Index: net/cert/ct_objects_extractor_nss.cc |
diff --git a/net/cert/ct_objects_extractor_nss.cc b/net/cert/ct_objects_extractor_nss.cc |
index 0f353489e3d33a585dca01befc6006ff00ef28bd..3abc183b775420d0a32952c792909775f3eeecb6 100644 |
--- a/net/cert/ct_objects_extractor_nss.cc |
+++ b/net/cert/ct_objects_extractor_nss.cc |
@@ -269,6 +269,25 @@ bool GetX509LogEntry(X509Certificate::OSCertHandle leaf, LogEntry* result) { |
return true; |
} |
+bool ExtractSCTListFromOCSPResponse(X509Certificate::OSCertHandle leaf, |
+ const std::string& ocsp_response, |
+ std::string* sct_list) { |
+ DCHECK(leaf); |
+ NSSCertWrapper leaf_cert(leaf); |
wtc
2013/12/03 21:04:25
Nit: this is an expensive way to get the serial nu
ekasper
2013/12/04 19:25:15
I wasn't really thinking what I was doing :/
I've
|
+ sct_list->clear(); |
+ base::StringPiece serial_number = base::StringPiece( |
+ reinterpret_cast<char*>(leaf_cert.cert->serialNumber.data), |
+ leaf_cert.cert->serialNumber.len); |
+ base::StringPiece sct_list_out; |
+ if (!asn1::ExtractSCTExtensionFromOCSPResponse(ocsp_response, |
Ryan Sleevi
2013/12/03 21:03:18
We should be using the NSS ASN.1 functions for thi
ekasper
2013/12/04 19:25:15
Done...
|
+ serial_number, |
+ &sct_list_out)) |
+ return false; |
wtc
2013/12/03 21:04:25
Nit: add curly braces.
|
+ |
+ *sct_list = sct_list_out.as_string(); |
+ return true; |
+} |
+ |
} // namespace ct |
} // namespace net |