OLD | NEW |
1 // Copyright (c) 2017, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2017, the Dart project authors. Please see the AUTHORS file |
2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
4 | 4 |
5 #if !defined(DART_IO_DISABLED) && !defined(DART_IO_SECURE_SOCKET_DISABLED) | 5 #if !defined(DART_IO_DISABLED) && !defined(DART_IO_SECURE_SOCKET_DISABLED) |
6 | 6 |
7 #include "platform/globals.h" | 7 #include "platform/globals.h" |
8 #if defined(HOST_OS_MACOS) | 8 #if defined(HOST_OS_MACOS) |
9 | 9 |
10 #include "bin/security_context.h" | 10 #include "bin/security_context.h" |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
65 ScopedCFDataRef cert_buf( | 65 ScopedCFDataRef cert_buf( |
66 CFDataCreateWithBytesNoCopy(NULL, deb_cert, length, kCFAllocatorNull)); | 66 CFDataCreateWithBytesNoCopy(NULL, deb_cert, length, kCFAllocatorNull)); |
67 SecCertificateRef auth_cert = | 67 SecCertificateRef auth_cert = |
68 SecCertificateCreateWithData(NULL, cert_buf.get()); | 68 SecCertificateCreateWithData(NULL, cert_buf.get()); |
69 if (auth_cert == NULL) { | 69 if (auth_cert == NULL) { |
70 return NULL; | 70 return NULL; |
71 } | 71 } |
72 return auth_cert; | 72 return auth_cert; |
73 } | 73 } |
74 | 74 |
75 | |
76 static int CertificateVerificationCallback(X509_STORE_CTX* ctx, void* arg) { | 75 static int CertificateVerificationCallback(X509_STORE_CTX* ctx, void* arg) { |
77 SSLCertContext* context = static_cast<SSLCertContext*>(arg); | 76 SSLCertContext* context = static_cast<SSLCertContext*>(arg); |
78 | 77 |
79 // Convert BoringSSL formatted certificates to SecCertificate certificates. | 78 // Convert BoringSSL formatted certificates to SecCertificate certificates. |
80 ScopedCFMutableArrayRef cert_chain(NULL); | 79 ScopedCFMutableArrayRef cert_chain(NULL); |
81 X509* root_cert = NULL; | 80 X509* root_cert = NULL; |
82 if (ctx->untrusted != NULL) { | 81 if (ctx->untrusted != NULL) { |
83 STACK_OF(X509)* user_provided_certs = ctx->untrusted; | 82 STACK_OF(X509)* user_provided_certs = ctx->untrusted; |
84 int num_certs = sk_X509_num(user_provided_certs); | 83 int num_certs = sk_X509_num(user_provided_certs); |
85 int current_cert = 0; | 84 int current_cert = 0; |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
156 // Successfully verified certificate! | 155 // Successfully verified certificate! |
157 return ctx->verify_cb(1, ctx); | 156 return ctx->verify_cb(1, ctx); |
158 } | 157 } |
159 | 158 |
160 // Set current_cert to the root of the certificate chain. This will be passed | 159 // Set current_cert to the root of the certificate chain. This will be passed |
161 // to the callback provided by the user for additional verification steps. | 160 // to the callback provided by the user for additional verification steps. |
162 ctx->current_cert = root_cert; | 161 ctx->current_cert = root_cert; |
163 return ctx->verify_cb(0, ctx); | 162 return ctx->verify_cb(0, ctx); |
164 } | 163 } |
165 | 164 |
166 | |
167 void SSLCertContext::RegisterCallbacks(SSL* ssl) { | 165 void SSLCertContext::RegisterCallbacks(SSL* ssl) { |
168 SSL_CTX* ctx = SSL_get_SSL_CTX(ssl); | 166 SSL_CTX* ctx = SSL_get_SSL_CTX(ssl); |
169 SSL_CTX_set_cert_verify_callback(ctx, CertificateVerificationCallback, this); | 167 SSL_CTX_set_cert_verify_callback(ctx, CertificateVerificationCallback, this); |
170 } | 168 } |
171 | 169 |
172 | |
173 void SSLCertContext::TrustBuiltinRoots() { | 170 void SSLCertContext::TrustBuiltinRoots() { |
174 // First, try to use locations specified on the command line. | 171 // First, try to use locations specified on the command line. |
175 if (commandline_root_certs_file != NULL) { | 172 if (commandline_root_certs_file != NULL) { |
176 LoadRootCertFile(commandline_root_certs_file); | 173 LoadRootCertFile(commandline_root_certs_file); |
177 return; | 174 return; |
178 } | 175 } |
179 if (commandline_root_certs_cache != NULL) { | 176 if (commandline_root_certs_cache != NULL) { |
180 LoadRootCertCache(commandline_root_certs_cache); | 177 LoadRootCertCache(commandline_root_certs_cache); |
181 return; | 178 return; |
182 } | 179 } |
183 set_trust_builtin(true); | 180 set_trust_builtin(true); |
184 } | 181 } |
185 | 182 |
186 } // namespace bin | 183 } // namespace bin |
187 } // namespace dart | 184 } // namespace dart |
188 | 185 |
189 #endif // defined(HOST_OS_MACOS) | 186 #endif // defined(HOST_OS_MACOS) |
190 #endif // !defined(DART_IO_DISABLED) && | 187 #endif // !defined(DART_IO_DISABLED) && |
191 // !defined(DART_IO_SECURE_SOCKET_DISABLED) | 188 // !defined(DART_IO_SECURE_SOCKET_DISABLED) |
OLD | NEW |