| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/path_builder.h" | 5 #include "net/cert/internal/path_builder.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <unordered_set> | 8 #include <unordered_set> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 586 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 597 | 597 |
| 598 void CertPathBuilder::DoGetNextPathComplete() { | 598 void CertPathBuilder::DoGetNextPathComplete() { |
| 599 if (next_path_.IsEmpty()) { | 599 if (next_path_.IsEmpty()) { |
| 600 // No more paths to check, signal completion. | 600 // No more paths to check, signal completion. |
| 601 next_state_ = STATE_NONE; | 601 next_state_ = STATE_NONE; |
| 602 return; | 602 return; |
| 603 } | 603 } |
| 604 | 604 |
| 605 // Verify the entire certificate chain. | 605 // Verify the entire certificate chain. |
| 606 auto result_path = base::MakeUnique<ResultPath>(); | 606 auto result_path = base::MakeUnique<ResultPath>(); |
| 607 VerifyCertificateChain(next_path_.certs, next_path_.last_cert_trust, | 607 // TODO(eroman): don't pass placeholder for policy. |
| 608 signature_policy_, time_, key_purpose_, | 608 VerifyCertificateChain( |
| 609 &result_path->errors); | 609 next_path_.certs, next_path_.last_cert_trust, signature_policy_, time_, |
| 610 key_purpose_, InitialExplicitPolicy::kFalse, {AnyPolicy()}, |
| 611 InitialPolicyMappingInhibit::kFalse, InitialAnyPolicyInhibit::kFalse, |
| 612 nullptr /*user_constrained_policy_set*/, &result_path->errors); |
| 610 bool verify_result = !result_path->errors.ContainsHighSeverityErrors(); | 613 bool verify_result = !result_path->errors.ContainsHighSeverityErrors(); |
| 611 | 614 |
| 612 DVLOG(1) << "CertPathBuilder VerifyCertificateChain result = " | 615 DVLOG(1) << "CertPathBuilder VerifyCertificateChain result = " |
| 613 << verify_result << "\n" | 616 << verify_result << "\n" |
| 614 << result_path->errors.ToDebugString(next_path_.certs); | 617 << result_path->errors.ToDebugString(next_path_.certs); |
| 615 result_path->path = next_path_; | 618 result_path->path = next_path_; |
| 616 AddResultPath(std::move(result_path)); | 619 AddResultPath(std::move(result_path)); |
| 617 | 620 |
| 618 if (verify_result) { | 621 if (verify_result) { |
| 619 // Found a valid path, return immediately. | 622 // Found a valid path, return immediately. |
| (...skipping 10 matching lines...) Expand all Loading... |
| 630 | 633 |
| 631 void CertPathBuilder::AddResultPath(std::unique_ptr<ResultPath> result_path) { | 634 void CertPathBuilder::AddResultPath(std::unique_ptr<ResultPath> result_path) { |
| 632 // TODO(mattm): set best_result_index based on number or severity of errors. | 635 // TODO(mattm): set best_result_index based on number or severity of errors. |
| 633 if (result_path->IsValid()) | 636 if (result_path->IsValid()) |
| 634 out_result_->best_result_index = out_result_->paths.size(); | 637 out_result_->best_result_index = out_result_->paths.size(); |
| 635 // TODO(mattm): add flag to only return a single path or all attempted paths? | 638 // TODO(mattm): add flag to only return a single path or all attempted paths? |
| 636 out_result_->paths.push_back(std::move(result_path)); | 639 out_result_->paths.push_back(std::move(result_path)); |
| 637 } | 640 } |
| 638 | 641 |
| 639 } // namespace net | 642 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2903283002:
Add policies support to VerifyCertificateChain(). (Closed)
