Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(276)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/cert_issuer_source_nss.cc

Issue 2832703002: Allow the TrustStore interface to return matching intermediates, and identify distrusted certs. (Closed)
Patch Set: address comments Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« components/cast_certificate/cast_cert_validator_test_helpers.cc ('K') | « net/cert/internal/cert_issuer_source_nss.h ('k') | net/cert/internal/cert_issuer_source_nss_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/internal/cert_issuer_source_nss.h"
6
7 #include <cert.h>
8 #include <certdb.h>
9
10 #include "crypto/nss_util.h"
11 #include "net/cert/internal/cert_errors.h"
12 #include "net/cert/internal/parsed_certificate.h"
13 #include "net/cert/x509_util.h"
14
15 namespace net {
16
17 CertIssuerSourceNSS::CertIssuerSourceNSS() = default;
18 CertIssuerSourceNSS::~CertIssuerSourceNSS() = default;
19
20 void CertIssuerSourceNSS::SyncGetIssuersOf(const ParsedCertificate* cert,
21 ParsedCertificateList* issuers) {
22 crypto::EnsureNSSInit();
23
24 SECItem name;
25 // Use the original issuer value instead of the normalized version. NSS does a
26 // less extensive normalization in its Name comparisons, so our normalized
27 // version may not match the unnormalized version.
28 name.len = cert->tbs().issuer_tlv.Length();
29 name.data = const_cast<uint8_t*>(cert->tbs().issuer_tlv.UnsafeData());
30 // |validOnly| in CERT_CreateSubjectCertList controls whether to return only
31 // certs that are valid at |sorttime|. Including expired certs could lead to
32 // more useful error messages in the case where a valid path can't be found,
33 // so request all matches.
34 CERTCertList* found_certs = CERT_CreateSubjectCertList(
35 nullptr /* certList */, CERT_GetDefaultCertDB(), &name,
36 PR_Now() /* sorttime */, PR_FALSE /* validOnly */);
37 if (!found_certs)
38 return;
39
40 for (CERTCertListNode* node = CERT_LIST_HEAD(found_certs);
41 !CERT_LIST_END(node, found_certs); node = CERT_LIST_NEXT(node)) {
42 CertErrors errors;
43 scoped_refptr<ParsedCertificate> issuer_cert = ParsedCertificate::Create(
44 x509_util::CreateCryptoBuffer(node->cert->derCert.data,
45 node->cert->derCert.len),
46 {}, &errors);
47 if (!issuer_cert) {
48 // TODO(crbug.com/634443): return errors better.
49 LOG(ERROR) << "Error parsing issuer certificate:\n"
50 << errors.ToDebugString();
51 continue;
52 }
53
54 issuers->push_back(std::move(issuer_cert));
55 }
56 CERT_DestroyCertList(found_certs);
57 }
58
59 void CertIssuerSourceNSS::AsyncGetIssuersOf(const ParsedCertificate* cert,
60 std::unique_ptr<Request>* out_req) {
61 // CertIssuerSourceNSS never returns asynchronous results.
62 out_req->reset();
63 }
64
65 } // namespace net
OLDNEW
« components/cast_certificate/cast_cert_validator_test_helpers.cc ('K') | « net/cert/internal/cert_issuer_source_nss.h ('k') | net/cert/internal/cert_issuer_source_nss_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698