Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(599)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/tools/cert_verify_tool/verify_using_path_builder.cc

Issue 2585963003: PKI library Mac trust store integration (Closed)
Patch Set: updates for rebase & cl format Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/data/ssl/scripts/generate-multi-root-keychain.sh ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/tools/cert_verify_tool/verify_using_path_builder.h" 5 #include "net/tools/cert_verify_tool/verify_using_path_builder.h"
6 6
7 #include <iostream> 7 #include <iostream>
8 8
9 #include "base/memory/ptr_util.h" 9 #include "base/memory/ptr_util.h"
10 #include "base/strings/string_number_conversions.h" 10 #include "base/strings/string_number_conversions.h"
(...skipping 21 matching lines...) Expand all
32 #include "base/threading/thread_task_runner_handle.h" 32 #include "base/threading/thread_task_runner_handle.h"
33 #include "net/cert/internal/cert_issuer_source_nss.h" 33 #include "net/cert/internal/cert_issuer_source_nss.h"
34 #include "net/cert/internal/trust_store_nss.h" 34 #include "net/cert/internal/trust_store_nss.h"
35 #endif 35 #endif
36 36
37 #if defined(OS_LINUX) 37 #if defined(OS_LINUX)
38 #include "net/proxy/proxy_config.h" 38 #include "net/proxy/proxy_config.h"
39 #include "net/proxy/proxy_config_service_fixed.h" 39 #include "net/proxy/proxy_config_service_fixed.h"
40 #endif 40 #endif
41 41
42 #if defined(OS_MACOSX) && !defined(OS_IOS)
43 #include <Security/Security.h>
44 #include "net/cert/internal/trust_store_mac.h"
45 #endif
46
42 namespace { 47 namespace {
43 48
44 std::string GetUserAgent() { 49 std::string GetUserAgent() {
45 return "cert_verify_tool/0.1"; 50 return "cert_verify_tool/0.1";
46 } 51 }
47 52
48 // Converts a base::Time::Exploded to a net::der::GeneralizedTime. 53 // Converts a base::Time::Exploded to a net::der::GeneralizedTime.
49 // TODO(mattm): This function exists in cast_cert_validator.cc also. Dedupe it? 54 // TODO(mattm): This function exists in cast_cert_validator.cc also. Dedupe it?
50 net::der::GeneralizedTime ConvertExplodedTime( 55 net::der::GeneralizedTime ConvertExplodedTime(
51 const base::Time::Exploded& exploded) { 56 const base::Time::Exploded& exploded) {
(...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after
222 scoped_refptr<net::ParsedCertificate> cert = ParseCertificate(der_cert); 227 scoped_refptr<net::ParsedCertificate> cert = ParseCertificate(der_cert);
223 if (cert) { 228 if (cert) {
224 trust_store_in_memory.AddTrustAnchor( 229 trust_store_in_memory.AddTrustAnchor(
225 net::TrustAnchor::CreateFromCertificateNoConstraints(cert)); 230 net::TrustAnchor::CreateFromCertificateNoConstraints(cert));
226 } 231 }
227 } 232 }
228 233
229 #if defined(USE_NSS_CERTS) 234 #if defined(USE_NSS_CERTS)
230 net::TrustStoreNSS trust_store_nss(trustSSL); 235 net::TrustStoreNSS trust_store_nss(trustSSL);
231 trust_store.AddTrustStore(&trust_store_nss); 236 trust_store.AddTrustStore(&trust_store_nss);
237 #elif defined(OS_MACOSX) && !defined(OS_IOS)
238 net::TrustStoreMac trust_store_mac(kSecPolicyAppleSSL);
239 trust_store.AddTrustStore(&trust_store_mac);
232 #else 240 #else
233 if (root_der_certs.empty()) { 241 if (root_der_certs.empty()) {
234 std::cerr << "NOTE: CertPathBuilder does not currently use OS trust " 242 std::cerr << "NOTE: CertPathBuilder does not currently use OS trust "
235 "settings (--roots must be specified).\n"; 243 "settings (--roots must be specified).\n";
236 } 244 }
237 #endif 245 #endif
238 246
239 net::CertIssuerSourceStatic intermediate_cert_issuer_source; 247 net::CertIssuerSourceStatic intermediate_cert_issuer_source;
240 for (const auto& der_cert : intermediate_der_certs) { 248 for (const auto& der_cert : intermediate_der_certs) {
241 scoped_refptr<net::ParsedCertificate> cert = ParseCertificate(der_cert); 249 scoped_refptr<net::ParsedCertificate> cert = ParseCertificate(der_cert);
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after
306 if (!DumpParsedCertificateChain( 314 if (!DumpParsedCertificateChain(
307 dump_prefix_path.AddExtension( 315 dump_prefix_path.AddExtension(
308 FILE_PATH_LITERAL(".CertPathBuilder.pem")), 316 FILE_PATH_LITERAL(".CertPathBuilder.pem")),
309 result.paths[result.best_result_index]->path)) { 317 result.paths[result.best_result_index]->path)) {
310 return false; 318 return false;
311 } 319 }
312 } 320 }
313 321
314 return result.HasValidPath(); 322 return result.HasValidPath();
315 } 323 }
OLDNEW
« no previous file with comments | « net/data/ssl/scripts/generate-multi-root-keychain.sh ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698