"
20 #include "net/cert/x509_util_ios.h"
20 21
21 #if !defined(__has_feature) || !__has_feature(objc_arc) 22 #if !defined(__has_feature) || !__has_feature(objc_arc)
22 #error "This file requires ARC support." 23 #error "This file requires ARC support."
23 #endif 24 #endif
24 25
25 @interface CRWCertVerificationController () { 26 @interface CRWCertVerificationController () {
26 // Used to remember user exceptions to invalid certs. 27 // Used to remember user exceptions to invalid certs.
27 scoped_refptr<web::CertificatePolicyCache> _certPolicyCache; 28 scoped_refptr<web::CertificatePolicyCache> _certPolicyCache;
28 } 29 }
29 30
(...skipping 187 matching lines...) Expand 10 before | Expand all | Expand 10 after
217 web::GetSecurityStyleFromTrustResult(trustResult)); 218 web::GetSecurityStyleFromTrustResult(trustResult));
218 219
219 if (trustResult != kSecTrustResultRecoverableTrustFailure || 220 if (trustResult != kSecTrustResultRecoverableTrustFailure ||
220 SecTrustGetCertificateCount(trust) == 0) { 221 SecTrustGetCertificateCount(trust) == 0) {
221 // Trust result is not recoverable or leaf cert is missing. 222 // Trust result is not recoverable or leaf cert is missing.
222 return web::CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR; 223 return web::CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
223 } 224 }
224 225
225 // Check if user has decided to proceed with this bad cert. 226 // Check if user has decided to proceed with this bad cert.
226 scoped_refptr<net::X509Certificate> leafCert = 227 scoped_refptr<net::X509Certificate> leafCert =
227 net::X509Certificate::CreateFromHandle( 228 net::x509_util::CreateX509CertificateFromSecCertificate(
228 SecTrustGetCertificateAtIndex(trust, 0), 229 SecTrustGetCertificateAtIndex(trust, 0),
229 net::X509Certificate::OSCertHandles()); 230 std::vector<SecCertificateRef>());
230 if (!leafCert) 231 if (!leafCert)
231 return web::CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR; 232 return web::CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
232 233
233 web::CertPolicy::Judgment judgment = _certPolicyCache->QueryPolicy( 234 web::CertPolicy::Judgment judgment = _certPolicyCache->QueryPolicy(
234 leafCert.get(), base::SysNSStringToUTF8(host), certStatus); 235 leafCert.get(), base::SysNSStringToUTF8(host), certStatus);
235 236
236 return (judgment == web::CertPolicy::ALLOWED) 237 return (judgment == web::CertPolicy::ALLOWED)
237 ? web::CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER 238 ? web::CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER
238 : web::CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_UNDECIDED_BY_USER; 239 : web::CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_UNDECIDED_BY_USER;
239 } 240 }
240 241
241 @end 242 @end
OLDNEW
« no previous file with comments | « chrome/browser/ui/certificate_viewer_mac.mm ('k') | ios/web/net/crw_cert_verification_controller_unittest.mm » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698