Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(453)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/base/x509_util_ios.cc

Issue 10983023: Port certificate verification to iOS. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Review comments Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/base/x509_util_ios.h ('k') | net/net.gyp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/base/x509_util_ios.cc
diff --git a/net/base/x509_util_ios.cc b/net/base/x509_util_ios.cc
index a5be412ae17c54653ab6041fbb48d08195def1cf..f14ee10abe7e771fffe8b4c6ee8b25e6d8b051f1 100644
--- a/net/base/x509_util_ios.cc
+++ b/net/base/x509_util_ios.cc
@@ -5,6 +5,7 @@
#include "net/base/x509_util_ios.h"
#include <cert.h>
+#include <CommonCrypto/CommonDigest.h>
#include <nss.h>
#include <prtypes.h>
@@ -58,6 +59,44 @@ SecCertificateRef CreateOSCertHandleFromNSSHandle(
nss_cert_handle->derCert.len);
}
+X509Certificate* CreateCertFromNSSHandles(
+ CERTCertificate* cert_handle,
+ const std::vector<CERTCertificate*>& intermediates) {
+ ScopedCFTypeRef<SecCertificateRef> os_server_cert(
+ CreateOSCertHandleFromNSSHandle(cert_handle));
+ if (!os_server_cert)
+ return NULL;
+ std::vector<SecCertificateRef> os_intermediates;
+ for (size_t i = 0; i < intermediates.size(); ++i) {
+ SecCertificateRef intermediate =
+ CreateOSCertHandleFromNSSHandle(intermediates[i]);
+ if (!intermediate)
+ break;
+ os_intermediates.push_back(intermediate);
+ }
+
+ X509Certificate* cert = NULL;
+ if (intermediates.size() == os_intermediates.size()) {
+ cert = X509Certificate::CreateFromHandle(os_server_cert,
+ os_intermediates);
+ }
+
+ for (size_t i = 0; i < os_intermediates.size(); ++i)
+ CFRelease(os_intermediates[i]);
+ return cert;
+}
+
+SHA1HashValue CalculateFingerprintNSS(CERTCertificate* cert) {
+ DCHECK(cert->derCert.data);
+ DCHECK_NE(0U, cert->derCert.len);
+ SHA1HashValue sha1;
+ memset(sha1.data, 0, sizeof(sha1.data));
+ CC_SHA1(cert->derCert.data, cert->derCert.len, sha1.data);
+ return sha1;
+}
+
+// NSSCertificate implementation.
+
NSSCertificate::NSSCertificate(SecCertificateRef cert_handle) {
nss_cert_handle_ = CreateNSSCertHandleFromOSHandle(cert_handle);
DLOG_IF(INFO, cert_handle && !nss_cert_handle_)
@@ -68,10 +107,31 @@ NSSCertificate::~NSSCertificate() {
CERT_DestroyCertificate(nss_cert_handle_);
}
-CERTCertificate* NSSCertificate::cert_handle() {
+CERTCertificate* NSSCertificate::cert_handle() const {
return nss_cert_handle_;
}
+// NSSCertChain implementation
+
+NSSCertChain::NSSCertChain(X509Certificate* certificate) {
+ DCHECK(certificate);
+ certs_.push_back(CreateNSSCertHandleFromOSHandle(
+ certificate->os_cert_handle()));
+ const X509Certificate::OSCertHandles& cert_intermediates =
+ certificate->GetIntermediateCertificates();
+ for (size_t i = 0; i < cert_intermediates.size(); ++i)
+ certs_.push_back(CreateNSSCertHandleFromOSHandle(cert_intermediates[i]));
+}
+
+NSSCertChain::~NSSCertChain() {
+ for (size_t i = 0; i < certs_.size(); ++i)
+ CERT_DestroyCertificate(certs_[i]);
+}
+
+CERTCertificate* NSSCertChain::cert_handle() const {
+ return certs_.empty() ? NULL : certs_.front();
+}
+
} // namespace x509_util_ios
} // namespace net
« no previous file with comments | « net/base/x509_util_ios.h ('k') | net/net.gyp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698