Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(403)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/internal/system_trust_store.h

Issue 2832703002: Allow the TrustStore interface to return matching intermediates, and identify distrusted certs. (Closed)
Patch Set: address comments Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« components/cast_certificate/cast_cert_validator_test_helpers.cc ('K') | « net/cert/internal/path_builder_verify_certificate_chain_unittest.cc ('k') | net/cert/internal/system_trust_store.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/internal/system_trust_store.h
diff --git a/net/cert/internal/system_trust_store.h b/net/cert/internal/system_trust_store.h
index 2783ce2a710f9e4e37173f2c048551bce5e7c94d..e13f2b87440852c25615c06365954a070f61792e 100644
--- a/net/cert/internal/system_trust_store.h
+++ b/net/cert/internal/system_trust_store.h
@@ -14,8 +14,6 @@
namespace net {
class TrustStore;
-class CertIssuerSource;
-class TrustAnchor;
// The SystemTrustStore interface is used to encapsulate a TrustStore for the
// current platform, with some extra bells and whistles.
@@ -46,34 +44,18 @@ class SystemTrustStore {
// trust anchors (via AddTrustAnchor()).
virtual bool UsesSystemTrustStore() const = 0;
- // TODO(eroman): Expose this through the TrustStore interface instead?
- //
- // Returns a CertIssuerSource that finds any intermediates that are present in
- // the system trust store. These intermediates are not necessarily trusted,
- // however may be used during path building as another means of finding
- // certificates. If the implementation of SystemTrustStore doesn't support
- // this feature may return nullptr.
- virtual CertIssuerSource* GetCertIssuerSource() = 0;
-
- // IsKnownRoot() returns true if the given trust anchor originated from the
+ // IsKnownRoot() returns true if the given certificate originated from the
// system trust store and is a "standard" one. The meaning of "standard" is
// that it is one of default trust anchors for the system, as opposed to a
- // user-installed one. IsKnownRoot() is only guaranteed to work for
- // TrustAnchors returned by GetTrustStore().
- virtual bool IsKnownRoot(
- const scoped_refptr<TrustAnchor>& trust_anchor) const = 0;
+ // user-installed one.
+ virtual bool IsKnownRoot(const ParsedCertificate* cert) const = 0;
- // Adds a trust anchor to this particular instance of SystemTrustStore, and
- // not globally for the system.
- virtual void AddTrustAnchor(
- const scoped_refptr<TrustAnchor>& trust_anchor) = 0;
+ // Adds a trust anchor to this particular instance of SystemTrustStore,
+ // and not globally for the system.
+ virtual void AddTrustAnchor(const scoped_refptr<ParsedCertificate>& cert) = 0;
- // Returns true if |trust_anchor| was one added via |AddTrustAnchor()|. This
- // is only guaranteed to work if |trust_anchor| was one returned by
- // GetTrustStore(), as it may be implemented by pointer comparison rather than
- // SPKI comparison.
- virtual bool IsAdditionalTrustAnchor(
- const scoped_refptr<TrustAnchor>& trust_anchor) const = 0;
+ // Returns true if |trust_anchor| was one added via |AddTrustAnchor()|.
+ virtual bool IsAdditionalTrustAnchor(const ParsedCertificate* cert) const = 0;
};
// Creates an instance of SystemTrustStore that wraps the current platform's SSL
« components/cast_certificate/cast_cert_validator_test_helpers.cc ('K') | « net/cert/internal/path_builder_verify_certificate_chain_unittest.cc ('k') | net/cert/internal/system_trust_store.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698