Add X509Certificate::IsIssuedByEncoded()

net/base/x509_certificate_nss.cc

Index: net/base/x509_certificate_nss.cc
diff --git a/net/base/x509_certificate_nss.cc b/net/base/x509_certificate_nss.cc
index 54d2197e30ecd2db96f7d008a8c7442080e7a9fd..277c23da7c14e09d991bdad70275cae3c07848a1 100644
--- a/net/base/x509_certificate_nss.cc
+++ b/net/base/x509_certificate_nss.cc
@@ -10,6 +10,7 @@
 #include <nss.h>
 #include <pk11pub.h>
 #include <prtime.h>
+#include <seccomon.h>
 #include <secder.h>
 #include <sechash.h>
 
@@ -19,6 +20,7 @@
 #include "base/time.h"
 #include "crypto/nss_util.h"
 #include "crypto/rsa_private_key.h"
+#include "crypto/scoped_nss_types.h"
 #include "net/base/x509_util_nss.h"
 
 namespace net {
@@ -154,6 +156,25 @@ bool X509Certificate::VerifyNameMatch(const std::string& hostname) const {
   return CERT_VerifyCertName(cert_handle_, hostname.c_str()) == SECSuccess;
 }
 
+bool X509Certificate::IsIssuedByEncoded(
+    const std::vector<std::string>& valid_issuers) {
+  // Get certificate chain as scoped list of CERTCertificate objects.
+  std::vector<CERTCertificate*> cert_chain;
+  cert_chain.push_back(cert_handle_);
+  for (size_t n = 0; n < intermediate_ca_certs_.size(); ++n) {
+    cert_chain.push_back(intermediate_ca_certs_[n]);
+  }
+  // Convert encoded issuers to scoped CERTName* list.
+  std::vector<CERTName*> issuers;
+  crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!x509_util::GetIssuersFromEncodedList(
+      valid_issuers, arena.get(), &issuers))

[Ryan Sleevi, 2012/12/21 22:09:50]

nit: Both indent and bracing are incorrect here

[digit1, 2013/01/07 13:58:40]

Done.

+    return false;
+
+  // Do the comparison.
+  return x509_util::IsCertificateIssuedBy(cert_chain, issuers);
+}
+
 // static
 bool X509Certificate::GetDEREncoded(X509Certificate::OSCertHandle cert_handle,
                                     std::string* encoded) {