ios/web/web_state/wk_web_view_security_util.mm - Issue 2916473002: [ObjC ARC] Converts ios/web:web to ARC.

Side by Side Diff: ios/web/web_state/wk_web_view_security_util.mm

Issue 2916473002: [ObjC ARC] Converts ios/web:web to ARC. (Closed)

Patch Set: Adoption of NS_VALID_UNTIL_END_OF_SCOPE Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« ios/web/web_state/ui/wk_web_view_configuration_provider.h ('K') | « ios/web/web_state/web_view_internal_creation_util.mm ('k') | ios/web/webui/web_ui_mojo_inttest.mm » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #import "ios/web/web_state/wk_web_view_security_util.h"	5 #import "ios/web/web_state/wk_web_view_security_util.h"

6	6

7 #include "base/mac/scoped_cftyperef.h"	7 #include "base/mac/scoped_cftyperef.h"

8 #include "base/strings/sys_string_conversions.h"	8 #include "base/strings/sys_string_conversions.h"

9 #include "net/cert/x509_certificate.h"	9 #include "net/cert/x509_certificate.h"

10 #include "net/cert/x509_util_ios.h"	10 #include "net/cert/x509_util_ios.h"

11 #include "net/ssl/ssl_info.h"	11 #include "net/ssl/ssl_info.h"

12	12

	13 #if !defined(__has_feature) \|\| !__has_feature(objc_arc)

	14 #error "This file requires ARC support."

	15 #endif

	16

13 namespace web {	17 namespace web {

14	18

15 // These keys were determined by inspecting userInfo dict of an SSL error.	19 // These keys were determined by inspecting userInfo dict of an SSL error.

16 NSString* const kNSErrorPeerCertificateChainKey =	20 NSString* const kNSErrorPeerCertificateChainKey =

17 @"NSErrorPeerCertificateChainKey";	21 @"NSErrorPeerCertificateChainKey";

18 NSString* const kNSErrorFailingURLKey = @"NSErrorFailingURLKey";	22 NSString* const kNSErrorFailingURLKey = @"NSErrorFailingURLKey";

19 }	23 }

20	24

21 namespace {	25 namespace {

22	26

(...skipping 20 matching lines...) Expand all Loading...
43 } // namespace	47 } // namespace

44	48

45	49

46 namespace web {	50 namespace web {

47	51

48 scoped_refptr<net::X509Certificate> CreateCertFromChain(NSArray* certs) {	52 scoped_refptr<net::X509Certificate> CreateCertFromChain(NSArray* certs) {

49 if (certs.count == 0)	53 if (certs.count == 0)

50 return nullptr;	54 return nullptr;

51 std::vector<SecCertificateRef> intermediates;	55 std::vector<SecCertificateRef> intermediates;

52 for (NSUInteger i = 1; i < certs.count; i++) {	56 for (NSUInteger i = 1; i < certs.count; i++) {

53 intermediates.push_back(reinterpret_cast<SecCertificateRef>(certs[i]));	57 SecCertificateRef cert = (__bridge SecCertificateRef)certs[i];

	58 intermediates.push_back(cert);

54 }	59 }

	60 SecCertificateRef initialCert = (__bridge SecCertificateRef)certs[0];
	Eugene But (OOO till 7-30) 2017/06/02 23:18:38 s/initialCert/root_cert s/initialCert/root_cert PL 2017/06/05 23:26:18 Done! Show quoted text On 2017/06/02 23:18:38, Eugene But wrote: > s/initialCert/root_cert Done!
55 return net::x509_util::CreateX509CertificateFromSecCertificate(	61 return net::x509_util::CreateX509CertificateFromSecCertificate(

56 reinterpret_cast<SecCertificateRef>(certs[0]), intermediates);	62 reinterpret_cast<SecCertificateRef>(initialCert), intermediates);

57 }	63 }

58	64

59 scoped_refptr<net::X509Certificate> CreateCertFromTrust(SecTrustRef trust) {	65 scoped_refptr<net::X509Certificate> CreateCertFromTrust(SecTrustRef trust) {

60 if (!trust)	66 if (!trust)

61 return nullptr;	67 return nullptr;

62	68

63 CFIndex cert_count = SecTrustGetCertificateCount(trust);	69 CFIndex cert_count = SecTrustGetCertificateCount(trust);

64 if (cert_count == 0) {	70 if (cert_count == 0) {

65 // At the moment there is no API which allows trust creation w/o certs.	71 // At the moment there is no API which allows trust creation w/o certs.

66 return nullptr;	72 return nullptr;

67 }	73 }

68	74

69 std::vector<SecCertificateRef> intermediates;	75 std::vector<SecCertificateRef> intermediates;

70 for (CFIndex i = 1; i < cert_count; i++) {	76 for (CFIndex i = 1; i < cert_count; i++) {

71 intermediates.push_back(SecTrustGetCertificateAtIndex(trust, i));	77 intermediates.push_back(SecTrustGetCertificateAtIndex(trust, i));

72 }	78 }

73 return net::x509_util::CreateX509CertificateFromSecCertificate(	79 return net::x509_util::CreateX509CertificateFromSecCertificate(

74 SecTrustGetCertificateAtIndex(trust, 0), intermediates);	80 SecTrustGetCertificateAtIndex(trust, 0), intermediates);

75 }	81 }

76	82

77 base::ScopedCFTypeRef<SecTrustRef> CreateServerTrustFromChain(NSArray* certs,	83 base::ScopedCFTypeRef<SecTrustRef> CreateServerTrustFromChain(NSArray* certs,

78 NSString* host) {	84 NSString* host) {

79 base::ScopedCFTypeRef<SecTrustRef> scoped_result;	85 base::ScopedCFTypeRef<SecTrustRef> scoped_result;

80 if (certs.count == 0)	86 if (certs.count == 0)

81 return scoped_result;	87 return scoped_result;

82	88

83 base::ScopedCFTypeRef<SecPolicyRef> policy(	89 base::ScopedCFTypeRef<SecPolicyRef> policy(

84 SecPolicyCreateSSL(TRUE, static_cast<CFStringRef>(host)));	90 SecPolicyCreateSSL(TRUE, static_cast<CFStringRef>(host)));

85 SecTrustRef ref_result = nullptr;	91 SecTrustRef ref_result = nullptr;

86 if (SecTrustCreateWithCertificates(certs, policy, &ref_result) ==	92 CFArrayRef certificatesArray = (__bridge CFArrayRef)certs;
	Eugene But (OOO till 7-30) 2017/06/02 23:18:38 Do you want to drop this local variable? It's hard Do you want to drop this local variable? It's hard to name it. But if you choose to keep it then s/certificatesArray/certificates_array PL 2017/06/05 23:26:18 Done! Thanks! Show quoted text On 2017/06/02 23:18:38, Eugene But wrote: > Do you want to drop this local variable? It's hard to name it. But if you choose > to keep it then s/certificatesArray/certificates_array Done! Thanks!
	93 if (SecTrustCreateWithCertificates(certificatesArray, policy, &ref_result) ==

87 errSecSuccess) {	94 errSecSuccess) {

88 scoped_result.reset(ref_result);	95 scoped_result.reset(ref_result);

89 }	96 }

90 return scoped_result;	97 return scoped_result;

91 }	98 }

92	99

93 void EnsureFutureTrustEvaluationSucceeds(SecTrustRef trust) {	100 void EnsureFutureTrustEvaluationSucceeds(SecTrustRef trust) {

94 base::ScopedCFTypeRef<CFDataRef> exceptions(SecTrustCopyExceptions(trust));	101 base::ScopedCFTypeRef<CFDataRef> exceptions(SecTrustCopyExceptions(trust));

95 SecTrustSetExceptions(trust, exceptions);	102 SecTrustSetExceptions(trust, exceptions);

96 }	103 }

(...skipping 48 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
145 // kSecTrustResultConfirm was deprecated in iOS7, but leads to a compile	152 // kSecTrustResultConfirm was deprecated in iOS7, but leads to a compile

146 // error if used with newer SDKs. Remove the default clause once this	153 // error if used with newer SDKs. Remove the default clause once this

147 // switch statement successfully compiles without kSecTrustResultConfirm.	154 // switch statement successfully compiles without kSecTrustResultConfirm.

148 default:	155 default:

149 NOTREACHED();	156 NOTREACHED();

150 return SECURITY_STYLE_UNKNOWN;	157 return SECURITY_STYLE_UNKNOWN;

151 }	158 }

152 }	159 }

153	160

154 } // namespace web	161 } // namespace web

OLD	NEW