Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(561)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/trust_store.cc

Issue 1923433002: Certificate path builder for new certificate verification library (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/internal/path_builder_pkits_unittest.cc ('K') | « net/cert/internal/path_builder_verify_certificate_chain_unittest.cc ('k') | net/cert/internal/verify_certificate_chain.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/trust_store.h" 5 #include "net/cert/internal/trust_store.h"
6 6
7 #include "net/cert/internal/parsed_certificate.h" 7 #include "net/cert/internal/parsed_certificate.h"
8 8
9 namespace net { 9 namespace net {
10 10
(...skipping 15 matching lines...) Expand all
26 const der::Input& normalized_name, 26 const der::Input& normalized_name,
27 std::vector<scoped_refptr<ParsedCertificate>>* matches) const { 27 std::vector<scoped_refptr<ParsedCertificate>>* matches) const {
28 auto range = anchors_.equal_range(normalized_name.AsStringPiece()); 28 auto range = anchors_.equal_range(normalized_name.AsStringPiece());
29 for (auto it = range.first; it != range.second; ++it) 29 for (auto it = range.first; it != range.second; ++it)
30 matches->push_back(it->second); 30 matches->push_back(it->second);
31 } 31 }
32 32
33 bool TrustStore::IsTrustedCertificate(const ParsedCertificate* cert) const { 33 bool TrustStore::IsTrustedCertificate(const ParsedCertificate* cert) const {
34 auto range = anchors_.equal_range(cert->normalized_subject().AsStringPiece()); 34 auto range = anchors_.equal_range(cert->normalized_subject().AsStringPiece());
35 for (auto it = range.first; it != range.second; ++it) { 35 for (auto it = range.first; it != range.second; ++it) {
36 // First compare the ParsedCertificate pointers as an optimization, fall 36 // First compare the ParsedCertificate pointers as an optimization.
37 // back to comparing full DER encoding. 37 if (it->second == cert ||
38 if (it->second == cert || it->second->der_cert() == cert->der_cert()) 38 // Trust check is based on Name+SPKI match. This could match the same
39 // certificate stored in a different ParsedCertificate object, or a
40 // different cert that has the same Name+SPKI.
41 (it->second->normalized_subject() == cert->normalized_subject() &&
42 it->second->tbs().spki_tlv == cert->tbs().spki_tlv))
39 return true; 43 return true;
40 } 44 }
41 return false; 45 return false;
42 } 46 }
43 47
44 } // namespace net 48 } // namespace net
OLDNEW
« net/cert/internal/path_builder_pkits_unittest.cc ('K') | « net/cert/internal/path_builder_verify_certificate_chain_unittest.cc ('k') | net/cert/internal/verify_certificate_chain.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698