net/cert/internal/verify_certificate_chain.cc - Issue 1923433002: Certificate path builder for new certificate verification library

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/internal/verify_certificate_chain.cc

Issue 1923433002: Certificate path builder for new certificate verification library (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: rebase Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« net/cert/internal/path_builder_pkits_unittest.cc ('K') | « net/cert/internal/verify_certificate_chain.h ('k') | net/cert/internal/verify_certificate_chain_pkits_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/cert/internal/verify_certificate_chain.cc

diff --git a/net/cert/internal/verify_certificate_chain.cc b/net/cert/internal/verify_certificate_chain.cc

index f6a45b2435cc41cb96bcbd3da6b3aba91b758a79..3ace2bf4d4c7e792e552d9c475add9117806b783 100644

--- a/net/cert/internal/verify_certificate_chain.cc

+++ b/net/cert/internal/verify_certificate_chain.cc

@@ -336,9 +336,6 @@ WARN_UNUSED_RESULT bool WrapUp(const ParsedCertificate& cert) {

} // namespace

-// TODO(eroman): Move this into existing anonymous namespace.

-namespace {

// This implementation is structured to mimic the description of certificate

// path verification given by RFC 5280 section 6.1.

@@ -450,52 +447,4 @@ bool VerifyCertificateChainAssumingTrustedRoot(

return true;

}

-// TODO(eroman): This function is a temporary hack in the absence of full

-// path building. It may insert 1 certificate at the root of the

-// chain to ensure that the path's root certificate is a trust anchor.

-//

-// Beyond this no other verification is done on the chain. The caller is

-// responsible for verifying the subsequent chain's correctness.

-WARN_UNUSED_RESULT bool BuildSimplePathToTrustAnchor(

- const TrustStore& trust_store,

- std::vector<scoped_refptr<ParsedCertificate>>* certs) {

- if (certs->empty())

- return false;

- // Check if the current root certificate is trusted. If it is then no

- // extra work is needed.

- if (trust_store.IsTrustedCertificate(certs->back().get()))

- return true;

- std::vector<scoped_refptr<ParsedCertificate>> trust_anchors;

- trust_store.FindTrustAnchorsByNormalizedName(

- certs->back()->normalized_issuer(), &trust_anchors);

- if (trust_anchors.empty())

- return false;

- // TODO(mattm): this only tries the first match, even if there are multiple.

- certs->push_back(std::move(trust_anchors[0]));

- return true;

-} // namespace

-bool VerifyCertificateChain(

- const std::vector<scoped_refptr<ParsedCertificate>>& cert_chain,

- const TrustStore& trust_store,

- const SignaturePolicy* signature_policy,

- const der::GeneralizedTime& time) {

- if (cert_chain.empty())

- return false;

- std::vector<scoped_refptr<ParsedCertificate>> full_chain = cert_chain;

- // Modify the certificate chain so that its root is a trusted certificate.

- if (!BuildSimplePathToTrustAnchor(trust_store, &full_chain))

- return false;

- // Verify the chain.

- return VerifyCertificateChainAssumingTrustedRoot(full_chain, trust_store,

- signature_policy, time);

} // namespace net