Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(158)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: ios/web/web_state/wk_web_view_security_util.mm

Issue 2864133002: Convert iOS to use X509CertificateBytes. (Closed)
Patch Set: static_cast, more unittest Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « ios/web/web_state/ui/crw_web_controller_unittest.mm ('k') | ios/web/web_state/wk_web_view_security_util_unittest.mm » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #import "ios/web/web_state/wk_web_view_security_util.h" 5 #import "ios/web/web_state/wk_web_view_security_util.h"
6 6
7 #include "base/mac/scoped_cftyperef.h" 7 #include "base/mac/scoped_cftyperef.h"
8 #include "base/strings/sys_string_conversions.h" 8 #include "base/strings/sys_string_conversions.h"
9 #include "net/cert/x509_certificate.h" 9 #include "net/cert/x509_certificate.h"
10 #include "net/cert/x509_util_ios.h"
10 #include "net/ssl/ssl_info.h" 11 #include "net/ssl/ssl_info.h"
11 12
12 namespace web { 13 namespace web {
13 14
14 // These keys were determined by inspecting userInfo dict of an SSL error. 15 // These keys were determined by inspecting userInfo dict of an SSL error.
15 NSString* const kNSErrorPeerCertificateChainKey = 16 NSString* const kNSErrorPeerCertificateChainKey =
16 @"NSErrorPeerCertificateChainKey"; 17 @"NSErrorPeerCertificateChainKey";
17 NSString* const kNSErrorFailingURLKey = @"NSErrorFailingURLKey"; 18 NSString* const kNSErrorFailingURLKey = @"NSErrorFailingURLKey";
18 } 19 }
19 20
(...skipping 20 matching lines...) Expand all
40 } 41 }
41 42
42 } // namespace 43 } // namespace
43 44
44 45
45 namespace web { 46 namespace web {
46 47
47 scoped_refptr<net::X509Certificate> CreateCertFromChain(NSArray* certs) { 48 scoped_refptr<net::X509Certificate> CreateCertFromChain(NSArray* certs) {
48 if (certs.count == 0) 49 if (certs.count == 0)
49 return nullptr; 50 return nullptr;
50 net::X509Certificate::OSCertHandles intermediates; 51 std::vector<SecCertificateRef> intermediates;
51 for (NSUInteger i = 1; i < certs.count; i++) { 52 for (NSUInteger i = 1; i < certs.count; i++) {
52 intermediates.push_back(reinterpret_cast<SecCertificateRef>(certs[i])); 53 intermediates.push_back(reinterpret_cast<SecCertificateRef>(certs[i]));
53 } 54 }
54 return net::X509Certificate::CreateFromHandle( 55 return net::x509_util::CreateX509CertificateFromSecCertificate(
55 reinterpret_cast<SecCertificateRef>(certs[0]), intermediates); 56 reinterpret_cast<SecCertificateRef>(certs[0]), intermediates);
56 } 57 }
57 58
58 scoped_refptr<net::X509Certificate> CreateCertFromTrust(SecTrustRef trust) { 59 scoped_refptr<net::X509Certificate> CreateCertFromTrust(SecTrustRef trust) {
59 if (!trust) 60 if (!trust)
60 return nullptr; 61 return nullptr;
61 62
62 CFIndex cert_count = SecTrustGetCertificateCount(trust); 63 CFIndex cert_count = SecTrustGetCertificateCount(trust);
63 if (cert_count == 0) { 64 if (cert_count == 0) {
64 // At the moment there is no API which allows trust creation w/o certs. 65 // At the moment there is no API which allows trust creation w/o certs.
65 return nullptr; 66 return nullptr;
66 } 67 }
67 68
68 net::X509Certificate::OSCertHandles intermediates; 69 std::vector<SecCertificateRef> intermediates;
69 for (CFIndex i = 1; i < cert_count; i++) { 70 for (CFIndex i = 1; i < cert_count; i++) {
70 intermediates.push_back(SecTrustGetCertificateAtIndex(trust, i)); 71 intermediates.push_back(SecTrustGetCertificateAtIndex(trust, i));
71 } 72 }
72 return net::X509Certificate::CreateFromHandle( 73 return net::x509_util::CreateX509CertificateFromSecCertificate(
73 SecTrustGetCertificateAtIndex(trust, 0), intermediates); 74 SecTrustGetCertificateAtIndex(trust, 0), intermediates);
74 } 75 }
75 76
76 base::ScopedCFTypeRef<SecTrustRef> CreateServerTrustFromChain(NSArray* certs, 77 base::ScopedCFTypeRef<SecTrustRef> CreateServerTrustFromChain(NSArray* certs,
77 NSString* host) { 78 NSString* host) {
78 base::ScopedCFTypeRef<SecTrustRef> scoped_result; 79 base::ScopedCFTypeRef<SecTrustRef> scoped_result;
79 if (certs.count == 0) 80 if (certs.count == 0)
80 return scoped_result; 81 return scoped_result;
81 82
82 base::ScopedCFTypeRef<SecPolicyRef> policy( 83 base::ScopedCFTypeRef<SecPolicyRef> policy(
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after
144 // kSecTrustResultConfirm was deprecated in iOS7, but leads to a compile 145 // kSecTrustResultConfirm was deprecated in iOS7, but leads to a compile
145 // error if used with newer SDKs. Remove the default clause once this 146 // error if used with newer SDKs. Remove the default clause once this
146 // switch statement successfully compiles without kSecTrustResultConfirm. 147 // switch statement successfully compiles without kSecTrustResultConfirm.
147 default: 148 default:
148 NOTREACHED(); 149 NOTREACHED();
149 return SECURITY_STYLE_UNKNOWN; 150 return SECURITY_STYLE_UNKNOWN;
150 } 151 }
151 } 152 }
152 153
153 } // namespace web 154 } // namespace web
OLDNEW
« no previous file with comments | « ios/web/web_state/ui/crw_web_controller_unittest.mm ('k') | ios/web/web_state/wk_web_view_security_util_unittest.mm » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698