| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/tools/cert_verify_tool/verify_using_path_builder.h" | 5 #include "net/tools/cert_verify_tool/verify_using_path_builder.h" |
| 6 | 6 |
| 7 #include <iostream> | 7 #include <iostream> |
| 8 | 8 |
| 9 #include "base/memory/ptr_util.h" | 9 #include "base/memory/ptr_util.h" |
| 10 #include "base/message_loop/message_loop.h" | 10 #include "base/message_loop/message_loop.h" |
| (...skipping 192 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 203 scoped_refptr<net::ParsedCertificate> target_cert = | 203 scoped_refptr<net::ParsedCertificate> target_cert = |
| 204 ParseCertificate(target_der_cert); | 204 ParseCertificate(target_der_cert); |
| 205 if (!target_cert) | 205 if (!target_cert) |
| 206 return false; | 206 return false; |
| 207 | 207 |
| 208 // Verify the chain. | 208 // Verify the chain. |
| 209 net::SimpleSignaturePolicy signature_policy(2048); | 209 net::SimpleSignaturePolicy signature_policy(2048); |
| 210 net::CertPathBuilder::Result result; | 210 net::CertPathBuilder::Result result; |
| 211 net::CertPathBuilder path_builder( | 211 net::CertPathBuilder path_builder( |
| 212 target_cert, ssl_trust_store->GetTrustStore(), &signature_policy, time, | 212 target_cert, ssl_trust_store->GetTrustStore(), &signature_policy, time, |
| 213 net::KeyPurpose::SERVER_AUTH, &result); | 213 net::KeyPurpose::SERVER_AUTH, net::InitialExplicitPolicy::kFalse, |
| 214 {net::AnyPolicy()}, net::InitialPolicyMappingInhibit::kFalse, |
| 215 net::InitialAnyPolicyInhibit::kFalse, &result); |
| 214 path_builder.AddCertIssuerSource(&intermediate_cert_issuer_source); | 216 path_builder.AddCertIssuerSource(&intermediate_cert_issuer_source); |
| 215 | 217 |
| 216 // Create a network thread to be used for AIA fetches, and wait for a | 218 // Create a network thread to be used for AIA fetches, and wait for a |
| 217 // CertNetFetcher to be constructed on that thread. | 219 // CertNetFetcher to be constructed on that thread. |
| 218 base::Thread::Options options(base::MessageLoop::TYPE_IO, 0); | 220 base::Thread::Options options(base::MessageLoop::TYPE_IO, 0); |
| 219 base::Thread thread("network_thread"); | 221 base::Thread thread("network_thread"); |
| 220 CHECK(thread.StartWithOptions(options)); | 222 CHECK(thread.StartWithOptions(options)); |
| 221 // Owned by this thread, but initialized, used, and shutdown on the network | 223 // Owned by this thread, but initialized, used, and shutdown on the network |
| 222 // thread. | 224 // thread. |
| 223 std::unique_ptr<net::URLRequestContext> context; | 225 std::unique_ptr<net::URLRequestContext> context; |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 260 if (!DumpParsedCertificateChain( | 262 if (!DumpParsedCertificateChain( |
| 261 dump_prefix_path.AddExtension( | 263 dump_prefix_path.AddExtension( |
| 262 FILE_PATH_LITERAL(".CertPathBuilder.pem")), | 264 FILE_PATH_LITERAL(".CertPathBuilder.pem")), |
| 263 result.paths[result.best_result_index]->path)) { | 265 result.paths[result.best_result_index]->path)) { |
| 264 return false; | 266 return false; |
| 265 } | 267 } |
| 266 } | 268 } |
| 267 | 269 |
| 268 return result.HasValidPath(); | 270 return result.HasValidPath(); |
| 269 } | 271 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2898303005:
Wire up certificate policies support in PathBuilder. (Closed)
