| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/verify_certificate_chain.h" | 5 #include "net/cert/internal/verify_certificate_chain.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/memory/ptr_util.h" | 10 #include "base/memory/ptr_util.h" |
| (...skipping 501 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 512 *working_spki = cert.tbs().spki_tlv; | 512 *working_spki = cert.tbs().spki_tlv; |
| 513 *working_normalized_issuer_name = cert.normalized_subject(); | 513 *working_normalized_issuer_name = cert.normalized_subject(); |
| 514 | 514 |
| 515 switch (trust.type) { | 515 switch (trust.type) { |
| 516 case CertificateTrustType::UNSPECIFIED: | 516 case CertificateTrustType::UNSPECIFIED: |
| 517 // Doesn't chain to a trust anchor - implicitly distrusted | 517 // Doesn't chain to a trust anchor - implicitly distrusted |
| 518 errors->AddError(kCertIsNotTrustAnchor); | 518 errors->AddError(kCertIsNotTrustAnchor); |
| 519 break; | 519 break; |
| 520 case CertificateTrustType::DISTRUSTED: | 520 case CertificateTrustType::DISTRUSTED: |
| 521 // Chains to an actively distrusted certificate. | 521 // Chains to an actively distrusted certificate. |
| 522 // | |
| 523 // TODO(eroman): There are not currently any verification or path building | |
| 524 // tests for the distrusted case. | |
| 525 errors->AddError(kCertIsDistrusted); | 522 errors->AddError(kCertIsDistrusted); |
| 526 break; | 523 break; |
| 527 case CertificateTrustType::TRUSTED_ANCHOR: | 524 case CertificateTrustType::TRUSTED_ANCHOR: |
| 528 case CertificateTrustType::TRUSTED_ANCHOR_WITH_CONSTRAINTS: | 525 case CertificateTrustType::TRUSTED_ANCHOR_WITH_CONSTRAINTS: |
| 529 // If the trust anchor has constraints, enforce them. | 526 // If the trust anchor has constraints, enforce them. |
| 530 if (trust.type == CertificateTrustType::TRUSTED_ANCHOR_WITH_CONSTRAINTS) { | 527 if (trust.type == CertificateTrustType::TRUSTED_ANCHOR_WITH_CONSTRAINTS) { |
| 531 ApplyTrustAnchorConstraints(cert, required_key_purpose, | 528 ApplyTrustAnchorConstraints(cert, required_key_purpose, |
| 532 max_path_length_ptr, name_constraints_list, | 529 max_path_length_ptr, name_constraints_list, |
| 533 errors); | 530 errors); |
| 534 } | 531 } |
| (...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 655 } | 652 } |
| 656 } | 653 } |
| 657 | 654 |
| 658 // TODO(eroman): RFC 5280 forbids duplicate certificates per section 6.1: | 655 // TODO(eroman): RFC 5280 forbids duplicate certificates per section 6.1: |
| 659 // | 656 // |
| 660 // A certificate MUST NOT appear more than once in a prospective | 657 // A certificate MUST NOT appear more than once in a prospective |
| 661 // certification path. | 658 // certification path. |
| 662 } | 659 } |
| 663 | 660 |
| 664 } // namespace net | 661 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2860853003:
Add tests for VerifyCertificateChain() when the last certificate is not (Closed)
