diff options
| author | snej@chromium.org <snej@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-26 23:36:04 +0000 |
|---|---|---|
| committer | snej@chromium.org <snej@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-26 23:36:04 +0000 |
| commit | d866fb547c120ceb749d7b95f8d2d09950d90784 (patch) | |
| tree | 7caeb2c31cdef9733aa573412c6b109a52347f24 /net/base/x509_certificate.cc | |
| parent | b40f0fd65dc4df1f39292bfd9c0a1ac4ee4368f6 (diff) | |
| download | chromium_src-d866fb547c120ceb749d7b95f8d2d09950d90784.zip chromium_src-d866fb547c120ceb749d7b95f8d2d09950d90784.tar.gz chromium_src-d866fb547c120ceb749d7b95f8d2d09950d90784.tar.bz2 | |
Mac: Make client-cert picker only show certs the server will accept.
BUG=38691
TEST=manual testing with various sites
Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=42822
Review URL: http://codereview.chromium.org/1128008
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42859 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/x509_certificate.cc')
| -rw-r--r-- | net/base/x509_certificate.cc | 49 |
1 files changed, 5 insertions, 44 deletions
diff --git a/net/base/x509_certificate.cc b/net/base/x509_certificate.cc index adf73b9..367afda 100644 --- a/net/base/x509_certificate.cc +++ b/net/base/x509_certificate.cc @@ -4,7 +4,9 @@ #include "net/base/x509_certificate.h" -#if defined(USE_NSS) +#if defined(OS_MACOSX) +#include <Security/Security.h> +#elif defined(USE_NSS) #include <cert.h> #endif @@ -56,8 +58,8 @@ bool X509Certificate::IsSameOSCert(X509Certificate::OSCertHandle a, } bool X509Certificate::FingerprintLessThan::operator()( - const Fingerprint& lhs, - const Fingerprint& rhs) const { + const SHA1Fingerprint& lhs, + const SHA1Fingerprint& rhs) const { for (size_t i = 0; i < sizeof(lhs.data); ++i) { if (lhs.data[i] < rhs.data[i]) return true; @@ -121,47 +123,6 @@ X509Certificate* X509Certificate::Cache::Find(const Fingerprint& fingerprint) { return pos->second; }; -X509Certificate::Policy::Judgment X509Certificate::Policy::Check( - X509Certificate* cert) const { - // It shouldn't matter which set we check first, but we check denied first - // in case something strange has happened. - - if (denied_.find(cert->fingerprint()) != denied_.end()) { - // DCHECK that the order didn't matter. - DCHECK(allowed_.find(cert->fingerprint()) == allowed_.end()); - return DENIED; - } - - if (allowed_.find(cert->fingerprint()) != allowed_.end()) { - // DCHECK that the order didn't matter. - DCHECK(denied_.find(cert->fingerprint()) == denied_.end()); - return ALLOWED; - } - - // We don't have a policy for this cert. - return UNKNOWN; -} - -void X509Certificate::Policy::Allow(X509Certificate* cert) { - // Put the cert in the allowed set and (maybe) remove it from the denied set. - denied_.erase(cert->fingerprint()); - allowed_.insert(cert->fingerprint()); -} - -void X509Certificate::Policy::Deny(X509Certificate* cert) { - // Put the cert in the denied set and (maybe) remove it from the allowed set. - allowed_.erase(cert->fingerprint()); - denied_.insert(cert->fingerprint()); -} - -bool X509Certificate::Policy::HasAllowedCert() const { - return !allowed_.empty(); -} - -bool X509Certificate::Policy::HasDeniedCert() const { - return !denied_.empty(); -} - // static X509Certificate* X509Certificate::CreateFromHandle( OSCertHandle cert_handle, |