Add X509Certificate::IsIssuedByEncoded()

net/base/x509_util_nss.cc

Index: net/base/x509_util_nss.cc
diff --git a/net/base/x509_util_nss.cc b/net/base/x509_util_nss.cc
index c86b9c5db8b9e013d0bbd4eb4c2795ab77554d11..d1bfdbda9c7efedbc515dc1b815f51aad675995d 100644
--- a/net/base/x509_util_nss.cc
+++ b/net/base/x509_util_nss.cc
@@ -273,6 +273,36 @@ SECStatus PR_CALLBACK CollectCertsCallback(void* arg,
 
   return SECSuccess;
 }
+
+typedef scoped_ptr_malloc<CERTName,
+        crypto::NSSDestroyer<CERTName, CERT_DestroyName> > ScopedCERTName;

[Ryan Sleevi, 2012/12/21 22:09:50]

style nit: This indenting is wrong

typedef scoped_ptr_malloc<
    CERTName,
    crypto::NSSDestroyer<CERTName, CERT_DestroyName> > ScopedCERTName;

[digit1, 2013/01/07 13:58:40]

Done.

+
+// Create a new CERTName object from its encoded representation.
+// |arena| is the allocation pool to use.
+// |data| points to a DER-encoded X.509 DistinguishedName.
+// Return a new CERTName pointer on success, or NULL.
+CERTName* CreateCertNameFromEncoded(PLArenaPool* arena,
+                                    const base::StringPiece& data) {
+    if (!arena)
+        return NULL;
+
+    ScopedCERTName name(PORT_ArenaZNew(arena, CERTName));
+    if (!name.get())
+        return NULL;
+
+    SECItem item;
+    item.len = static_cast<unsigned int>(data.length());
+    item.data = reinterpret_cast<unsigned char*>(
+        const_cast<char*>(data.data()));
+
+    SECStatus rv = SEC_ASN1DecodeItem(arena, name.get(),
+            SEC_ASN1_GET(CERT_NameTemplate), &item);

[Ryan Sleevi, 2012/12/21 22:09:50]

style: This indent is incorrect (minimally, should be exactly 4 spaces here),
but can be rewritten as follows

SECStatus rv = SEC_ASN1DecodeItem(
    arena, name.get(), SEC_ASN1_GET(CERT_NameTemplate), &item);

[digit1, 2013/01/07 13:58:40]

Done.

+    if (rv != SECSuccess)
+        return NULL;
+
+    return name.release();
+}
+
 #endif  // defined(USE_NSS) || defined(OS_IOS)
 
 }  // namespace
@@ -527,6 +557,36 @@ void GetPublicKeyInfo(CERTCertificate* handle,
       break;
   }
 }
+
+bool GetIssuersFromEncodedList(
+    const std::vector<std::string>& encoded_issuers,
+    PLArenaPool* arena,
+    std::vector<CERTName*>* out) {
+
+  out->clear();
+  for (size_t n = 0; n < encoded_issuers.size(); ++n) {
+    CERTName* name = CreateCertNameFromEncoded(arena, encoded_issuers[n]);
+    if (name == NULL)
+      return false;
+
+    out->push_back(name);
+  }

[Ryan Sleevi, 2012/12/21 22:09:50]

RAII-safe alternative:

std::vector<CERTName*> result;
for (size_t i = 0; ...) {
  ...
}
if (result.size() == encoded_issuers.size()) {
  out->swap(result);
  return true;
}

for (size_t i = 0; i < result.size(); ++i)
  CERT_DestroyName(result[i]);
return false;

[digit1, 2013/01/07 13:58:40]

Done.

+  return true;
+}
+
+
+bool IsCertificateIssuedBy(const std::vector<CERTCertificate*>& cert_chain,
+                           const std::vector<CERTName*>& valid_issuers) {
+  for (size_t n = 0; n < cert_chain.size(); ++n) {
+    CERTName* cert_issuer = &cert_chain[n]->issuer;
+    for (size_t i = 0; i < valid_issuers.size(); ++i) {
+      if (CERT_CompareName(valid_issuers[i], cert_issuer))
+        return true;
+    }
+  }
+  return false;
+}
+
 #endif  // defined(USE_NSS) || defined(OS_IOS)
 
 } // namespace x509_util