net/cert/internal/trust_store.cc - Issue 2225493003: Don't treat trust anchors as certificates during path building.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/internal/trust_store.cc

Issue 2225493003: Don't treat trust anchors as certificates during path building. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: address moar feedback Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/internal/trust_store.cc

diff --git a/net/cert/internal/trust_store.cc b/net/cert/internal/trust_store.cc

index d46933b14e4c33dbd905788beb3fde7f2c137c89..65cb840b692b608dd02b0d2135a08567b7320b0c 100644

--- a/net/cert/internal/trust_store.cc

+++ b/net/cert/internal/trust_store.cc

@@ -4,8 +4,34 @@

#include "net/cert/internal/trust_store.h"

+#include "base/memory/ptr_util.h"

namespace net {

+scoped_refptr<TrustAnchor> TrustAnchor::CreateFromCertificateNoConstraints(

+ scoped_refptr<ParsedCertificate> cert) {

+ return scoped_refptr<TrustAnchor>(new TrustAnchor(std::move(cert)));

+der::Input TrustAnchor::spki() const {

+ return cert_->tbs().spki_tlv;

+der::Input TrustAnchor::normalized_subject() const {

+ return cert_->normalized_subject();

+const scoped_refptr<ParsedCertificate>& TrustAnchor::cert() const {

+ return cert_;

+TrustAnchor::TrustAnchor(scoped_refptr<ParsedCertificate> cert)

+ : cert_(std::move(cert)) {

+ DCHECK(cert_);

+TrustAnchor::~TrustAnchor() {}

TrustStore::TrustStore() {}

TrustStore::~TrustStore() {}

@@ -13,34 +39,18 @@ void TrustStore::Clear() {

anchors_.clear();

}

-void TrustStore::AddTrustedCertificate(

- scoped_refptr<ParsedCertificate> anchor) {

- // TODO(mattm): should this check for duplicate certs?

+void TrustStore::AddTrustAnchor(scoped_refptr<TrustAnchor> anchor) {

+ // TODO(mattm): should this check for duplicate anchors?

anchors_.insert(std::make_pair(anchor->normalized_subject().AsStringPiece(),

std::move(anchor)));

}

void TrustStore::FindTrustAnchorsByNormalizedName(

const der::Input& normalized_name,

- ParsedCertificateList* matches) const {

+ TrustAnchors* matches) const {

auto range = anchors_.equal_range(normalized_name.AsStringPiece());

for (auto it = range.first; it != range.second; ++it)

matches->push_back(it->second);

}

-bool TrustStore::IsTrustedCertificate(const ParsedCertificate* cert) const {

- auto range = anchors_.equal_range(cert->normalized_subject().AsStringPiece());

- for (auto it = range.first; it != range.second; ++it) {

- // First compare the ParsedCertificate pointers as an optimization.

- if (it->second == cert ||

- // Trust check is based on Name+SPKI match. This could match the same

- // certificate stored in a different ParsedCertificate object, or a

- // different cert that has the same Name+SPKI.

- (it->second->normalized_subject() == cert->normalized_subject() &&

- it->second->tbs().spki_tlv == cert->tbs().spki_tlv))

- return true;

- }

- return false;

} // namespace net

« no previous file with comments | « net/cert/internal/trust_store.h ('k') | net/cert/internal/verify_certificate_chain.h » ('j') | no next file with comments »