Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(143)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_nss.cc

Issue 2833623002: Extract IsKnownRoot() functionality for testing if a certificate is a (Closed)
Patch Set: remove another unused header Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/cert_verify_proc_mac.cc ('k') | net/cert/cert_verify_proc_win.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc_nss.h" 5 #include "net/cert/cert_verify_proc_nss.h"
6 6
7 #include <cert.h> 7 #include <cert.h>
8 #include <nss.h> 8 #include <nss.h>
9 #include <prerror.h> 9 #include <prerror.h>
10 #include <secerr.h> 10 #include <secerr.h>
(...skipping 11 matching lines...) Expand all
22 #include "crypto/nss_util.h" 22 #include "crypto/nss_util.h"
23 #include "crypto/scoped_nss_types.h" 23 #include "crypto/scoped_nss_types.h"
24 #include "crypto/sha2.h" 24 #include "crypto/sha2.h"
25 #include "net/base/net_errors.h" 25 #include "net/base/net_errors.h"
26 #include "net/cert/asn1_util.h" 26 #include "net/cert/asn1_util.h"
27 #include "net/cert/cert_status_flags.h" 27 #include "net/cert/cert_status_flags.h"
28 #include "net/cert/cert_verifier.h" 28 #include "net/cert/cert_verifier.h"
29 #include "net/cert/cert_verify_result.h" 29 #include "net/cert/cert_verify_result.h"
30 #include "net/cert/crl_set.h" 30 #include "net/cert/crl_set.h"
31 #include "net/cert/ev_root_ca_metadata.h" 31 #include "net/cert/ev_root_ca_metadata.h"
32 #include "net/cert/known_roots_nss.h"
32 #include "net/cert/x509_certificate.h" 33 #include "net/cert/x509_certificate.h"
33 #include "net/cert/x509_util_nss.h" 34 #include "net/cert/x509_util_nss.h"
34 35
35 #include <dlfcn.h> 36 #include <dlfcn.h>
36 37
37 namespace net { 38 namespace net {
38 39
39 namespace { 40 namespace {
40 41
41 typedef std::unique_ptr< 42 typedef std::unique_ptr<
(...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after
197 verified_chain.push_back(root_cert); 198 verified_chain.push_back(root_cert);
198 199
199 scoped_refptr<X509Certificate> verified_cert_with_chain = 200 scoped_refptr<X509Certificate> verified_cert_with_chain =
200 X509Certificate::CreateFromHandle(verified_cert, verified_chain); 201 X509Certificate::CreateFromHandle(verified_cert, verified_chain);
201 if (verified_cert_with_chain) 202 if (verified_cert_with_chain)
202 verify_result->verified_cert = std::move(verified_cert_with_chain); 203 verify_result->verified_cert = std::move(verified_cert_with_chain);
203 else 204 else
204 verify_result->cert_status |= CERT_STATUS_INVALID; 205 verify_result->cert_status |= CERT_STATUS_INVALID;
205 } 206 }
206 207
207 // IsKnownRoot returns true if the given certificate is one that we believe
208 // is a standard (as opposed to user-installed) root.
209 bool IsKnownRoot(CERTCertificate* root) {
210 if (!root || !root->slot)
211 return false;
212
213 // This magic name is taken from
214 // http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ckfw/b uiltins/constants.c&rev=1.13&mark=86,89#79
215 return 0 == strcmp(PK11_GetSlotName(root->slot),
216 "NSS Builtin Objects");
217 }
218
219 // Returns true if the given certificate is one of the additional trust anchors. 208 // Returns true if the given certificate is one of the additional trust anchors.
220 bool IsAdditionalTrustAnchor(CERTCertList* additional_trust_anchors, 209 bool IsAdditionalTrustAnchor(CERTCertList* additional_trust_anchors,
221 CERTCertificate* root) { 210 CERTCertificate* root) {
222 if (!additional_trust_anchors || !root) 211 if (!additional_trust_anchors || !root)
223 return false; 212 return false;
224 for (CERTCertListNode* node = CERT_LIST_HEAD(additional_trust_anchors); 213 for (CERTCertListNode* node = CERT_LIST_HEAD(additional_trust_anchors);
225 !CERT_LIST_END(node, additional_trust_anchors); 214 !CERT_LIST_END(node, additional_trust_anchors);
226 node = CERT_LIST_NEXT(node)) { 215 node = CERT_LIST_NEXT(node)) {
227 if (CERT_CompareCerts(node->cert, root)) 216 if (CERT_CompareCerts(node->cert, root))
228 return true; 217 return true;
(...skipping 735 matching lines...) Expand 10 before | Expand all | Expand 10 after
964 CRLSet* crl_set, 953 CRLSet* crl_set,
965 const CertificateList& additional_trust_anchors, 954 const CertificateList& additional_trust_anchors,
966 CertVerifyResult* verify_result) { 955 CertVerifyResult* verify_result) {
967 return VerifyInternalImpl(cert, hostname, ocsp_response, flags, crl_set, 956 return VerifyInternalImpl(cert, hostname, ocsp_response, flags, crl_set,
968 additional_trust_anchors, 957 additional_trust_anchors,
969 NULL, // chain_verify_callback 958 NULL, // chain_verify_callback
970 verify_result); 959 verify_result);
971 } 960 }
972 961
973 } // namespace net 962 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/cert_verify_proc_mac.cc ('k') | net/cert/cert_verify_proc_win.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698