net/cert/internal/trust_store.cc - Issue 1923433002: Certificate path builder for new certificate verification library

Side by Side Diff: net/cert/internal/trust_store.cc

Issue 1923433002: Certificate path builder for new certificate verification library (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: changes for comment #16 Created 4 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/internal/trust_store.h"	5 #include "net/cert/internal/trust_store.h"

6	6

7 #include "net/cert/internal/parsed_certificate.h"	7 #include "net/cert/internal/parsed_certificate.h"

8	8

9 namespace net {	9 namespace net {

10	10

11 TrustStore::TrustStore() {}	11 TrustStore::TrustStore() {}

12 TrustStore::~TrustStore() {}	12 TrustStore::~TrustStore() {}

13	13

14 void TrustStore::Clear() {	14 void TrustStore::Clear() {

15 anchors_.clear();	15 anchors_.clear();

16 }	16 }

17	17

18 void TrustStore::AddTrustedCertificate(	18 void TrustStore::AddTrustedCertificate(

19 scoped_refptr<ParsedCertificate> anchor) {	19 scoped_refptr<ParsedCertificate> anchor) {

20 // TODO(mattm): should this check for duplicate certs?	20 // TODO(mattm): should this check for duplicate certs?

21 anchors_.insert(std::make_pair(anchor->normalized_subject().AsStringPiece(),	21 anchors_.insert(std::make_pair(anchor->normalized_subject().AsStringPiece(),

22 std::move(anchor)));	22 std::move(anchor)));

23 }	23 }

24	24

25 void TrustStore::FindTrustAnchorsByNormalizedName(	25 void TrustStore::FindTrustAnchorsByNormalizedName(

26 const der::Input& normalized_name,	26 const der::Input& normalized_name,

27 std::vector<scoped_refptr<ParsedCertificate>>* matches) const {	27 ParsedCertificateList* matches) const {

28 auto range = anchors_.equal_range(normalized_name.AsStringPiece());	28 auto range = anchors_.equal_range(normalized_name.AsStringPiece());

29 for (auto it = range.first; it != range.second; ++it)	29 for (auto it = range.first; it != range.second; ++it)

30 matches->push_back(it->second);	30 matches->push_back(it->second);

31 }	31 }

32	32

33 bool TrustStore::IsTrustedCertificate(const ParsedCertificate* cert) const {	33 bool TrustStore::IsTrustedCertificate(const ParsedCertificate* cert) const {

34 auto range = anchors_.equal_range(cert->normalized_subject().AsStringPiece());	34 auto range = anchors_.equal_range(cert->normalized_subject().AsStringPiece());

35 for (auto it = range.first; it != range.second; ++it) {	35 for (auto it = range.first; it != range.second; ++it) {

36 // First compare the ParsedCertificate pointers as an optimization, fall	36 // First compare the ParsedCertificate pointers as an optimization.

37 // back to comparing full DER encoding.	37 if (it->second == cert \|\|

38 if (it->second == cert \|\| it->second->der_cert() == cert->der_cert())	38 // Trust check is based on Name+SPKI match. This could match the same

	39 // certificate stored in a different ParsedCertificate object, or a

	40 // different cert that has the same Name+SPKI.

	41 (it->second->normalized_subject() == cert->normalized_subject() &&

	42 it->second->tbs().spki_tlv == cert->tbs().spki_tlv))

39 return true;	43 return true;

40 }	44 }

41 return false;	45 return false;

42 }	46 }

43	47

44 } // namespace net	48 } // namespace net

OLD	NEW

« net/cert/internal/trust_store.h ('K') | « net/cert/internal/trust_store.h ('k') | net/cert/internal/verify_certificate_chain.h » ('j') | net/cert/internal/verify_certificate_chain.h » ('J')