Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(132)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chromeos/network/certificate_pattern_matcher.cc

Issue 16946002: Resolve certificate references in ONC by PEM. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Support CACert PEM list for L2tp. Created 7 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/chromeos/cros/network_library.h ('K') | « chromeos/network/certificate_pattern.cc ('k') | chromeos/network/mock_certificate_handler.h » ('j') | chromeos/network/onc/onc_constants.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chromeos/network/certificate_pattern_matcher.cc
diff --git a/chromeos/network/certificate_pattern_matcher.cc b/chromeos/network/certificate_pattern_matcher.cc
index 816b5f6950051960ec202e80571f852953e9afb7..3d7f32876a0fb17ab6013c8789ca6ba27f42825e 100644
--- a/chromeos/network/certificate_pattern_matcher.cc
+++ b/chromeos/network/certificate_pattern_matcher.cc
@@ -95,11 +95,11 @@ class PrivateKeyFilter {
};
// Functor to filter out certs that don't have an issuer in the associated
-// IssuerCARef list.
-class IssuerCaRefFilter {
+// IssuerCAPEMs list.
+class IssuerCaFilter {
public:
- explicit IssuerCaRefFilter(const std::vector<std::string>& issuer_ca_ref_list)
- : issuer_ca_ref_list_(issuer_ca_ref_list) {}
+ explicit IssuerCaFilter(const std::vector<std::string>& issuer_ca_pems)
+ : issuer_ca_pems_(issuer_ca_pems) {}
bool operator()(const scoped_refptr<net::X509Certificate>& cert) const {
// Find the certificate issuer for each certificate.
// TODO(gspencer): this functionality should be available from
@@ -107,25 +107,21 @@ class IssuerCaRefFilter {
CERTCertificate* issuer_cert = CERT_FindCertIssuer(
cert.get()->os_cert_handle(), PR_Now(), certUsageAnyCA);
- if (issuer_cert && issuer_cert->nickname) {
- // Separate the nickname stored in the certificate at the colon, since
- // NSS likes to store it as token:nickname.
- const char* delimiter = ::strchr(issuer_cert->nickname, ':');
- if (delimiter) {
- delimiter++; // move past the colon.
- std::vector<std::string>::const_iterator pat_iter =
- issuer_ca_ref_list_.begin();
- while (pat_iter != issuer_ca_ref_list_.end()) {
- if (*pat_iter == delimiter)
- return false;
- ++pat_iter;
- }
- }
+ if (!issuer_cert)
+ return true;
+
+ std::string pem_encoded;
+ if (!net::X509Certificate::GetPEMEncoded(issuer_cert, &pem_encoded)) {
+ LOG(ERROR) << "Couldn't PEM-encode certificate.";
+ return true;
}
- return true;
+
+ return (std::find(issuer_ca_pems_.begin(), issuer_ca_pems_.end(),
+ pem_encoded) ==
+ issuer_ca_pems_.end());
}
private:
- const std::vector<std::string>& issuer_ca_ref_list_;
+ const std::vector<std::string>& issuer_ca_pems_;
};
} // namespace
@@ -162,8 +158,8 @@ scoped_refptr<net::X509Certificate> GetCertificateMatch(
return NULL;
}
- if (!pattern.issuer_ca_ref_list().empty()) {
- matching_certs.remove_if(IssuerCaRefFilter(pattern.issuer_ca_ref_list()));
+ if (!pattern.issuer_ca_pems().empty()) {
+ matching_certs.remove_if(IssuerCaFilter(pattern.issuer_ca_pems()));
if (matching_certs.empty())
return NULL;
}
« chrome/browser/chromeos/cros/network_library.h ('K') | « chromeos/network/certificate_pattern.cc ('k') | chromeos/network/mock_certificate_handler.h » ('j') | chromeos/network/onc/onc_constants.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698