Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(217)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/path_builder.cc

Issue 2903283002: Add policies support to VerifyCertificateChain(). (Closed)
Patch Set: Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/cert/internal/test_helpers.h » ('j') | net/cert/internal/verify_certificate_chain.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/path_builder.h" 5 #include "net/cert/internal/path_builder.h"
6 6
7 #include <set> 7 #include <set>
8 #include <unordered_set> 8 #include <unordered_set>
9 9
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 586 matching lines...) Expand 10 before | Expand all | Expand 10 after
597 597
598 void CertPathBuilder::DoGetNextPathComplete() { 598 void CertPathBuilder::DoGetNextPathComplete() {
599 if (next_path_.IsEmpty()) { 599 if (next_path_.IsEmpty()) {
600 // No more paths to check, signal completion. 600 // No more paths to check, signal completion.
601 next_state_ = STATE_NONE; 601 next_state_ = STATE_NONE;
602 return; 602 return;
603 } 603 }
604 604
605 // Verify the entire certificate chain. 605 // Verify the entire certificate chain.
606 auto result_path = base::MakeUnique<ResultPath>(); 606 auto result_path = base::MakeUnique<ResultPath>();
607
608 // TODO(eroman): Make these inputs parameters to the path builder.
609 const bool initial_explicit_policy = false;
610 const std::set<der::Input> user_initial_policy_set{AnyPolicy()};
611 const bool initial_policy_mapping_inhibit = false;
612 const bool initial_any_policy_inhibit = false;
613
607 VerifyCertificateChain(next_path_.certs, next_path_.last_cert_trust, 614 VerifyCertificateChain(next_path_.certs, next_path_.last_cert_trust,
608 signature_policy_, time_, key_purpose_, 615 signature_policy_, time_, key_purpose_,
609 &result_path->errors); 616 initial_explicit_policy, user_initial_policy_set,
617 initial_policy_mapping_inhibit,
618 initial_any_policy_inhibit, &result_path->errors);
610 bool verify_result = !result_path->errors.ContainsHighSeverityErrors(); 619 bool verify_result = !result_path->errors.ContainsHighSeverityErrors();
611 620
612 DVLOG(1) << "CertPathBuilder VerifyCertificateChain result = " 621 DVLOG(1) << "CertPathBuilder VerifyCertificateChain result = "
613 << verify_result << "\n" 622 << verify_result << "\n"
614 << result_path->errors.ToDebugString(next_path_.certs); 623 << result_path->errors.ToDebugString(next_path_.certs);
615 result_path->path = next_path_; 624 result_path->path = next_path_;
616 AddResultPath(std::move(result_path)); 625 AddResultPath(std::move(result_path));
617 626
618 if (verify_result) { 627 if (verify_result) {
619 // Found a valid path, return immediately. 628 // Found a valid path, return immediately.
(...skipping 10 matching lines...) Expand all
630 639
631 void CertPathBuilder::AddResultPath(std::unique_ptr<ResultPath> result_path) { 640 void CertPathBuilder::AddResultPath(std::unique_ptr<ResultPath> result_path) {
632 // TODO(mattm): set best_result_index based on number or severity of errors. 641 // TODO(mattm): set best_result_index based on number or severity of errors.
633 if (result_path->IsValid()) 642 if (result_path->IsValid())
634 out_result_->best_result_index = out_result_->paths.size(); 643 out_result_->best_result_index = out_result_->paths.size();
635 // TODO(mattm): add flag to only return a single path or all attempted paths? 644 // TODO(mattm): add flag to only return a single path or all attempted paths?
636 out_result_->paths.push_back(std::move(result_path)); 645 out_result_->paths.push_back(std::move(result_path));
637 } 646 }
638 647
639 } // namespace net 648 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/cert/internal/test_helpers.h » ('j') | net/cert/internal/verify_certificate_chain.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698