net/tools/cert_verify_tool/verify_using_path_builder.cc - Issue 2327973002: Add CertErrors* parameter to the main Certificate parsing functions.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/tools/cert_verify_tool/verify_using_path_builder.cc

Issue 2327973002: Add CertErrors* parameter to the main Certificate parsing functions. (Closed)

Patch Set: StringPiece is kind of dangerous... Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/tools/cert_verify_tool/verify_using_path_builder.cc

diff --git a/net/tools/cert_verify_tool/verify_using_path_builder.cc b/net/tools/cert_verify_tool/verify_using_path_builder.cc

index 05e347b28e9d7eba109da39d219340e0c3df6c3e..206eb74b065f85b8f2c94504412b23d905b01d22 100644

--- a/net/tools/cert_verify_tool/verify_using_path_builder.cc

+++ b/net/tools/cert_verify_tool/verify_using_path_builder.cc

@@ -152,6 +152,21 @@ void PrintResultPath(const net::CertPathBuilder::ResultPath* result_path,

}

+scoped_refptr<net::ParsedCertificate> ParseCertificate(const CertInput& input) {

+ net::CertErrors errors;

+ scoped_refptr<net::ParsedCertificate> cert =

+ net::ParsedCertificate::Create(input.der_cert, {}, &errors);

+ if (!cert) {

+ PrintCertError("ERROR: ParsedCertificate failed:", input);

+ std::cout << errors.ToDebugString() << "\n";

+ }

+ // TODO(crbug.com/634443): Print errors if there are any on success too (i.e.

+ // warnings).

+ return cert;

} // namespace

// Verifies |target_der_cert| using CertPathBuilder.

@@ -170,12 +185,8 @@ bool VerifyUsingPathBuilder(

net::TrustStoreInMemory trust_store_in_memory;

trust_store.AddTrustStoreSynchronousOnly(&trust_store_in_memory);

for (const auto& der_cert : root_der_certs) {

- scoped_refptr<net::ParsedCertificate> cert =

- net::ParsedCertificate::CreateFromCertificateCopy(der_cert.der_cert,

- {});

- if (!cert)

- PrintCertError("ERROR: ParsedCertificate failed:", der_cert);

- else {

+ scoped_refptr<net::ParsedCertificate> cert = ParseCertificate(der_cert);

+ if (cert) {

trust_store_in_memory.AddTrustAnchor(

net::TrustAnchor::CreateFromCertificateNoConstraints(cert));

}

@@ -194,22 +205,15 @@ bool VerifyUsingPathBuilder(

net::CertIssuerSourceStatic intermediate_cert_issuer_source;

for (const auto& der_cert : intermediate_der_certs) {

- scoped_refptr<net::ParsedCertificate> cert =

- net::ParsedCertificate::CreateFromCertificateCopy(der_cert.der_cert,

- {});

- if (!cert)

- PrintCertError("ERROR: ParsedCertificate failed:", der_cert);

- else

+ scoped_refptr<net::ParsedCertificate> cert = ParseCertificate(der_cert);

+ if (cert)

intermediate_cert_issuer_source.AddCert(cert);

}

scoped_refptr<net::ParsedCertificate> target_cert =

- net::ParsedCertificate::CreateFromCertificateCopy(

- target_der_cert.der_cert, {});

- if (!target_cert) {

- PrintCertError("ERROR: ParsedCertificate failed:", target_der_cert);

+ ParseCertificate(target_der_cert);

+ if (!target_cert)

return false;

- }

// Verify the chain.

net::SimpleSignaturePolicy signature_policy(2048);

« no previous file with comments | « net/cert/x509_util_openssl.cc ('k') | no next file » | no next file with comments »