Add new ParsedCertificate class, move TrustStore to own file.

net/cert/internal/trust_store.cc

+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/internal/trust_store.h"
+
+#include "net/cert/internal/parsed_certificate.h"
+
+namespace net {
+
+TrustStore::TrustStore() {}
+TrustStore::~TrustStore() {}
+
+void TrustStore::Clear() {
+  anchors_.clear();
+}
+
+void TrustStore::AddTrustedCertificate(
+    scoped_refptr<ParsedCertificate> anchor) {
+  // TODO(mattm): should this check for duplicate certs?
+  anchors_.insert(
+      std::pair<base::StringPiece, scoped_refptr<ParsedCertificate>>(
+          anchor->normalized_subject(), std::move(anchor)));
+}
+
+void TrustStore::FindTrustAnchorsByNormalizedName(
+    const std::string& normalized_name,
+    std::vector<scoped_refptr<ParsedCertificate>>* matches) const {
+  auto range = anchors_.equal_range(normalized_name);
+  for (auto it = range.first; it != range.second; ++it)
+    matches->push_back(it->second);
+}
+
+bool TrustStore::IsTrustedCertificate(const ParsedCertificate* cert) const {
+  auto range = anchors_.equal_range(cert->normalized_subject());
+  for (auto it = range.first; it != range.second; ++it) {
+    // First compare the ParsedCertificate pointers as an optimization, fall

[eroman, 2016/05/12 18:12:30]

Do we currently use this or is it just a nice-to-have ?

[mattm, 2016/05/13 02:17:37]

In this CL it could be used if we add the anchor to the chain in
BuildSimplePathToTrustAnchor and then DCHECK(IsTrustedCertificate(..)) in
VerifyCertificateChainAssumingTrustedRoot.

And will be used in non-DCHECK situations in the path builder.

+    // back to comparing full DER encoding.
+    if (it->second == cert || it->second->der_cert() == cert->der_cert())
+      return true;
+  }
+  return false;
+}
+
+}  // namespace net