Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(66)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/trust_store_nss.cc

Issue 2327973002: Add CertErrors* parameter to the main Certificate parsing functions. (Closed)
Patch Set: StringPiece is kind of dangerous... Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/internal/test_helpers.cc ('k') | net/cert/internal/verify_certificate_chain_pkits_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/trust_store_nss.h" 5 #include "net/cert/internal/trust_store_nss.h"
6 6
7 #include <cert.h> 7 #include <cert.h>
8 #include <certdb.h> 8 #include <certdb.h>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
11 #include "base/callback_helpers.h" 11 #include "base/callback_helpers.h"
12 #include "base/memory/ptr_util.h" 12 #include "base/memory/ptr_util.h"
13 #include "base/memory/weak_ptr.h" 13 #include "base/memory/weak_ptr.h"
14 #include "base/task_runner.h" 14 #include "base/task_runner.h"
15 #include "crypto/nss_util.h" 15 #include "crypto/nss_util.h"
16 #include "net/cert/internal/cert_errors.h"
16 #include "net/cert/internal/parsed_certificate.h" 17 #include "net/cert/internal/parsed_certificate.h"
17 18
18 // TODO(mattm): structure so that supporting ChromeOS multi-profile stuff is 19 // TODO(mattm): structure so that supporting ChromeOS multi-profile stuff is
19 // doable (Have a TrustStoreChromeOS which uses net::NSSProfileFilterChromeOS, 20 // doable (Have a TrustStoreChromeOS which uses net::NSSProfileFilterChromeOS,
20 // similar to CertVerifyProcChromeOS.) 21 // similar to CertVerifyProcChromeOS.)
21 22
22 namespace net { 23 namespace net {
23 24
24 namespace { 25 namespace {
25 26
(...skipping 23 matching lines...) Expand all
49 !CERT_LIST_END(node, found_certs); node = CERT_LIST_NEXT(node)) { 50 !CERT_LIST_END(node, found_certs); node = CERT_LIST_NEXT(node)) {
50 CERTCertTrust trust; 51 CERTCertTrust trust;
51 if (CERT_GetCertTrust(node->cert, &trust) != SECSuccess) 52 if (CERT_GetCertTrust(node->cert, &trust) != SECSuccess)
52 continue; 53 continue;
53 54
54 // TODO(mattm): handle explicit distrust (blacklisting)? 55 // TODO(mattm): handle explicit distrust (blacklisting)?
55 const int ca_trust = CERTDB_TRUSTED_CA; 56 const int ca_trust = CERTDB_TRUSTED_CA;
56 if ((SEC_GET_TRUST_FLAGS(&trust, trust_type) & ca_trust) != ca_trust) 57 if ((SEC_GET_TRUST_FLAGS(&trust, trust_type) & ca_trust) != ca_trust)
57 continue; 58 continue;
58 59
59 scoped_refptr<ParsedCertificate> anchor_cert = 60 CertErrors errors;
60 ParsedCertificate::CreateFromCertificateData( 61 scoped_refptr<ParsedCertificate> anchor_cert = ParsedCertificate::Create(
61 node->cert->derCert.data, node->cert->derCert.len, 62 node->cert->derCert.data, node->cert->derCert.len, {}, &errors);
62 ParsedCertificate::DataSource::INTERNAL_COPY, {});
63 if (!anchor_cert) { 63 if (!anchor_cert) {
64 // TODO(mattm): return errors better. 64 // TODO(crbug.com/634443): return errors better.
65 LOG(ERROR) << "error parsing issuer certificate"; 65 LOG(ERROR) << "Error parsing issuer certificate:\n"
66 << errors.ToDebugString();
66 continue; 67 continue;
67 } 68 }
68 69
69 out_anchors->push_back(TrustAnchor::CreateFromCertificateNoConstraints( 70 out_anchors->push_back(TrustAnchor::CreateFromCertificateNoConstraints(
70 std::move(anchor_cert))); 71 std::move(anchor_cert)));
71 } 72 }
72 CERT_DestroyCertList(found_certs); 73 CERT_DestroyCertList(found_certs);
73 } 74 }
74 75
75 class GetAnchorsRequest : public TrustStore::Request { 76 class GetAnchorsRequest : public TrustStore::Request {
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
127 std::unique_ptr<Request>* out_req) const { 128 std::unique_ptr<Request>* out_req) const {
128 if (callback.is_null()) 129 if (callback.is_null())
129 return; 130 return;
130 131
131 auto req = base::MakeUnique<GetAnchorsRequest>(callback); 132 auto req = base::MakeUnique<GetAnchorsRequest>(callback);
132 req->Start(cert, trust_type_, nss_task_runner_.get()); 133 req->Start(cert, trust_type_, nss_task_runner_.get());
133 *out_req = std::move(req); 134 *out_req = std::move(req);
134 } 135 }
135 136
136 } // namespace net 137 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/internal/test_helpers.cc ('k') | net/cert/internal/verify_certificate_chain_pkits_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698