Chromium Code Reviews Chromium Code Reviews
Issue 10160007:
Parse an application/x-x509-user-cert response with (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| Index: net/base/cert_database_nss.cc |
| =================================================================== |
| --- net/base/cert_database_nss.cc (revision 133822) |
| +++ net/base/cert_database_nss.cc (working copy) |
| @@ -38,6 +38,9 @@ |
| } |
| int CertDatabase::CheckUserCert(X509Certificate* cert_obj) { |
| + // TODO(wtc) a null cert_obj means we could not decode the |
| + // application/x-x509-user-cert response. Should we check that |
| + // here or in the caller? |
|
Ryan Sleevi
2012/04/27 00:55:48
Presuming a CertificateList, I would assume it's t
|
| if (!cert_obj) |
| return ERR_CERT_INVALID; |
| if (cert_obj->HasExpired()) |
| @@ -76,6 +79,17 @@ |
| LOG(ERROR) << "Couldn't import user certificate."; |
| return ERR_ADD_USER_CERT_FAILED; |
| } |
| + const X509Certificate::OSCertHandles& intermediate_certs = |
| + cert_obj->GetIntermediateCertificates(); |
| + for (size_t i = 0; i < intermediate_certs.size(); ++i) { |
| + CERTCertificate* intermediate_cert = intermediate_certs[i]; |
| + // TODO(wtc): skip intermediate_cert if it is a self-signed root cert? |
| + // It is not useful to import a root cert without trust settings. |
| + char* nickname = CERT_MakeCANickname(intermediate_cert); |
| + PK11_ImportCert(slot, intermediate_cert, CK_INVALID_HANDLE, nickname, |
|
Ryan Sleevi
2012/04/27 00:55:48
This is quite dangerous for Linux, in that non-lib
wtc
2012/04/27 21:16:50
We can copy Firefox's behavior. This means if cli
Ryan Sleevi
2012/04/27 21:24:21
What Firefox does is described in my previous comm
|
| + PR_FALSE); |
| + PORT_Free(nickname); |
| + } |
| PK11_FreeSlot(slot); |
| CertDatabase::NotifyObserversOfUserCertAdded(cert_obj); |
| return OK; |
