Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1149)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/verify_certificate_chain.cc

Issue 2078653002: Add an out parameter to VerifyCertificateChain for retrieving the trusted chain. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixed nit Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/internal/verify_certificate_chain.h ('k') | net/cert/internal/verify_certificate_chain_pkits_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/verify_certificate_chain.h" 5 #include "net/cert/internal/verify_certificate_chain.h"
6 6
7 #include <memory> 7 #include <memory>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "net/cert/internal/name_constraints.h" 10 #include "net/cert/internal/name_constraints.h"
(...skipping 465 matching lines...) Expand 10 before | Expand all | Expand 10 after
476 certs->push_back(std::move(trust_anchors[0])); 476 certs->push_back(std::move(trust_anchors[0]));
477 return true; 477 return true;
478 } 478 }
479 479
480 } // namespace 480 } // namespace
481 481
482 bool VerifyCertificateChain( 482 bool VerifyCertificateChain(
483 const std::vector<scoped_refptr<ParsedCertificate>>& cert_chain, 483 const std::vector<scoped_refptr<ParsedCertificate>>& cert_chain,
484 const TrustStore& trust_store, 484 const TrustStore& trust_store,
485 const SignaturePolicy* signature_policy, 485 const SignaturePolicy* signature_policy,
486 const der::GeneralizedTime& time) { 486 const der::GeneralizedTime& time,
487 std::vector<scoped_refptr<ParsedCertificate>>* trusted_chain_out) {
487 if (cert_chain.empty()) 488 if (cert_chain.empty())
488 return false; 489 return false;
489 490
490 std::vector<scoped_refptr<ParsedCertificate>> full_chain = cert_chain; 491 std::vector<scoped_refptr<ParsedCertificate>> full_chain = cert_chain;
491 492
492 // Modify the certificate chain so that its root is a trusted certificate. 493 // Modify the certificate chain so that its root is a trusted certificate.
493 if (!BuildSimplePathToTrustAnchor(trust_store, &full_chain)) 494 if (!BuildSimplePathToTrustAnchor(trust_store, &full_chain))
494 return false; 495 return false;
495 496
496 // Verify the chain. 497 // Verify the chain.
497 return VerifyCertificateChainAssumingTrustedRoot(full_chain, trust_store, 498 bool success = VerifyCertificateChainAssumingTrustedRoot(
498 signature_policy, time); 499 full_chain, trust_store, signature_policy, time);
500 if (success && trusted_chain_out != nullptr)
501 *trusted_chain_out = std::move(full_chain);
502 return success;
499 } 503 }
500 504
501 } // namespace net 505 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/internal/verify_certificate_chain.h ('k') | net/cert/internal/verify_certificate_chain_pkits_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698