diff options
| author | eranm@google.com <eranm@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-24 22:33:00 +0000 |
|---|---|---|
| committer | eranm@google.com <eranm@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-24 22:33:00 +0000 |
| commit | 1f11d6fce0146543320116e0daa4d27d847c1c49 (patch) | |
| tree | 140df1e8077a8e707befbc9b65a67503908d52de /net/test | |
| parent | ff4d672e9e3aa4ebe831eb52f05b10f5ab145699 (diff) | |
| download | chromium_src-1f11d6fce0146543320116e0daa4d27d847c1c49.zip chromium_src-1f11d6fce0146543320116e0daa4d27d847c1c49.tar.gz chromium_src-1f11d6fce0146543320116e0daa4d27d847c1c49.tar.bz2 | |
Add the high-level interface for verifying SCTs over multiple logs
This interface (and the default implementation) verify SCT lists obtained
during the TLS handshake or from OCSP stapling, as well as embedded ones.
The result will be used to modify the ssl_info with indicatior of CT status.
The next, and final, patch will wire the CTVerifier to the SSL client socket.
BUG=309578
Review URL: https://codereview.chromium.org/67513008
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@237008 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/test')
| -rw-r--r-- | net/test/cert_test_util.cc | 18 | ||||
| -rw-r--r-- | net/test/cert_test_util.h | 14 |
2 files changed, 30 insertions, 2 deletions
diff --git a/net/test/cert_test_util.cc b/net/test/cert_test_util.cc index 5ec0774..3ccfa65 100644 --- a/net/test/cert_test_util.cc +++ b/net/test/cert_test_util.cc @@ -26,6 +26,24 @@ CertificateList CreateCertificateListFromFile( format); } +scoped_refptr<X509Certificate> CreateCertificateChainFromFile( + const base::FilePath& certs_dir, + const std::string& cert_file, + int format) { + CertificateList certs = CreateCertificateListFromFile( + certs_dir, cert_file, format); + if (certs.empty()) + return NULL; + + X509Certificate::OSCertHandles intermediates; + for (size_t i = 1; i < certs.size(); ++i) + intermediates.push_back(certs[i]->os_cert_handle()); + + scoped_refptr<X509Certificate> result(X509Certificate::CreateFromHandle( + certs[0]->os_cert_handle(), intermediates)); + return result; +} + scoped_refptr<X509Certificate> ImportCertFromFile( const base::FilePath& certs_dir, const std::string& cert_file) { diff --git a/net/test/cert_test_util.h b/net/test/cert_test_util.h index d4aa4d7..31b768a 100644 --- a/net/test/cert_test_util.h +++ b/net/test/cert_test_util.h @@ -19,12 +19,22 @@ namespace net { class EVRootCAMetadata; +// Imports all of the certificates in |cert_file|, a file in |certs_dir|, +// // into a CertificateList. CertificateList CreateCertificateListFromFile(const base::FilePath& certs_dir, const std::string& cert_file, int format); -// Imports a certificate file in the directory net::GetTestCertsDirectory() -// returns. +// Imports all of the certificates in |cert_file|, a file in |certs_dir|, into +// a new X509Certificate. The first certificate in the chain will be used for +// the returned cert, with any additional certificates configured as +// intermediate certificates. +scoped_refptr<X509Certificate> CreateCertificateChainFromFile( + const base::FilePath& certs_dir, + const std::string& cert_file, + int format); + +// Imports a single certificate from |cert_file|. // |certs_dir| represents the test certificates directory. |cert_file| is the // name of the certificate file. If cert_file contains multiple certificates, // the first certificate found will be returned. |