Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(195)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/tools/cert_verify_tool/verify_using_path_builder.cc

Issue 2585963003: PKI library Mac trust store integration (Closed)
Patch Set: review changes & cleanups Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/internal/trust_store_mac_unittest.cc ('K') | « net/data/ssl/scripts/generate-multi-root-keychain.sh ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/tools/cert_verify_tool/verify_using_path_builder.h" 5 #include "net/tools/cert_verify_tool/verify_using_path_builder.h"
6 6
7 #include <iostream> 7 #include <iostream>
8 8
9 #include "base/memory/ptr_util.h" 9 #include "base/memory/ptr_util.h"
10 #include "base/strings/string_number_conversions.h" 10 #include "base/strings/string_number_conversions.h"
(...skipping 20 matching lines...) Expand all
31 #include "base/threading/thread_task_runner_handle.h" 31 #include "base/threading/thread_task_runner_handle.h"
32 #include "net/cert/internal/cert_issuer_source_nss.h" 32 #include "net/cert/internal/cert_issuer_source_nss.h"
33 #include "net/cert/internal/trust_store_nss.h" 33 #include "net/cert/internal/trust_store_nss.h"
34 #endif 34 #endif
35 35
36 #if defined(OS_LINUX) 36 #if defined(OS_LINUX)
37 #include "net/proxy/proxy_config.h" 37 #include "net/proxy/proxy_config.h"
38 #include "net/proxy/proxy_config_service_fixed.h" 38 #include "net/proxy/proxy_config_service_fixed.h"
39 #endif 39 #endif
40 40
41 #if defined(OS_MACOSX) && !defined(OS_IOS)
42 #include <Security/Security.h>
43 #include "net/cert/internal/trust_store_mac.h"
44 #endif
45
41 namespace { 46 namespace {
42 47
43 std::string GetUserAgent() { 48 std::string GetUserAgent() {
44 return "cert_verify_tool/0.1"; 49 return "cert_verify_tool/0.1";
45 } 50 }
46 51
47 // Converts a base::Time::Exploded to a net::der::GeneralizedTime. 52 // Converts a base::Time::Exploded to a net::der::GeneralizedTime.
48 // TODO(mattm): This function exists in cast_cert_validator.cc also. Dedupe it? 53 // TODO(mattm): This function exists in cast_cert_validator.cc also. Dedupe it?
49 net::der::GeneralizedTime ConvertExplodedTime( 54 net::der::GeneralizedTime ConvertExplodedTime(
50 const base::Time::Exploded& exploded) { 55 const base::Time::Exploded& exploded) {
(...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after
221 scoped_refptr<net::ParsedCertificate> cert = ParseCertificate(der_cert); 226 scoped_refptr<net::ParsedCertificate> cert = ParseCertificate(der_cert);
222 if (cert) { 227 if (cert) {
223 trust_store_in_memory.AddTrustAnchor( 228 trust_store_in_memory.AddTrustAnchor(
224 net::TrustAnchor::CreateFromCertificateNoConstraints(cert)); 229 net::TrustAnchor::CreateFromCertificateNoConstraints(cert));
225 } 230 }
226 } 231 }
227 232
228 #if defined(USE_NSS_CERTS) 233 #if defined(USE_NSS_CERTS)
229 net::TrustStoreNSS trust_store_nss(trustSSL); 234 net::TrustStoreNSS trust_store_nss(trustSSL);
230 trust_store.AddTrustStore(&trust_store_nss); 235 trust_store.AddTrustStore(&trust_store_nss);
236 #elif defined(OS_MACOSX) && !defined(OS_IOS)
237 net::TrustStoreMac trust_store_mac(kSecPolicyAppleSSL);
238 trust_store.AddTrustStore(&trust_store_mac);
231 #else 239 #else
232 if (root_der_certs.empty()) { 240 if (root_der_certs.empty()) {
233 std::cerr << "NOTE: CertPathBuilder does not currently use OS trust " 241 std::cerr << "NOTE: CertPathBuilder does not currently use OS trust "
234 "settings (--roots must be specified).\n"; 242 "settings (--roots must be specified).\n";
235 } 243 }
236 #endif 244 #endif
237 245
238 net::CertIssuerSourceStatic intermediate_cert_issuer_source; 246 net::CertIssuerSourceStatic intermediate_cert_issuer_source;
239 for (const auto& der_cert : intermediate_der_certs) { 247 for (const auto& der_cert : intermediate_der_certs) {
240 scoped_refptr<net::ParsedCertificate> cert = ParseCertificate(der_cert); 248 scoped_refptr<net::ParsedCertificate> cert = ParseCertificate(der_cert);
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after
305 if (!DumpParsedCertificateChain( 313 if (!DumpParsedCertificateChain(
306 dump_prefix_path.AddExtension( 314 dump_prefix_path.AddExtension(
307 FILE_PATH_LITERAL(".CertPathBuilder.pem")), 315 FILE_PATH_LITERAL(".CertPathBuilder.pem")),
308 result.paths[result.best_result_index]->path)) { 316 result.paths[result.best_result_index]->path)) {
309 return false; 317 return false;
310 } 318 }
311 } 319 }
312 320
313 return result.HasValidPath(); 321 return result.HasValidPath();
314 } 322 }
OLDNEW
« net/cert/internal/trust_store_mac_unittest.cc ('K') | « net/data/ssl/scripts/generate-multi-root-keychain.sh ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698