| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/tools/cert_verify_tool/verify_using_path_builder.h" | 5 #include "net/tools/cert_verify_tool/verify_using_path_builder.h" |
| 6 | 6 |
| 7 #include <iostream> | 7 #include <iostream> |
| 8 | 8 |
| 9 #include "base/memory/ptr_util.h" | 9 #include "base/memory/ptr_util.h" |
| 10 #include "base/strings/string_number_conversions.h" | 10 #include "base/strings/string_number_conversions.h" |
| (...skipping 226 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 237 return false; | 237 return false; |
| 238 | 238 |
| 239 // Verify the chain. | 239 // Verify the chain. |
| 240 net::SimpleSignaturePolicy signature_policy(2048); | 240 net::SimpleSignaturePolicy signature_policy(2048); |
| 241 net::CertPathBuilder::Result result; | 241 net::CertPathBuilder::Result result; |
| 242 net::CertPathBuilder path_builder( | 242 net::CertPathBuilder path_builder( |
| 243 target_cert, ssl_trust_store->GetTrustStore(), &signature_policy, time, | 243 target_cert, ssl_trust_store->GetTrustStore(), &signature_policy, time, |
| 244 net::KeyPurpose::SERVER_AUTH, &result); | 244 net::KeyPurpose::SERVER_AUTH, &result); |
| 245 path_builder.AddCertIssuerSource(&intermediate_cert_issuer_source); | 245 path_builder.AddCertIssuerSource(&intermediate_cert_issuer_source); |
| 246 | 246 |
| 247 if (ssl_trust_store->GetCertIssuerSource()) | |
| 248 path_builder.AddCertIssuerSource(ssl_trust_store->GetCertIssuerSource()); | |
| 249 | |
| 250 // Create a network thread to be used for AIA fetches, and wait for a | 247 // Create a network thread to be used for AIA fetches, and wait for a |
| 251 // CertNetFetcher to be constructed on that thread. | 248 // CertNetFetcher to be constructed on that thread. |
| 252 base::Thread::Options options(base::MessageLoop::TYPE_IO, 0); | 249 base::Thread::Options options(base::MessageLoop::TYPE_IO, 0); |
| 253 base::Thread thread("network_thread"); | 250 base::Thread thread("network_thread"); |
| 254 CHECK(thread.StartWithOptions(options)); | 251 CHECK(thread.StartWithOptions(options)); |
| 255 // Owned by this thread, but initialized, used, and shutdown on the network | 252 // Owned by this thread, but initialized, used, and shutdown on the network |
| 256 // thread. | 253 // thread. |
| 257 std::unique_ptr<net::URLRequestContext> context; | 254 std::unique_ptr<net::URLRequestContext> context; |
| 258 scoped_refptr<net::CertNetFetcher> cert_net_fetcher; | 255 scoped_refptr<net::CertNetFetcher> cert_net_fetcher; |
| 259 base::WaitableEvent initialization_complete_event( | 256 base::WaitableEvent initialization_complete_event( |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 294 if (!DumpParsedCertificateChain( | 291 if (!DumpParsedCertificateChain( |
| 295 dump_prefix_path.AddExtension( | 292 dump_prefix_path.AddExtension( |
| 296 FILE_PATH_LITERAL(".CertPathBuilder.pem")), | 293 FILE_PATH_LITERAL(".CertPathBuilder.pem")), |
| 297 result.paths[result.best_result_index]->path)) { | 294 result.paths[result.best_result_index]->path)) { |
| 298 return false; | 295 return false; |
| 299 } | 296 } |
| 300 } | 297 } |
| 301 | 298 |
| 302 return result.HasValidPath(); | 299 return result.HasValidPath(); |
| 303 } | 300 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2832703002:
Allow the TrustStore interface to return matching intermediates, and identify distrusted certs. (Closed)
