| Index: net/cert/internal/trust_store_in_memory.cc
|
| diff --git a/net/cert/internal/trust_store_in_memory.cc b/net/cert/internal/trust_store_in_memory.cc
|
| index a3e9e3eea07497f7f49da3e881a6659f2f9efc43..34f53b573df3bf1561a5bc36b11301bc65f5b780 100644
|
| --- a/net/cert/internal/trust_store_in_memory.cc
|
| +++ b/net/cert/internal/trust_store_in_memory.cc
|
| @@ -10,29 +10,66 @@ TrustStoreInMemory::TrustStoreInMemory() = default;
|
| TrustStoreInMemory::~TrustStoreInMemory() = default;
|
|
|
| void TrustStoreInMemory::Clear() {
|
| - anchors_.clear();
|
| + entries_.clear();
|
| }
|
|
|
| -void TrustStoreInMemory::AddTrustAnchor(scoped_refptr<TrustAnchor> anchor) {
|
| - // TODO(mattm): should this check for duplicate anchors?
|
| - anchors_.insert(std::make_pair(anchor->normalized_subject().AsStringPiece(),
|
| - std::move(anchor)));
|
| +void TrustStoreInMemory::AddTrustAnchor(scoped_refptr<ParsedCertificate> cert) {
|
| + AddCertificate(std::move(cert), CertificateTrust::ForTrustAnchor());
|
| }
|
|
|
| -void TrustStoreInMemory::FindTrustAnchorsForCert(
|
| - const scoped_refptr<ParsedCertificate>& cert,
|
| - TrustAnchors* matches) const {
|
| - auto range = anchors_.equal_range(cert->normalized_issuer().AsStringPiece());
|
| +void TrustStoreInMemory::AddTrustAnchorWithConstraints(
|
| + scoped_refptr<ParsedCertificate> cert) {
|
| + AddCertificate(std::move(cert),
|
| + CertificateTrust::ForTrustAnchorEnforcingConstraints());
|
| +}
|
| +
|
| +void TrustStoreInMemory::AddDistrustedCertificateForTest(
|
| + scoped_refptr<ParsedCertificate> cert) {
|
| + AddCertificate(std::move(cert), CertificateTrust::ForDistrusted());
|
| +}
|
| +
|
| +void TrustStoreInMemory::SyncGetIssuersOf(const ParsedCertificate* cert,
|
| + ParsedCertificateList* issuers) {
|
| + auto range = entries_.equal_range(cert->normalized_issuer().AsStringPiece());
|
| for (auto it = range.first; it != range.second; ++it)
|
| - matches->push_back(it->second);
|
| + issuers->push_back(it->second.cert);
|
| }
|
|
|
| -bool TrustStoreInMemory::Contains(const TrustAnchor* anchor) const {
|
| - for (const auto& it : anchors_) {
|
| - if (anchor == it.second.get())
|
| +void TrustStoreInMemory::GetTrust(const scoped_refptr<ParsedCertificate>& cert,
|
| + CertificateTrust* trust) const {
|
| + auto range = entries_.equal_range(cert->normalized_subject().AsStringPiece());
|
| + for (auto it = range.first; it != range.second; ++it) {
|
| + if (cert.get() == it->second.cert.get() ||
|
| + cert->der_cert() == it->second.cert->der_cert()) {
|
| + *trust = it->second.trust;
|
| + // NOTE: ambiguity when there are duplicate entries.
|
| + return;
|
| + }
|
| + }
|
| + *trust = CertificateTrust::ForUnspecified();
|
| +}
|
| +
|
| +bool TrustStoreInMemory::Contains(const ParsedCertificate* cert) const {
|
| + for (const auto& it : entries_) {
|
| + if (cert->der_cert() == it.second.cert->der_cert())
|
| return true;
|
| }
|
| return false;
|
| }
|
|
|
| +TrustStoreInMemory::Entry::Entry() = default;
|
| +TrustStoreInMemory::Entry::Entry(const Entry& other) = default;
|
| +TrustStoreInMemory::Entry::~Entry() = default;
|
| +
|
| +void TrustStoreInMemory::AddCertificate(scoped_refptr<ParsedCertificate> cert,
|
| + const CertificateTrust& trust) {
|
| + Entry entry;
|
| + entry.cert = std::move(cert);
|
| + entry.trust = trust;
|
| +
|
| + // TODO(mattm): should this check for duplicate certificates?
|
| + entries_.insert(
|
| + std::make_pair(entry.cert->normalized_subject().AsStringPiece(), entry));
|
| +}
|
| +
|
| } // namespace net
|
|
|
Chromium Code Reviews
Issue 2832703002:
Allow the TrustStore interface to return matching intermediates, and identify distrusted certs. (Closed)
