Chromium Code Reviews Chromium Code Reviews
Issue 2225493003:
Don't treat trust anchors as certificates during path building. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/trust_store.h" | 5 #include "net/cert/internal/trust_store.h" |
| 6 | 6 |
| 7 #include "base/memory/ptr_util.h" | |
| 8 | |
| 7 namespace net { | 9 namespace net { |
| 8 | 10 |
| 11 scoped_refptr<TrustAnchor> TrustAnchor::CreateFromCertificateNoConstraints( | |
| 12 scoped_refptr<ParsedCertificate> cert) { | |
| 13 return scoped_refptr<TrustAnchor>(new TrustAnchor(std::move(cert))); | |
| 14 } | |
| 15 | |
| 16 der::Input TrustAnchor::spki() const { | |
| 17 return cert_->tbs().spki_tlv; | |
| 18 } | |
| 19 | |
| 20 der::Input TrustAnchor::normalized_subject() const { | |
| 21 return cert_->normalized_subject(); | |
| 22 } | |
| 23 | |
| 24 const scoped_refptr<ParsedCertificate>& TrustAnchor::cert() const { | |
| 25 return cert_; | |
| 26 } | |
| 27 | |
| 28 TrustAnchor::TrustAnchor(scoped_refptr<ParsedCertificate> cert) | |
| 29 : cert_(std::move(cert)) { | |
| 30 DCHECK(cert.get()); | |
|
mattm
2016/08/09 00:59:21
cert_
eroman
2016/08/09 01:37:20
Oops! Good spot.
I will make sure to test debug m
| |
| 31 } | |
| 32 | |
| 33 TrustAnchor::~TrustAnchor() {} | |
| 34 | |
| 9 TrustStore::TrustStore() {} | 35 TrustStore::TrustStore() {} |
| 10 TrustStore::~TrustStore() {} | 36 TrustStore::~TrustStore() {} |
| 11 | 37 |
| 12 void TrustStore::Clear() { | 38 void TrustStore::Clear() { |
| 13 anchors_.clear(); | 39 anchors_.clear(); |
| 14 } | 40 } |
| 15 | 41 |
| 16 void TrustStore::AddTrustedCertificate( | 42 void TrustStore::AddTrustAnchor(scoped_refptr<TrustAnchor> anchor) { |
| 17 scoped_refptr<ParsedCertificate> anchor) { | 43 // TODO(mattm): should this check for duplicate anchors? |
| 18 // TODO(mattm): should this check for duplicate certs? | |
| 19 anchors_.insert(std::make_pair(anchor->normalized_subject().AsStringPiece(), | 44 anchors_.insert(std::make_pair(anchor->normalized_subject().AsStringPiece(), |
| 20 std::move(anchor))); | 45 std::move(anchor))); |
| 21 } | 46 } |
| 22 | 47 |
| 23 void TrustStore::FindTrustAnchorsByNormalizedName( | 48 void TrustStore::FindTrustAnchorsByNormalizedName( |
| 24 const der::Input& normalized_name, | 49 const der::Input& normalized_name, |
| 25 ParsedCertificateList* matches) const { | 50 TrustAnchors* matches) const { |
| 26 auto range = anchors_.equal_range(normalized_name.AsStringPiece()); | 51 auto range = anchors_.equal_range(normalized_name.AsStringPiece()); |
| 27 for (auto it = range.first; it != range.second; ++it) | 52 for (auto it = range.first; it != range.second; ++it) |
| 28 matches->push_back(it->second); | 53 matches->push_back(it->second); |
| 29 } | 54 } |
| 30 | 55 |
| 31 bool TrustStore::IsTrustedCertificate(const ParsedCertificate* cert) const { | |
| 32 auto range = anchors_.equal_range(cert->normalized_subject().AsStringPiece()); | |
| 33 for (auto it = range.first; it != range.second; ++it) { | |
| 34 // First compare the ParsedCertificate pointers as an optimization. | |
| 35 if (it->second == cert || | |
| 36 // Trust check is based on Name+SPKI match. This could match the same | |
| 37 // certificate stored in a different ParsedCertificate object, or a | |
| 38 // different cert that has the same Name+SPKI. | |
| 39 (it->second->normalized_subject() == cert->normalized_subject() && | |
| 40 it->second->tbs().spki_tlv == cert->tbs().spki_tlv)) | |
| 41 return true; | |
| 42 } | |
| 43 return false; | |
| 44 } | |
| 45 | |
| 46 } // namespace net | 56 } // namespace net |
| OLD | NEW |
