OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/internal/trust_store.h" | 5 #include "net/cert/internal/trust_store.h" |
6 | 6 |
7 #include "net/cert/internal/parsed_certificate.h" | 7 #include "net/cert/internal/parsed_certificate.h" |
8 | 8 |
9 namespace net { | 9 namespace net { |
10 | 10 |
11 TrustStore::TrustStore() {} | 11 TrustStore::TrustStore() {} |
12 TrustStore::~TrustStore() {} | 12 TrustStore::~TrustStore() {} |
13 | 13 |
14 void TrustStore::Clear() { | 14 void TrustStore::Clear() { |
15 anchors_.clear(); | 15 anchors_.clear(); |
16 } | 16 } |
17 | 17 |
18 void TrustStore::AddTrustedCertificate( | 18 void TrustStore::AddTrustedCertificate( |
19 scoped_refptr<ParsedCertificate> anchor) { | 19 scoped_refptr<ParsedCertificate> anchor) { |
20 // TODO(mattm): should this check for duplicate certs? | 20 // TODO(mattm): should this check for duplicate certs? |
21 anchors_.insert(std::make_pair(anchor->normalized_subject().AsStringPiece(), | 21 anchors_.insert(std::make_pair(anchor->normalized_subject().AsStringPiece(), |
22 std::move(anchor))); | 22 std::move(anchor))); |
23 } | 23 } |
24 | 24 |
25 void TrustStore::FindTrustAnchorsByNormalizedName( | 25 void TrustStore::FindTrustAnchorsByNormalizedName( |
26 const der::Input& normalized_name, | 26 const der::Input& normalized_name, |
27 std::vector<scoped_refptr<ParsedCertificate>>* matches) const { | 27 ParsedCertificateList* matches) const { |
28 auto range = anchors_.equal_range(normalized_name.AsStringPiece()); | 28 auto range = anchors_.equal_range(normalized_name.AsStringPiece()); |
29 for (auto it = range.first; it != range.second; ++it) | 29 for (auto it = range.first; it != range.second; ++it) |
30 matches->push_back(it->second); | 30 matches->push_back(it->second); |
31 } | 31 } |
32 | 32 |
33 bool TrustStore::IsTrustedCertificate(const ParsedCertificate* cert) const { | 33 bool TrustStore::IsTrustedCertificate(const ParsedCertificate* cert) const { |
34 auto range = anchors_.equal_range(cert->normalized_subject().AsStringPiece()); | 34 auto range = anchors_.equal_range(cert->normalized_subject().AsStringPiece()); |
35 for (auto it = range.first; it != range.second; ++it) { | 35 for (auto it = range.first; it != range.second; ++it) { |
36 // First compare the ParsedCertificate pointers as an optimization, fall | 36 // First compare the ParsedCertificate pointers as an optimization. |
37 // back to comparing full DER encoding. | 37 if (it->second == cert || |
38 if (it->second == cert || it->second->der_cert() == cert->der_cert()) | 38 // Trust check is based on Name+SPKI match. This could match the same |
| 39 // certificate stored in a different ParsedCertificate object, or a |
| 40 // different cert that has the same Name+SPKI. |
| 41 (it->second->normalized_subject() == cert->normalized_subject() && |
| 42 it->second->tbs().spki_tlv == cert->tbs().spki_tlv)) |
39 return true; | 43 return true; |
40 } | 44 } |
41 return false; | 45 return false; |
42 } | 46 } |
43 | 47 |
44 } // namespace net | 48 } // namespace net |
OLD | NEW |