Add X509Certificate::IsIssuedByEncoded()

net/base/x509_certificate_ios.cc

Index: net/base/x509_certificate_ios.cc
diff --git a/net/base/x509_certificate_ios.cc b/net/base/x509_certificate_ios.cc
index 0286203ebb41aa255278c2ca85e87e8c38325707..4d0188fdf0d640f5564d466bb99eb1dda6d31aee 100644
--- a/net/base/x509_certificate_ios.cc
+++ b/net/base/x509_certificate_ios.cc
@@ -69,6 +69,21 @@ void X509Certificate::Initialize() {
   ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_);
 }
 
+bool X509Certificate::IsIssuedByEncoded(
+    const std::vector<std::string>& valid_issuers) {
+  x509_util_ios::NSSCertChain nss_chain(this);
+  // Convert to scoped CERTName* list.

[droger, 2012/12/19 12:26:23]

Optional nit: you could consider sharing more code with x509_certificate_nss.cc,
for example by adding a new method to x509_util_nss:
IsIssuedByEncoded(const x509_util_ios::NSSCertChain& chain,
                  const std::vector<std::string>& valid_issuers)

It's only a few lines, so it may not worth it.  I'm just throwing this out as an
idea. If you've already discussed that issue, just ignore this comment.

[digit1, 2012/12/19 12:58:42]

That's what I tried originally in a previous patch, but as you discovered, it's
not really possible :)

+  std::vector<CERTName*> issuers;
+  crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!x509_util::GetIssuersFromEncodedList(
+      valid_issuers, arena.get(), &issuers))
+    return false;

[droger, 2012/12/19 12:26:23]

Nit: I think you need curly braces for multi-line ifs. If you change this, also
change the similar code in x509_certificate_nss.cc.

[digit1, 2012/12/19 12:58:42]

Thanks, I've fixed this in the latest patch.

+
+  // Do the comparison.
+  return x509_util::IsCertificateIssuedBy(
+      nss_chain.cert_chain(), issuers);
+}
+
 // static
 X509Certificate* X509Certificate::CreateSelfSigned(
     crypto::RSAPrivateKey* key,