net/cert/cert_verify_proc_chromeos.cc - Issue 137553004: NSS Cros multiprofile: trust roots added by a profile shouldn't apply to other profiles.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/cert_verify_proc_chromeos.cc

Issue 137553004: NSS Cros multiprofile: trust roots added by a profile shouldn't apply to other profiles. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: expanded test, found one problem Created 6 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« net/cert/cert_verify_proc_chromeos.h ('K') | « net/cert/cert_verify_proc_chromeos.h ('k') | net/cert/cert_verify_proc_chromeos_unittest.cc » ('j') | net/cert/cert_verify_proc_chromeos_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/cert/cert_verify_proc_chromeos.cc

diff --git a/net/cert/cert_verify_proc_chromeos.cc b/net/cert/cert_verify_proc_chromeos.cc

new file mode 100644

index 0000000000000000000000000000000000000000..c11c2e3aad1070c812fe82d9b977df282a8aacef

--- /dev/null

+++ b/net/cert/cert_verify_proc_chromeos.cc

@@ -0,0 +1,50 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+#include "net/cert/cert_verify_proc_chromeos.h"

+// NSS doesn't currently define CERT_LIST_TAIL.

+// See https://bugzilla.mozilla.org/show_bug.cgi?id=962413

+#ifndef CERT_LIST_TAIL

+#define CERT_LIST_TAIL(l) ((CERTCertListNode *)PR_LIST_TAIL(&l->list))

+#endif

+namespace net {

+CertVerifyProcChromeOS::CertVerifyProcChromeOS()

+ : CertVerifyProcNSS(InitializeCERTChainVerifyCallback()) {}

+CertVerifyProcChromeOS::CertVerifyProcChromeOS(

+ crypto::ScopedPK11Slot public_slot,

+ crypto::ScopedPK11Slot private_slot)

+ : CertVerifyProcNSS(InitializeCERTChainVerifyCallback()) {

+ profile_filter_.Init(public_slot.Pass(), private_slot.Pass());

+CertVerifyProcChromeOS::~CertVerifyProcChromeOS() {}

+CERTChainVerifyCallback*

+CertVerifyProcChromeOS::InitializeCERTChainVerifyCallback() {

+ chain_verify_callback_.isChainValid =

+ &CertVerifyProcChromeOS::IsChainValidFunc;

+ chain_verify_callback_.isChainValidArg = static_cast<void*>(this);

+ return &chain_verify_callback_;

+// static

+SECStatus CertVerifyProcChromeOS::IsChainValidFunc(

+ void* is_chain_valid_arg,

+ const CERTCertList* current_chain,

+ PRBool* chain_ok) {

+ CertVerifyProcChromeOS* that =

+ static_cast<CertVerifyProcChromeOS*>(is_chain_valid_arg);

+ CERTCertificate* cert = CERT_LIST_TAIL(current_chain)->cert;

+ // TODO(mattm): If crbug.com/334384 is fixed to allow setting trust

+ // properly when the same cert is in multiple slots, this would also need

+ // updating to check the per-slot trust values.

+ *chain_ok = that->profile_filter_.IsCertAllowed(cert) ? PR_TRUE : PR_FALSE;

+ return SECSuccess;

+} // namespace net