| Index: net/cert/internal/trust_store_collection.cc
|
| diff --git a/net/cert/internal/trust_store_collection.cc b/net/cert/internal/trust_store_collection.cc
|
| index 7e004ae1b726b195f7b0012cfba7ccf25c197dc6..b9a72e520cc43869c050affefb2f76ad6900391a 100644
|
| --- a/net/cert/internal/trust_store_collection.cc
|
| +++ b/net/cert/internal/trust_store_collection.cc
|
| @@ -14,12 +14,34 @@ void TrustStoreCollection::AddTrustStore(TrustStore* store) {
|
| stores_.push_back(store);
|
| }
|
|
|
| -void TrustStoreCollection::FindTrustAnchorsForCert(
|
| +void TrustStoreCollection::SyncGetIssuersOf(const ParsedCertificate* cert,
|
| + ParsedCertificateList* issuers) {
|
| + for (auto* store : stores_) {
|
| + store->SyncGetIssuersOf(cert, issuers);
|
| + }
|
| +}
|
| +
|
| +void TrustStoreCollection::GetTrust(
|
| const scoped_refptr<ParsedCertificate>& cert,
|
| - TrustAnchors* matches) const {
|
| + CertificateTrust* out_trust) const {
|
| + // The current aggregate result.
|
| + CertificateTrust result = CertificateTrust::ForUnspecified();
|
| +
|
| for (auto* store : stores_) {
|
| - store->FindTrustAnchorsForCert(cert, matches);
|
| + CertificateTrust cur_trust;
|
| + store->GetTrust(cert, &cur_trust);
|
| +
|
| + // * If any stores distrust the certificate, consider it untrusted.
|
| + // * If multiple stores consider it trusted, use the trust result from the
|
| + // last one
|
| + if (!cur_trust.HasUnspecifiedTrust()) {
|
| + result = cur_trust;
|
| + if (result.IsDistrusted())
|
| + break;
|
| + }
|
| }
|
| +
|
| + *out_trust = result;
|
| }
|
|
|
| } // namespace net
|
|
|
Chromium Code Reviews
Issue 2832703002:
Allow the TrustStore interface to return matching intermediates, and identify distrusted certs. (Closed)
