diff options
Diffstat (limited to 'chromium/net/cert/internal/trust_store_chrome.cc')
| -rw-r--r-- | chromium/net/cert/internal/trust_store_chrome.cc | 32 |
1 files changed, 24 insertions, 8 deletions
diff --git a/chromium/net/cert/internal/trust_store_chrome.cc b/chromium/net/cert/internal/trust_store_chrome.cc index 926c1207d66..56f9d497f0f 100644 --- a/chromium/net/cert/internal/trust_store_chrome.cc +++ b/chromium/net/cert/internal/trust_store_chrome.cc @@ -6,8 +6,8 @@ #include "base/containers/span.h" #include "base/logging.h" #include "base/memory/ptr_util.h" -#include "net/cert/internal/cert_errors.h" -#include "net/cert/internal/parsed_certificate.h" +#include "net/cert/pki/cert_errors.h" +#include "net/cert/pki/parsed_certificate.h" #include "net/cert/root_store_proto_lite/root_store.pb.h" #include "net/cert/x509_certificate.h" #include "net/cert/x509_util.h" @@ -73,10 +73,12 @@ TrustStoreChrome::TrustStoreChrome(base::span<const ChromeRootCertInfo> certs, for (const auto& cert_info : certs) { bssl::UniquePtr<CRYPTO_BUFFER> cert; if (certs_are_static) { - // TODO(mattm,hchao): When the component updater is implemented, ensure - // the static data crypto_buffers for the compiled-in roots are kept - // alive, so that roots from the component updater data will de-dupe - // against them. + // TODO(mattm,hchao): Ensure the static data crypto_buffers for the + // compiled-in roots are kept alive, so that roots from the component + // updater data will de-dupe against them. This currently works if the + // new components roots are the same as the compiled in roots, but + // fails if a component update drops a root and then the next component + // update readds the root without a restart. cert = x509_util::CreateCryptoBufferFromStaticDataUnsafe( cert_info.root_cert_der); } else { @@ -86,8 +88,6 @@ TrustStoreChrome::TrustStoreChrome(base::span<const ChromeRootCertInfo> certs, auto parsed = ParsedCertificate::Create( std::move(cert), x509_util::DefaultParseCertificateOptions(), &errors); DCHECK(parsed); - // TODO(hchao): Figure out how to fail gracefully when the Chrome Root Store - // gets a bad component update. trust_store_.AddTrustAnchor(parsed); } version_ = version; @@ -130,4 +130,20 @@ int64_t CompiledChromeRootStoreVersion() { return kRootStoreVersion; } +ParsedCertificateList CompiledChromeRootStoreAnchors() { + ParsedCertificateList parsed_cert_list; + for (const auto& cert_info : kChromeRootCertList) { + bssl::UniquePtr<CRYPTO_BUFFER> cert = + x509_util::CreateCryptoBufferFromStaticDataUnsafe( + cert_info.root_cert_der); + CertErrors errors; + auto parsed = ParsedCertificate::Create( + std::move(cert), x509_util::DefaultParseCertificateOptions(), &errors); + DCHECK(parsed); + parsed_cert_list.push_back(parsed); + } + + return parsed_cert_list; +} + } // namespace net |