Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(107)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/cert_verify_proc_android.cc

Issue 12212135: Return specific cert verification errors on Android (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebase Created 7 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/android/network_library.cc ('k') | net/base/cert_verify_proc_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/cert_verify_proc_android.h" 5 #include "net/base/cert_verify_proc_android.h"
6 6
7 #include <string> 7 #include <string>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/logging.h" 10 #include "base/logging.h"
11 #include "net/android/cert_verify_result_android.h"
11 #include "net/android/network_library.h" 12 #include "net/android/network_library.h"
12 #include "net/base/cert_status_flags.h" 13 #include "net/base/cert_status_flags.h"
13 #include "net/base/cert_verify_result.h" 14 #include "net/base/cert_verify_result.h"
14 #include "net/base/net_errors.h" 15 #include "net/base/net_errors.h"
15 #include "net/base/x509_certificate.h" 16 #include "net/base/x509_certificate.h"
16 17
17 namespace net { 18 namespace net {
18 19
19 namespace { 20 namespace {
20 21
21 // Returns true if the certificate verification call was successful (regardless 22 // Returns true if the certificate verification call was successful (regardless
22 // of its result), i.e. if |verify_result| was set. Otherwise returns false. 23 // of its result), i.e. if |verify_result| was set. Otherwise returns false.
23 bool VerifyFromAndroidTrustManager(const std::vector<std::string>& cert_bytes, 24 bool VerifyFromAndroidTrustManager(const std::vector<std::string>& cert_bytes,
24 CertVerifyResult* verify_result) { 25 CertVerifyResult* verify_result) {
25 // TODO(joth): Fetch the authentication type from SSL rather than hardcode. 26 // TODO(joth): Fetch the authentication type from SSL rather than hardcode.
26 bool verified = true; 27 android::CertVerifyResultAndroid android_result =
27 android::VerifyResult result =
28 android::VerifyX509CertChain(cert_bytes, "RSA"); 28 android::VerifyX509CertChain(cert_bytes, "RSA");
29 switch (result) { 29 switch (android_result) {
30 case android::VERIFY_FAILED:
31 return false;
30 case android::VERIFY_OK: 32 case android::VERIFY_OK:
31 break; 33 break;
32 case android::VERIFY_NO_TRUSTED_ROOT: 34 case android::VERIFY_NO_TRUSTED_ROOT:
33 verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID; 35 verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID;
34 break; 36 break;
35 case android::VERIFY_INVOCATION_ERROR: 37 case android::VERIFY_EXPIRED:
36 verified = false; 38 case android::VERIFY_NOT_YET_VALID:
39 verify_result->cert_status |= CERT_STATUS_DATE_INVALID;
40 break;
41 case android::VERIFY_UNABLE_TO_PARSE:
42 verify_result->cert_status |= CERT_STATUS_INVALID;
37 break; 43 break;
38 default: 44 default:
45 NOTREACHED();
39 verify_result->cert_status |= CERT_STATUS_INVALID; 46 verify_result->cert_status |= CERT_STATUS_INVALID;
40 break; 47 break;
41 } 48 }
42 return verified; 49 return true;
43 } 50 }
44 51
45 bool GetChainDEREncodedBytes(X509Certificate* cert, 52 bool GetChainDEREncodedBytes(X509Certificate* cert,
46 std::vector<std::string>* chain_bytes) { 53 std::vector<std::string>* chain_bytes) {
47 X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle(); 54 X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle();
48 X509Certificate::OSCertHandles cert_handles = 55 X509Certificate::OSCertHandles cert_handles =
49 cert->GetIntermediateCertificates(); 56 cert->GetIntermediateCertificates();
50 57
51 // Make sure the peer's own cert is the first in the chain, if it's not 58 // Make sure the peer's own cert is the first in the chain, if it's not
52 // already there. 59 // already there.
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
95 102
96 // Until the required support is available in the platform, we don't know if 103 // Until the required support is available in the platform, we don't know if
97 // the trust root at the end of the chain was standard or user-added, so we 104 // the trust root at the end of the chain was standard or user-added, so we
98 // mark all correctly verified certificates as issued by a known root. 105 // mark all correctly verified certificates as issued by a known root.
99 verify_result->is_issued_by_known_root = true; 106 verify_result->is_issued_by_known_root = true;
100 107
101 return OK; 108 return OK;
102 } 109 }
103 110
104 } // namespace net 111 } // namespace net
OLDNEW
« no previous file with comments | « net/android/network_library.cc ('k') | net/base/cert_verify_proc_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698