Index: net/cert/ct_objects_extractor_nss.cc |
diff --git a/net/cert/ct_objects_extractor_nss.cc b/net/cert/ct_objects_extractor_nss.cc |
index 0f353489e3d33a585dca01befc6006ff00ef28bd..b439efc17894f6ced9fb1b2cacafef90dbd85dbd 100644 |
--- a/net/cert/ct_objects_extractor_nss.cc |
+++ b/net/cert/ct_objects_extractor_nss.cc |
@@ -269,6 +269,26 @@ bool GetX509LogEntry(X509Certificate::OSCertHandle leaf, LogEntry* result) { |
return true; |
} |
+bool ExtractSCTListFromOCSPResponse(X509Certificate::OSCertHandle leaf, |
+ const std::string& ocsp_response, |
+ std::string* sct_list) { |
+ DCHECK(leaf); |
+ NSSCertWrapper leaf_cert(leaf); |
+ sct_list->clear(); |
+ base::StringPiece serial_number = base::StringPiece( |
+ reinterpret_cast<char*>(leaf_cert.cert->serialNumber.data), |
+ leaf_cert.cert->serialNumber.len); |
+ base::StringPiece ocsp_resp(ocsp_response); |
wtc
2013/12/03 01:18:06
Nit: it should be OK to just pass |ocsp_response|.
ekasper
2013/12/03 13:50:51
Done.
|
+ base::StringPiece sct_list_out; |
+ if (!asn1::ExtractSCTExtensionFromOCSPResponse(ocsp_resp, |
+ serial_number, |
+ &sct_list_out)) |
+ return false; |
+ |
+ *sct_list = std::string(sct_list_out.data(), sct_list_out.size()); |
wtc
2013/12/03 01:18:06
Nit: you can use the as_string() method:
*sct_li
ekasper
2013/12/03 13:50:51
Done.
|
+ return true; |
+} |
+ |
} // namespace ct |
} // namespace net |