| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "net/cert/test_root_certs.h" | |
| 6 | |
| 7 #include <Security/Security.h> | |
| 8 | |
| 9 #include "base/logging.h" | |
| 10 #include "base/mac/mac_util.h" | |
| 11 #include "base/mac/scoped_cftyperef.h" | |
| 12 #include "net/cert/x509_certificate.h" | |
| 13 | |
| 14 namespace net { | |
| 15 | |
| 16 namespace { | |
| 17 | |
| 18 typedef OSStatus (*SecTrustSetAnchorCertificatesOnlyFuncPtr)(SecTrustRef, | |
| 19 Boolean); | |
| 20 | |
| 21 Boolean OurSecCertificateEqual(const void* value1, const void* value2) { | |
| 22 if (CFGetTypeID(value1) != SecCertificateGetTypeID() || | |
| 23 CFGetTypeID(value2) != SecCertificateGetTypeID()) | |
| 24 return CFEqual(value1, value2); | |
| 25 return X509Certificate::IsSameOSCert( | |
| 26 reinterpret_cast<SecCertificateRef>(const_cast<void*>(value1)), | |
| 27 reinterpret_cast<SecCertificateRef>(const_cast<void*>(value2))); | |
| 28 } | |
| 29 | |
| 30 const void* RetainWrapper(CFAllocatorRef unused, const void* value) { | |
| 31 return CFRetain(value); | |
| 32 } | |
| 33 | |
| 34 void ReleaseWrapper(CFAllocatorRef unused, const void* value) { | |
| 35 CFRelease(value); | |
| 36 } | |
| 37 | |
| 38 // CFEqual prior to 10.6 only performed pointer checks on SecCertificateRefs, | |
| 39 // rather than checking if they were the same (logical) certificate, so a | |
| 40 // custom structure is used for the array callbacks. | |
| 41 const CFArrayCallBacks kCertArrayCallbacks = { | |
| 42 0, // version | |
| 43 RetainWrapper, | |
| 44 ReleaseWrapper, | |
| 45 CFCopyDescription, | |
| 46 OurSecCertificateEqual, | |
| 47 }; | |
| 48 | |
| 49 } // namespace | |
| 50 | |
| 51 bool TestRootCerts::Add(X509Certificate* certificate) { | |
| 52 if (CFArrayContainsValue(temporary_roots_, | |
| 53 CFRangeMake(0, CFArrayGetCount(temporary_roots_)), | |
| 54 certificate->os_cert_handle())) | |
| 55 return true; | |
| 56 CFArrayAppendValue(temporary_roots_, certificate->os_cert_handle()); | |
| 57 return true; | |
| 58 } | |
| 59 | |
| 60 void TestRootCerts::Clear() { | |
| 61 CFArrayRemoveAllValues(temporary_roots_); | |
| 62 } | |
| 63 | |
| 64 bool TestRootCerts::IsEmpty() const { | |
| 65 return CFArrayGetCount(temporary_roots_) == 0; | |
| 66 } | |
| 67 | |
| 68 OSStatus TestRootCerts::FixupSecTrustRef(SecTrustRef trust_ref) const { | |
| 69 if (IsEmpty()) | |
| 70 return noErr; | |
| 71 | |
| 72 // Despite SecTrustSetAnchorCertificatesOnly existing in OS X 10.6, and | |
| 73 // being documented as available, it is not actually implemented. On 10.7+, | |
| 74 // however, it always works. | |
| 75 if (base::mac::IsOSLionOrLater()) { | |
| 76 OSStatus status = SecTrustSetAnchorCertificates(trust_ref, | |
| 77 temporary_roots_); | |
| 78 if (status) | |
| 79 return status; | |
| 80 return SecTrustSetAnchorCertificatesOnly(trust_ref, !allow_system_trust_); | |
| 81 } | |
| 82 | |
| 83 if (!allow_system_trust_) { | |
| 84 // Avoid any copying if system roots are not to be trusted. This acts as | |
| 85 // an exclusive list on 10.6, replacing the built-ins. | |
| 86 return SecTrustSetAnchorCertificates(trust_ref, temporary_roots_); | |
| 87 } | |
| 88 | |
| 89 // Otherwise, both system trust and temporary_roots_ must be trusted. | |
| 90 // Emulate the functionality of SecTrustSetAnchorCertificatesOnly by | |
| 91 // creating a copy of the system roots and merging with temporary_roots_. | |
| 92 CFArrayRef system_roots = NULL; | |
| 93 OSStatus status = SecTrustCopyAnchorCertificates(&system_roots); | |
| 94 if (status) | |
| 95 return status; | |
| 96 | |
| 97 base::ScopedCFTypeRef<CFArrayRef> scoped_system_roots(system_roots); | |
| 98 base::ScopedCFTypeRef<CFMutableArrayRef> scoped_roots( | |
| 99 CFArrayCreateMutableCopy(kCFAllocatorDefault, 0, scoped_system_roots)); | |
| 100 CFArrayAppendArray(scoped_roots, temporary_roots_, | |
| 101 CFRangeMake(0, CFArrayGetCount(temporary_roots_))); | |
| 102 return SecTrustSetAnchorCertificates(trust_ref, scoped_roots); | |
| 103 } | |
| 104 | |
| 105 void TestRootCerts::SetAllowSystemTrust(bool allow_system_trust) { | |
| 106 allow_system_trust_ = allow_system_trust; | |
| 107 } | |
| 108 | |
| 109 TestRootCerts::~TestRootCerts() {} | |
| 110 | |
| 111 void TestRootCerts::Init() { | |
| 112 temporary_roots_.reset(CFArrayCreateMutable(kCFAllocatorDefault, 0, | |
| 113 &kCertArrayCallbacks)); | |
| 114 allow_system_trust_ = true; | |
| 115 } | |
| 116 | |
| 117 } // namespace net | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 992733002:
Remove //net (except for Android test stuff) and sdch (Closed)
Base URL: git@github.com:domokit/mojo.git@master