diff options
| author | amit@chromium.org <amit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-26 21:49:42 +0000 |
|---|---|---|
| committer | amit@chromium.org <amit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-26 21:49:42 +0000 |
| commit | 78d36a2f101aaa7dea9820b7001672c8f5f78f4f (patch) | |
| tree | d6a12039ba0d4473fdb4a5232e5ed0c523d40822 /net/base/x509_certificate.cc | |
| parent | 3213339b064c87a06785145cbe86de65cf42fd6e (diff) | |
| download | chromium_src-78d36a2f101aaa7dea9820b7001672c8f5f78f4f.zip chromium_src-78d36a2f101aaa7dea9820b7001672c8f5f78f4f.tar.gz chromium_src-78d36a2f101aaa7dea9820b7001672c8f5f78f4f.tar.bz2 | |
Revert due to compile failures
Revert 42822 - Mac: Make clientcert picker only show certs the server will accept.
BUG=38691
TEST=manual testing with various sites
Review URL: http://codereview.chromium.org/1128008
TBR=snej@chromium.org
Review URL: http://codereview.chromium.org/1417003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42830 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/x509_certificate.cc')
| -rw-r--r-- | net/base/x509_certificate.cc | 49 |
1 files changed, 44 insertions, 5 deletions
diff --git a/net/base/x509_certificate.cc b/net/base/x509_certificate.cc index 367afda..adf73b9 100644 --- a/net/base/x509_certificate.cc +++ b/net/base/x509_certificate.cc @@ -4,9 +4,7 @@ #include "net/base/x509_certificate.h" -#if defined(OS_MACOSX) -#include <Security/Security.h> -#elif defined(USE_NSS) +#if defined(USE_NSS) #include <cert.h> #endif @@ -58,8 +56,8 @@ bool X509Certificate::IsSameOSCert(X509Certificate::OSCertHandle a, } bool X509Certificate::FingerprintLessThan::operator()( - const SHA1Fingerprint& lhs, - const SHA1Fingerprint& rhs) const { + const Fingerprint& lhs, + const Fingerprint& rhs) const { for (size_t i = 0; i < sizeof(lhs.data); ++i) { if (lhs.data[i] < rhs.data[i]) return true; @@ -123,6 +121,47 @@ X509Certificate* X509Certificate::Cache::Find(const Fingerprint& fingerprint) { return pos->second; }; +X509Certificate::Policy::Judgment X509Certificate::Policy::Check( + X509Certificate* cert) const { + // It shouldn't matter which set we check first, but we check denied first + // in case something strange has happened. + + if (denied_.find(cert->fingerprint()) != denied_.end()) { + // DCHECK that the order didn't matter. + DCHECK(allowed_.find(cert->fingerprint()) == allowed_.end()); + return DENIED; + } + + if (allowed_.find(cert->fingerprint()) != allowed_.end()) { + // DCHECK that the order didn't matter. + DCHECK(denied_.find(cert->fingerprint()) == denied_.end()); + return ALLOWED; + } + + // We don't have a policy for this cert. + return UNKNOWN; +} + +void X509Certificate::Policy::Allow(X509Certificate* cert) { + // Put the cert in the allowed set and (maybe) remove it from the denied set. + denied_.erase(cert->fingerprint()); + allowed_.insert(cert->fingerprint()); +} + +void X509Certificate::Policy::Deny(X509Certificate* cert) { + // Put the cert in the denied set and (maybe) remove it from the allowed set. + allowed_.erase(cert->fingerprint()); + denied_.insert(cert->fingerprint()); +} + +bool X509Certificate::Policy::HasAllowedCert() const { + return !allowed_.empty(); +} + +bool X509Certificate::Policy::HasDeniedCert() const { + return !denied_.empty(); +} + // static X509Certificate* X509Certificate::CreateFromHandle( OSCertHandle cert_handle, |