net/cert/internal/trust_store.cc - Issue 1923433002: Certificate path builder for new certificate verification library

Side by Side Diff: net/cert/internal/trust_store.cc

Issue 1923433002: Certificate path builder for new certificate verification library (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: changes for review comment #20 Created 4 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/internal/trust_store.h"	5 #include "net/cert/internal/trust_store.h"

6	6

7 #include "net/cert/internal/parsed_certificate.h"

8

9 namespace net {	7 namespace net {

10	8

11 TrustStore::TrustStore() {}	9 TrustStore::TrustStore() {}

12 TrustStore::~TrustStore() {}	10 TrustStore::~TrustStore() {}

13	11

14 void TrustStore::Clear() {	12 void TrustStore::Clear() {

15 anchors_.clear();	13 anchors_.clear();

16 }	14 }

17	15

18 void TrustStore::AddTrustedCertificate(	16 void TrustStore::AddTrustedCertificate(

19 scoped_refptr<ParsedCertificate> anchor) {	17 scoped_refptr<ParsedCertificate> anchor) {

20 // TODO(mattm): should this check for duplicate certs?	18 // TODO(mattm): should this check for duplicate certs?

21 anchors_.insert(std::make_pair(anchor->normalized_subject().AsStringPiece(),	19 anchors_.insert(std::make_pair(anchor->normalized_subject().AsStringPiece(),

22 std::move(anchor)));	20 std::move(anchor)));

23 }	21 }

24	22

25 void TrustStore::FindTrustAnchorsByNormalizedName(	23 void TrustStore::FindTrustAnchorsByNormalizedName(

26 const der::Input& normalized_name,	24 const der::Input& normalized_name,

27 std::vector<scoped_refptr<ParsedCertificate>>* matches) const {	25 ParsedCertificateList* matches) const {

28 auto range = anchors_.equal_range(normalized_name.AsStringPiece());	26 auto range = anchors_.equal_range(normalized_name.AsStringPiece());

29 for (auto it = range.first; it != range.second; ++it)	27 for (auto it = range.first; it != range.second; ++it)

30 matches->push_back(it->second);	28 matches->push_back(it->second);

31 }	29 }

32	30

33 bool TrustStore::IsTrustedCertificate(const ParsedCertificate* cert) const {	31 bool TrustStore::IsTrustedCertificate(const ParsedCertificate* cert) const {

34 auto range = anchors_.equal_range(cert->normalized_subject().AsStringPiece());	32 auto range = anchors_.equal_range(cert->normalized_subject().AsStringPiece());

35 for (auto it = range.first; it != range.second; ++it) {	33 for (auto it = range.first; it != range.second; ++it) {

36 // First compare the ParsedCertificate pointers as an optimization, fall	34 // First compare the ParsedCertificate pointers as an optimization.

37 // back to comparing full DER encoding.	35 if (it->second == cert \|\|

38 if (it->second == cert \|\| it->second->der_cert() == cert->der_cert())	36 // Trust check is based on Name+SPKI match. This could match the same

	37 // certificate stored in a different ParsedCertificate object, or a

	38 // different cert that has the same Name+SPKI.

	39 (it->second->normalized_subject() == cert->normalized_subject() &&

	40 it->second->tbs().spki_tlv == cert->tbs().spki_tlv))

39 return true;	41 return true;

40 }	42 }

41 return false;	43 return false;

42 }	44 }

43	45

44 } // namespace net	46 } // namespace net

OLD	NEW

« no previous file with comments | « net/cert/internal/trust_store.h ('k') | net/cert/internal/verify_certificate_chain.h » ('j') | no next file with comments »