OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/internal/trust_store.h" | 5 #include "net/cert/internal/trust_store.h" |
6 | 6 |
7 #include "net/cert/internal/parsed_certificate.h" | 7 #include "net/cert/internal/parsed_certificate.h" |
8 | 8 |
9 namespace net { | 9 namespace net { |
10 | 10 |
(...skipping 15 matching lines...) Expand all Loading... |
26 const der::Input& normalized_name, | 26 const der::Input& normalized_name, |
27 std::vector<scoped_refptr<ParsedCertificate>>* matches) const { | 27 std::vector<scoped_refptr<ParsedCertificate>>* matches) const { |
28 auto range = anchors_.equal_range(normalized_name.AsStringPiece()); | 28 auto range = anchors_.equal_range(normalized_name.AsStringPiece()); |
29 for (auto it = range.first; it != range.second; ++it) | 29 for (auto it = range.first; it != range.second; ++it) |
30 matches->push_back(it->second); | 30 matches->push_back(it->second); |
31 } | 31 } |
32 | 32 |
33 bool TrustStore::IsTrustedCertificate(const ParsedCertificate* cert) const { | 33 bool TrustStore::IsTrustedCertificate(const ParsedCertificate* cert) const { |
34 auto range = anchors_.equal_range(cert->normalized_subject().AsStringPiece()); | 34 auto range = anchors_.equal_range(cert->normalized_subject().AsStringPiece()); |
35 for (auto it = range.first; it != range.second; ++it) { | 35 for (auto it = range.first; it != range.second; ++it) { |
36 // First compare the ParsedCertificate pointers as an optimization, fall | 36 // First compare the ParsedCertificate pointers as an optimization. |
37 // back to comparing full DER encoding. | 37 if (it->second == cert || |
38 if (it->second == cert || it->second->der_cert() == cert->der_cert()) | 38 // Trust check is based on Name+SPKI match. This could match the same |
| 39 // certificate stored in a different ParsedCertificate object, or a |
| 40 // different cert that has the same Name+SPKI. |
| 41 (it->second->normalized_subject() == cert->normalized_subject() && |
| 42 it->second->tbs().spki_tlv == cert->tbs().spki_tlv)) |
39 return true; | 43 return true; |
40 } | 44 } |
41 return false; | 45 return false; |
42 } | 46 } |
43 | 47 |
44 } // namespace net | 48 } // namespace net |
OLD | NEW |