Index: net/base/x509_certificate_nss.cc |
diff --git a/net/base/x509_certificate_nss.cc b/net/base/x509_certificate_nss.cc |
index 54d2197e30ecd2db96f7d008a8c7442080e7a9fd..277c23da7c14e09d991bdad70275cae3c07848a1 100644 |
--- a/net/base/x509_certificate_nss.cc |
+++ b/net/base/x509_certificate_nss.cc |
@@ -10,6 +10,7 @@ |
#include <nss.h> |
#include <pk11pub.h> |
#include <prtime.h> |
+#include <seccomon.h> |
#include <secder.h> |
#include <sechash.h> |
@@ -19,6 +20,7 @@ |
#include "base/time.h" |
#include "crypto/nss_util.h" |
#include "crypto/rsa_private_key.h" |
+#include "crypto/scoped_nss_types.h" |
#include "net/base/x509_util_nss.h" |
namespace net { |
@@ -154,6 +156,25 @@ bool X509Certificate::VerifyNameMatch(const std::string& hostname) const { |
return CERT_VerifyCertName(cert_handle_, hostname.c_str()) == SECSuccess; |
} |
+bool X509Certificate::IsIssuedByEncoded( |
+ const std::vector<std::string>& valid_issuers) { |
+ // Get certificate chain as scoped list of CERTCertificate objects. |
+ std::vector<CERTCertificate*> cert_chain; |
+ cert_chain.push_back(cert_handle_); |
+ for (size_t n = 0; n < intermediate_ca_certs_.size(); ++n) { |
+ cert_chain.push_back(intermediate_ca_certs_[n]); |
+ } |
+ // Convert encoded issuers to scoped CERTName* list. |
+ std::vector<CERTName*> issuers; |
+ crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); |
+ if (!x509_util::GetIssuersFromEncodedList( |
+ valid_issuers, arena.get(), &issuers)) |
Ryan Sleevi
2012/12/21 22:09:50
nit: Both indent and bracing are incorrect here
digit1
2013/01/07 13:58:40
Done.
|
+ return false; |
+ |
+ // Do the comparison. |
+ return x509_util::IsCertificateIssuedBy(cert_chain, issuers); |
+} |
+ |
// static |
bool X509Certificate::GetDEREncoded(X509Certificate::OSCertHandle cert_handle, |
std::string* encoded) { |