Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(8)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_mac.cc

Issue 2944008: Refactor X509Certificate caching to cache the OS handle, rather than the X509Certificate (Closed)
Patch Set: Rebase before commit Created 9 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/base/x509_certificate.cc ('k') | net/base/x509_certificate_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #include <CommonCrypto/CommonDigest.h> 7 #include <CommonCrypto/CommonDigest.h>
8 #include <CoreServices/CoreServices.h> 8 #include <CoreServices/CoreServices.h>
9 #include <Security/Security.h> 9 #include <Security/Security.h>
10 #include <time.h> 10 #include <time.h>
(...skipping 724 matching lines...) Expand 10 before | Expand all | Expand 10 after
735 SecCertificateRef certificate_ref = NULL; 735 SecCertificateRef certificate_ref = NULL;
736 OSStatus os_status = 736 OSStatus os_status =
737 SecCertificateCreateFromData(&encCert->CertBlob, encCert->CertType, 737 SecCertificateCreateFromData(&encCert->CertBlob, encCert->CertType,
738 encCert->CertEncoding, &certificate_ref); 738 encCert->CertEncoding, &certificate_ref);
739 if (os_status != 0) { 739 if (os_status != 0) {
740 DLOG(ERROR) << "SecCertificateCreateFromData failed: " << os_status; 740 DLOG(ERROR) << "SecCertificateCreateFromData failed: " << os_status;
741 return NULL; 741 return NULL;
742 } 742 }
743 scoped_cert.reset(certificate_ref); 743 scoped_cert.reset(certificate_ref);
744 744
745 return CreateFromHandle( 745 return CreateFromHandle(scoped_cert, X509Certificate::OSCertHandles());
746 scoped_cert, X509Certificate::SOURCE_LONE_CERT_IMPORT,
747 X509Certificate::OSCertHandles());
748 } 746 }
749 747
750 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { 748 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const {
751 dns_names->clear(); 749 dns_names->clear();
752 750
753 GetCertGeneralNamesForOID(cert_handle_, CSSMOID_SubjectAltName, GNT_DNSName, 751 GetCertGeneralNamesForOID(cert_handle_, CSSMOID_SubjectAltName, GNT_DNSName,
754 dns_names); 752 dns_names);
755 753
756 if (dns_names->empty()) 754 if (dns_names->empty())
757 dns_names->push_back(subject_.common_name); 755 dns_names->push_back(subject_.common_name);
(...skipping 383 matching lines...) Expand 10 before | Expand all | Expand 10 after
1141 if (result) 1139 if (result)
1142 return false; 1140 return false;
1143 ScopedCFTypeRef<CFArrayRef> scoped_cert_chain(cert_chain); 1141 ScopedCFTypeRef<CFArrayRef> scoped_cert_chain(cert_chain);
1144 1142
1145 // Check all the certs in the chain for a match. 1143 // Check all the certs in the chain for a match.
1146 int n = CFArrayGetCount(cert_chain); 1144 int n = CFArrayGetCount(cert_chain);
1147 for (int i = 0; i < n; ++i) { 1145 for (int i = 0; i < n; ++i) {
1148 SecCertificateRef cert_handle = reinterpret_cast<SecCertificateRef>( 1146 SecCertificateRef cert_handle = reinterpret_cast<SecCertificateRef>(
1149 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i))); 1147 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i)));
1150 scoped_refptr<X509Certificate> cert(X509Certificate::CreateFromHandle( 1148 scoped_refptr<X509Certificate> cert(X509Certificate::CreateFromHandle(
1151 cert_handle, 1149 cert_handle, X509Certificate::OSCertHandles()));
1152 X509Certificate::SOURCE_LONE_CERT_IMPORT,
1153 X509Certificate::OSCertHandles()));
1154 for (unsigned j = 0; j < valid_issuers.size(); j++) { 1150 for (unsigned j = 0; j < valid_issuers.size(); j++) {
1155 if (cert->issuer().Matches(valid_issuers[j])) 1151 if (cert->issuer().Matches(valid_issuers[j]))
1156 return true; 1152 return true;
1157 } 1153 }
1158 } 1154 }
1159 return false; 1155 return false;
1160 } 1156 }
1161 1157
1162 // static 1158 // static
1163 OSStatus X509Certificate::CreateSSLClientPolicy(SecPolicyRef* policy) { 1159 OSStatus X509Certificate::CreateSSLClientPolicy(SecPolicyRef* policy) {
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after
1283 break; 1279 break;
1284 ScopedCFTypeRef<SecIdentityRef> scoped_identity(identity); 1280 ScopedCFTypeRef<SecIdentityRef> scoped_identity(identity);
1285 1281
1286 SecCertificateRef cert_handle; 1282 SecCertificateRef cert_handle;
1287 err = SecIdentityCopyCertificate(identity, &cert_handle); 1283 err = SecIdentityCopyCertificate(identity, &cert_handle);
1288 if (err != noErr) 1284 if (err != noErr)
1289 continue; 1285 continue;
1290 ScopedCFTypeRef<SecCertificateRef> scoped_cert_handle(cert_handle); 1286 ScopedCFTypeRef<SecCertificateRef> scoped_cert_handle(cert_handle);
1291 1287
1292 scoped_refptr<X509Certificate> cert( 1288 scoped_refptr<X509Certificate> cert(
1293 CreateFromHandle(cert_handle, SOURCE_LONE_CERT_IMPORT, 1289 CreateFromHandle(cert_handle, OSCertHandles()));
1294 OSCertHandles()));
1295 if (cert->HasExpired() || !cert->SupportsSSLClientAuth()) 1290 if (cert->HasExpired() || !cert->SupportsSSLClientAuth())
1296 continue; 1291 continue;
1297 1292
1298 // Skip duplicates (a cert may be in multiple keychains). 1293 // Skip duplicates (a cert may be in multiple keychains).
1299 const SHA1Fingerprint& fingerprint = cert->fingerprint(); 1294 const SHA1Fingerprint& fingerprint = cert->fingerprint();
1300 unsigned i; 1295 unsigned i;
1301 for (i = 0; i < certs->size(); ++i) { 1296 for (i = 0; i < certs->size(); ++i) {
1302 if ((*certs)[i]->fingerprint().Equals(fingerprint)) 1297 if ((*certs)[i]->fingerprint().Equals(fingerprint))
1303 break; 1298 break;
1304 } 1299 }
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after
1383 CSSM_DATA cert_data; 1378 CSSM_DATA cert_data;
1384 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); 1379 OSStatus status = SecCertificateGetData(cert_handle, &cert_data);
1385 if (status) 1380 if (status)
1386 return false; 1381 return false;
1387 1382
1388 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), 1383 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data),
1389 cert_data.Length); 1384 cert_data.Length);
1390 } 1385 }
1391 1386
1392 } // namespace net 1387 } // namespace net
OLDNEW
« no previous file with comments | « net/base/x509_certificate.cc ('k') | net/base/x509_certificate_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698