net/tools/cert_verify_tool/verify_using_path_builder.cc - Issue 2126803004: WIP: NSS trust store integration for path builder.

Unified Diff: net/tools/cert_verify_tool/verify_using_path_builder.cc

Issue 2126803004: WIP: NSS trust store integration for path builder. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@cert-command-line-path-builder-add_certpathbuilder

Patch Set: . Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/tools/cert_verify_tool/verify_using_path_builder.cc

diff --git a/net/tools/cert_verify_tool/verify_using_path_builder.cc b/net/tools/cert_verify_tool/verify_using_path_builder.cc

index 2520e6d0a5308762ad86b9fcfb9f04b6957bbace..3aaec0e1b82a37154845ee513f9674a2a21ed7b7 100644

--- a/net/tools/cert_verify_tool/verify_using_path_builder.cc

+++ b/net/tools/cert_verify_tool/verify_using_path_builder.cc

@@ -18,12 +18,18 @@

#include "net/cert/internal/parsed_certificate.h"

#include "net/cert/internal/path_builder.h"

#include "net/cert/internal/signature_policy.h"

-#include "net/cert/internal/trust_store.h"

+#include "net/cert/internal/trust_store_static.h"

#include "net/cert_net/cert_net_fetcher_impl.h"

#include "net/tools/cert_verify_tool/cert_verify_tool_util.h"

#include "net/url_request/url_request_context.h"

#include "net/url_request/url_request_context_builder.h"

+// XXX should it be defined(OS_LINUX) || defined(OS_CHROMEOS) ?

+#if defined(USE_NSS_CERTS)

+#include "base/threading/thread_task_runner_handle.h"

+#include "net/cert/internal/trust_store_nss.h"

+#endif

#if defined(OS_LINUX)

#include "net/proxy/proxy_config.h"

#include "net/proxy/proxy_config_service_fixed.h"

@@ -93,15 +99,19 @@ bool VerifyUsingPathBuilder(

const std::vector<CertInput>& root_der_certs,

const base::Time at_time,

const base::FilePath& dump_prefix_path) {

- std::cout << "NOTE: CertPathBuilder does not currently use OS trust settings "

- "(--roots must be specified).\n";

std::cerr << "WARNING: --hostname is not yet verified with CertPathBuilder\n";

base::Time::Exploded exploded_time;

at_time.UTCExplode(&exploded_time);

net::der::GeneralizedTime time = ConvertExplodedTime(exploded_time);

- net::TrustStore trust_store;

+#if defined(USE_NSS_CERTS)

+ net::TrustStoreNSS trust_store_nss(base::ThreadTaskRunnerHandle::Get());

+#else

+ std::cout << "NOTE: CertPathBuilder does not currently use OS trust settings "

+ "(--roots must be specified).\n";

+#endif

+ net::TrustStoreStatic trust_store_static;

for (const auto& der_cert : root_der_certs) {

scoped_refptr<net::ParsedCertificate> cert =

net::ParsedCertificate::CreateFromCertificateCopy(der_cert.der_cert,

@@ -109,7 +119,7 @@ bool VerifyUsingPathBuilder(

if (!cert)

PrintCertError("ERROR: ParsedCertificate failed:", der_cert);

else

- trust_store.AddTrustedCertificate(cert);

+ trust_store_static.AddTrustedCertificate(cert);

}

net::CertIssuerSourceStatic intermediate_cert_issuer_source;

@@ -134,8 +144,12 @@ bool VerifyUsingPathBuilder(

// Verify the chain.

net::SimpleSignaturePolicy signature_policy(2048);

net::CertPathBuilder::Result result;

- net::CertPathBuilder path_builder(target_cert, &trust_store,

- &signature_policy, time, &result);

+ net::CertPathBuilder path_builder(target_cert, &signature_policy, time,

+ &result);

+ path_builder.AddTrustStore(&trust_store_static);

+#if defined(USE_NSS_CERTS)

+ path_builder.AddTrustStore(&trust_store_nss);

+#endif

path_builder.AddCertIssuerSource(&intermediate_cert_issuer_source);

// TODO(mattm): add command line flags to configure using CertIssuerSourceAia

« no previous file with comments | « net/net.gypi ('k') | no next file » | no next file with comments »