Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(501)

Side by Side Diff: net/base/x509_certificate_win.cc

Issue 11579002: Add X509Certificate::IsIssuedByEncoded() (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: add X509CertificateTest.IsIssuedByEncoded unit test Created 7 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS. 7 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS.
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/memory/scoped_ptr.h" 10 #include "base/memory/scoped_ptr.h"
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after
115 &out_store, NULL, NULL) || out_store == NULL) { 115 &out_store, NULL, NULL) || out_store == NULL) {
116 return results; 116 return results;
117 } 117 }
118 118
119 AddCertsFromStore(out_store, &results); 119 AddCertsFromStore(out_store, &results);
120 CertCloseStore(out_store, CERT_CLOSE_STORE_CHECK_FLAG); 120 CertCloseStore(out_store, CERT_CLOSE_STORE_CHECK_FLAG);
121 121
122 return results; 122 return results;
123 } 123 }
124 124
125 // Given a CERT_NAME_BLOB, returns true if it appears in a given list,
126 // formatted as a vector of strings holding DER-encoded X.509
127 // DistinguishedName entries.
128 bool IsCertNameBlobInIssuerList(
129 CERT_NAME_BLOB* name_blob,
130 const std::vector<std::string>& issuer_names) {
131 for (std::vector<std::string>::const_iterator it = issuer_names.begin();
132 it != issuer_names.end(); ++it) {
133 CERT_NAME_BLOB issuer_blob;
134 issuer_blob.pbData =
135 reinterpret_cast<BYTE*>(const_cast<char*>(it->data()));
136 issuer_blob.cbData = static_cast<DWORD>(it->length());
137
138 BOOL rb = CertCompareCertificateName(
139 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &issuer_blob, name_blob);
140 if (rb)
141 return true;
142 }
143 return false;
144 }
145
125 } // namespace 146 } // namespace
126 147
127 void X509Certificate::Initialize() { 148 void X509Certificate::Initialize() {
128 DCHECK(cert_handle_); 149 DCHECK(cert_handle_);
129 subject_.ParseDistinguishedName(cert_handle_->pCertInfo->Subject.pbData, 150 subject_.ParseDistinguishedName(cert_handle_->pCertInfo->Subject.pbData,
130 cert_handle_->pCertInfo->Subject.cbData); 151 cert_handle_->pCertInfo->Subject.cbData);
131 issuer_.ParseDistinguishedName(cert_handle_->pCertInfo->Issuer.pbData, 152 issuer_.ParseDistinguishedName(cert_handle_->pCertInfo->Issuer.pbData,
132 cert_handle_->pCertInfo->Issuer.cbData); 153 cert_handle_->pCertInfo->Issuer.cbData);
133 154
134 valid_start_ = Time::FromFileTime(cert_handle_->pCertInfo->NotBefore); 155 valid_start_ = Time::FromFileTime(cert_handle_->pCertInfo->NotBefore);
(...skipping 320 matching lines...) Expand 10 before | Expand all | Expand 10 after
455 break; 476 break;
456 case CALG_ECDSA: 477 case CALG_ECDSA:
457 *type = kPublicKeyTypeECDSA; 478 *type = kPublicKeyTypeECDSA;
458 break; 479 break;
459 case CALG_ECDH: 480 case CALG_ECDH:
460 *type = kPublicKeyTypeECDH; 481 *type = kPublicKeyTypeECDH;
461 break; 482 break;
462 } 483 }
463 } 484 }
464 485
486 bool X509Certificate::IsIssuedByEncoded(
487 const std::vector<std::string>& valid_issuers) {
488
489 // If the certificate's issuer in the list?
490 if (IsCertNameBlobInIssuerList(&cert_handle_->pCertInfo->Issuer,
491 valid_issuers)) {
492 return true;
493 }
494 // Otherwise, is any of the intermediate CA subjects in the list?
495 for (OSCertHandles::iterator it = intermediate_ca_certs_.begin();
496 it != intermediate_ca_certs_.end(); ++it) {
497 if (IsCertNameBlobInIssuerList(&(*it)->pCertInfo->Issuer,
498 valid_issuers)) {
499 return true;
500 }
501 }
502
503 return false;
504 }
505
465 } // namespace net 506 } // namespace net
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698