commit 76f636098ccda9f283614545352b4964e7ec2b5c
author mattm <mattm@chromium.org> Thu Jul 07 22:05:35 2016
committer Commit bot <commit-bot@chromium.org> Thu Jul 07 22:08:42 2016
tree 8316b36c797a8bbedd75badc82a2910200775e43
parent b444c43df71f607a72e47e234d23801c5bdff42e

Certificate path builder for new certificate verification library

Builds paths from a target certificate to a trust anchor and attempts to verify them according to RFC 5280. Supports asynchronous intermediate lookups (eg, AIA fetching) and backtracking.

This implementation uses a depth-first strategy which is simple and uses minimal resources, but may not be optimal.

BUG=410574

Review-Url: https://codereview.chromium.org/1923433002
Cr-Commit-Position: refs/heads/master@{#404239}

net/net.gypi

diff --git a/net/net.gypi b/net/net.gypi
index 7dabdaa..8a4a799c 100644
--- a/net/net.gypi
+++ b/net/net.gypi
@@ -105,6 +105,8 @@
       'cert/internal/parse_ocsp.h',
       'cert/internal/parsed_certificate.cc',
       'cert/internal/parsed_certificate.h',
+      'cert/internal/path_builder.cc',
+      'cert/internal/path_builder.h',
       'cert/internal/signature_algorithm.cc',
       'cert/internal/signature_algorithm.h',
       'cert/internal/signature_policy.cc',
@@ -1405,11 +1407,15 @@
       'cert/internal/parse_certificate_unittest.cc',
       'cert/internal/parse_name_unittest.cc',
       'cert/internal/parse_ocsp_unittest.cc',
+      'cert/internal/path_builder_pkits_unittest.cc',
+      'cert/internal/path_builder_unittest.cc',
+      'cert/internal/path_builder_verify_certificate_chain_unittest.cc',
       'cert/internal/signature_algorithm_unittest.cc',
       'cert/internal/test_helpers.cc',
       'cert/internal/test_helpers.h',
-      'cert/internal/verify_certificate_chain_unittest.cc',
       'cert/internal/verify_certificate_chain_pkits_unittest.cc',
+      'cert/internal/verify_certificate_chain_typed_unittest.h',
+      'cert/internal/verify_certificate_chain_unittest.cc',
       'cert/internal/verify_name_match_unittest.cc',
       'cert/internal/verify_signed_data_unittest.cc',
       'cert/jwk_serializer_unittest.cc',
@@ -2465,6 +2471,10 @@
       'data/verify_certificate_chain_unittest/intermediary-unknown-non-critical-extension.pem',
       'data/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal-anchor.pem',
       'data/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal.pem',
+      'data/verify_certificate_chain_unittest/key-rollover-longrolloverchain.pem',
+      'data/verify_certificate_chain_unittest/key-rollover-newchain.pem',
+      'data/verify_certificate_chain_unittest/key-rollover-oldchain.pem',
+      'data/verify_certificate_chain_unittest/key-rollover-rolloverchain.pem',
       'data/verify_certificate_chain_unittest/non-self-signed-root.pem',
       'data/verify_certificate_chain_unittest/target-and-intermediary.pem',
       'data/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca.pem',