OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/internal/trust_store.h" | 5 #include "net/cert/internal/trust_store.h" |
6 | 6 |
7 #include "net/cert/internal/parsed_certificate.h" | |
8 | |
9 namespace net { | 7 namespace net { |
10 | 8 |
11 TrustStore::TrustStore() {} | 9 TrustStore::TrustStore() {} |
12 TrustStore::~TrustStore() {} | 10 TrustStore::~TrustStore() {} |
13 | 11 |
14 void TrustStore::Clear() { | 12 void TrustStore::Clear() { |
15 anchors_.clear(); | 13 anchors_.clear(); |
16 } | 14 } |
17 | 15 |
18 void TrustStore::AddTrustedCertificate( | 16 void TrustStore::AddTrustedCertificate( |
19 scoped_refptr<ParsedCertificate> anchor) { | 17 scoped_refptr<ParsedCertificate> anchor) { |
20 // TODO(mattm): should this check for duplicate certs? | 18 // TODO(mattm): should this check for duplicate certs? |
21 anchors_.insert(std::make_pair(anchor->normalized_subject().AsStringPiece(), | 19 anchors_.insert(std::make_pair(anchor->normalized_subject().AsStringPiece(), |
22 std::move(anchor))); | 20 std::move(anchor))); |
23 } | 21 } |
24 | 22 |
25 void TrustStore::FindTrustAnchorsByNormalizedName( | 23 void TrustStore::FindTrustAnchorsByNormalizedName( |
26 const der::Input& normalized_name, | 24 const der::Input& normalized_name, |
27 std::vector<scoped_refptr<ParsedCertificate>>* matches) const { | 25 ParsedCertificateList* matches) const { |
28 auto range = anchors_.equal_range(normalized_name.AsStringPiece()); | 26 auto range = anchors_.equal_range(normalized_name.AsStringPiece()); |
29 for (auto it = range.first; it != range.second; ++it) | 27 for (auto it = range.first; it != range.second; ++it) |
30 matches->push_back(it->second); | 28 matches->push_back(it->second); |
31 } | 29 } |
32 | 30 |
33 bool TrustStore::IsTrustedCertificate(const ParsedCertificate* cert) const { | 31 bool TrustStore::IsTrustedCertificate(const ParsedCertificate* cert) const { |
34 auto range = anchors_.equal_range(cert->normalized_subject().AsStringPiece()); | 32 auto range = anchors_.equal_range(cert->normalized_subject().AsStringPiece()); |
35 for (auto it = range.first; it != range.second; ++it) { | 33 for (auto it = range.first; it != range.second; ++it) { |
36 // First compare the ParsedCertificate pointers as an optimization, fall | 34 // First compare the ParsedCertificate pointers as an optimization. |
37 // back to comparing full DER encoding. | 35 if (it->second == cert || |
38 if (it->second == cert || it->second->der_cert() == cert->der_cert()) | 36 // Trust check is based on Name+SPKI match. This could match the same |
| 37 // certificate stored in a different ParsedCertificate object, or a |
| 38 // different cert that has the same Name+SPKI. |
| 39 (it->second->normalized_subject() == cert->normalized_subject() && |
| 40 it->second->tbs().spki_tlv == cert->tbs().spki_tlv)) |
39 return true; | 41 return true; |
40 } | 42 } |
41 return false; | 43 return false; |
42 } | 44 } |
43 | 45 |
44 } // namespace net | 46 } // namespace net |
OLD | NEW |