diff options
| author | michaelbai@google.com <michaelbai@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-08-11 16:05:56 +0000 |
|---|---|---|
| committer | michaelbai@google.com <michaelbai@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-08-11 16:05:56 +0000 |
| commit | 6dbdaa892d120c6fbb1355aeb0ba8810dad12840 (patch) | |
| tree | 59b446fad4cccc144953888d0c2861d44782458b /net/base/x509_certificate_openssl_android.cc | |
| parent | b20c447c5d17bb563498c710445627ae4bfb6137 (diff) | |
| download | chromium_src-6dbdaa892d120c6fbb1355aeb0ba8810dad12840.zip chromium_src-6dbdaa892d120c6fbb1355aeb0ba8810dad12840.tar.gz chromium_src-6dbdaa892d120c6fbb1355aeb0ba8810dad12840.tar.bz2 | |
Upstream certificate and mime Android implementation.
BUG=
TEST=
Review URL: http://codereview.chromium.org/7538029
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@96401 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/x509_certificate_openssl_android.cc')
| -rw-r--r-- | net/base/x509_certificate_openssl_android.cc | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/net/base/x509_certificate_openssl_android.cc b/net/base/x509_certificate_openssl_android.cc new file mode 100644 index 0000000..4e1bbd2 --- /dev/null +++ b/net/base/x509_certificate_openssl_android.cc @@ -0,0 +1,63 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/base/x509_certificate.h" + +#include "base/logging.h" +#include "net/android/network_library.h" +#include "net/base/cert_status_flags.h" +#include "net/base/cert_verify_result.h" +#include "net/base/net_errors.h" + +namespace net { + +int X509Certificate::VerifyInternal(const std::string& hostname, + int flags, + CertVerifyResult* verify_result) const { + if (!VerifyNameMatch(hostname)) + verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; + + std::vector<std::string> cert_bytes; + GetChainDEREncodedBytes(&cert_bytes); + + // TODO(joth): Fetch the authentication type from SSL rather than hardcode. + android::VerifyResult result = + android::VerifyX509CertChain(cert_bytes, hostname, "RSA"); + switch (result) { + case android::VERIFY_OK: + return OK; + case android::VERIFY_BAD_HOSTNAME: + verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; + break; + case android::VERIFY_NO_TRUSTED_ROOT: + verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID; + break; + case android::VERIFY_INVOCATION_ERROR: + default: + verify_result->cert_status |= ERR_CERT_INVALID; + break; + } + return MapCertStatusToNetError(verify_result->cert_status); +} + +void X509Certificate::GetChainDEREncodedBytes( + std::vector<std::string>* chain_bytes) const { + OSCertHandles cert_handles(intermediate_ca_certs_); + // Make sure the peer's own cert is the first in the chain, if it's not + // already there. + if (cert_handles.empty()) + cert_handles.insert(cert_handles.begin(), cert_handle_); + + chain_bytes->reserve(cert_handles.size()); + for (OSCertHandles::const_iterator it = cert_handles.begin(); + it != cert_handles.end(); ++it) { + DERCache der_cache = {0}; + GetDERAndCacheIfNeeded(*it, &der_cache); + std::string cert_bytes ( + reinterpret_cast<const char*>(der_cache.data), der_cache.data_length); + chain_bytes->push_back(cert_bytes); + } +} + +} // namespace net |