Chromium Code Reviews Chromium Code Reviews
Issue 2225493003:
Don't treat trust anchors as certificates during path building. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/cert/internal/trust_store.cc |
| diff --git a/net/cert/internal/trust_store.cc b/net/cert/internal/trust_store.cc |
| index d46933b14e4c33dbd905788beb3fde7f2c137c89..457eda7c97c96bf423fa572003b53d2fd3dc6fbd 100644 |
| --- a/net/cert/internal/trust_store.cc |
| +++ b/net/cert/internal/trust_store.cc |
| @@ -4,8 +4,34 @@ |
| #include "net/cert/internal/trust_store.h" |
| +#include "base/memory/ptr_util.h" |
| + |
| namespace net { |
| +scoped_refptr<TrustAnchor> TrustAnchor::CreateFromCertificateNoConstraints( |
| + scoped_refptr<ParsedCertificate> cert) { |
| + return scoped_refptr<TrustAnchor>(new TrustAnchor(std::move(cert))); |
| +} |
| + |
| +der::Input TrustAnchor::spki() const { |
| + return cert_->tbs().spki_tlv; |
| +} |
| + |
| +der::Input TrustAnchor::normalized_subject() const { |
| + return cert_->normalized_subject(); |
| +} |
| + |
| +const scoped_refptr<ParsedCertificate>& TrustAnchor::cert() const { |
| + return cert_; |
| +} |
| + |
| +TrustAnchor::TrustAnchor(scoped_refptr<ParsedCertificate> cert) |
| + : cert_(std::move(cert)) { |
| + DCHECK(cert.get()); |
|
mattm
2016/08/09 00:59:21
cert_
eroman
2016/08/09 01:37:20
Oops! Good spot.
I will make sure to test debug m
|
| +} |
| + |
| +TrustAnchor::~TrustAnchor() {} |
| + |
| TrustStore::TrustStore() {} |
| TrustStore::~TrustStore() {} |
| @@ -13,34 +39,18 @@ void TrustStore::Clear() { |
| anchors_.clear(); |
| } |
| -void TrustStore::AddTrustedCertificate( |
| - scoped_refptr<ParsedCertificate> anchor) { |
| - // TODO(mattm): should this check for duplicate certs? |
| +void TrustStore::AddTrustAnchor(scoped_refptr<TrustAnchor> anchor) { |
| + // TODO(mattm): should this check for duplicate anchors? |
| anchors_.insert(std::make_pair(anchor->normalized_subject().AsStringPiece(), |
| std::move(anchor))); |
| } |
| void TrustStore::FindTrustAnchorsByNormalizedName( |
| const der::Input& normalized_name, |
| - ParsedCertificateList* matches) const { |
| + TrustAnchors* matches) const { |
| auto range = anchors_.equal_range(normalized_name.AsStringPiece()); |
| for (auto it = range.first; it != range.second; ++it) |
| matches->push_back(it->second); |
| } |
| -bool TrustStore::IsTrustedCertificate(const ParsedCertificate* cert) const { |
| - auto range = anchors_.equal_range(cert->normalized_subject().AsStringPiece()); |
| - for (auto it = range.first; it != range.second; ++it) { |
| - // First compare the ParsedCertificate pointers as an optimization. |
| - if (it->second == cert || |
| - // Trust check is based on Name+SPKI match. This could match the same |
| - // certificate stored in a different ParsedCertificate object, or a |
| - // different cert that has the same Name+SPKI. |
| - (it->second->normalized_subject() == cert->normalized_subject() && |
| - it->second->tbs().spki_tlv == cert->tbs().spki_tlv)) |
| - return true; |
| - } |
| - return false; |
| -} |
| - |
| } // namespace net |
