Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(911)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/cast_certificate/cast_cert_validator.cc

Issue 1923433002: Certificate path builder for new certificate verification library (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | net/cert/internal/path_builder.h » ('j') | net/cert/internal/path_builder.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/cast_certificate/cast_cert_validator.cc
diff --git a/components/cast_certificate/cast_cert_validator.cc b/components/cast_certificate/cast_cert_validator.cc
index 5fb0ea162c46d496650d187c2b5480d02abc2685..d91b7930e7c53364bffd85c54928f5c5248d91d8 100644
--- a/components/cast_certificate/cast_cert_validator.cc
+++ b/components/cast_certificate/cast_cert_validator.cc
@@ -13,15 +13,16 @@
#include "base/memory/ptr_util.h"
#include "base/memory/singleton.h"
+#include "net/cert/internal/cert_issuer_source_static.h"
#include "net/cert/internal/certificate_policies.h"
#include "net/cert/internal/extended_key_usage.h"
#include "net/cert/internal/parse_certificate.h"
#include "net/cert/internal/parse_name.h"
#include "net/cert/internal/parsed_certificate.h"
+#include "net/cert/internal/path_builder.h"
#include "net/cert/internal/signature_algorithm.h"
#include "net/cert/internal/signature_policy.h"
#include "net/cert/internal/trust_store.h"
-#include "net/cert/internal/verify_certificate_chain.h"
#include "net/cert/internal/verify_signed_data.h"
#include "net/der/input.h"
@@ -282,16 +283,24 @@ bool VerifyDeviceCert(const std::vector<std::string>& certs,
}
}
+ net::CertIssuerSourceStatic intermediate_cert_issuer_source;
+ for (size_t i = 1; i < input_chain.size(); ++i)
eroman 2016/06/17 01:03:22 Given how this works now, I think we should probab
mattm 2016/06/18 04:28:55 Done.
+ intermediate_cert_issuer_source.AddCert(input_chain[i]);
+
// Use a signature policy compatible with Cast's PKI.
auto signature_policy = CreateCastSignaturePolicy();
// Do RFC 5280 compatible certificate verification using the two Cast
// trust anchors and Cast signature policy.
- if (!net::VerifyCertificateChain(input_chain, CastTrustStore::Get(),
- signature_policy.get(),
- ConvertExplodedTime(time))) {
+ net::CertPathBuilder::Result result;
+ net::CertPathBuilder path_builder(input_chain.front(), &CastTrustStore::Get(),
eroman 2016/06/17 01:03:21 There needs to also ensure somewhere that !input_c
mattm 2016/06/18 04:28:55 Done.
+ signature_policy.get(),
+ ConvertExplodedTime(time), &result);
+ path_builder.AddCertIssuerSource(&intermediate_cert_issuer_source);
+ net::CompletionStatus rv = path_builder.Run(base::Closure());
+ DCHECK(rv == net::CompletionStatus::SYNC);
eroman 2016/06/17 01:03:21 nit: DCHECK_EQ()
mattm 2016/06/18 04:28:55 Done.
+ if (result.result() != net::OK)
eroman 2016/06/17 01:03:22 How about abstracting this with result.IsSuccess()
mattm 2016/06/18 04:28:55 Done.
return false;
- }
// Check properties of the leaf certificate (key usage, policy), and construct
// a CertVerificationContext that uses its public key.
« no previous file with comments | « no previous file | net/cert/internal/path_builder.h » ('j') | net/cert/internal/path_builder.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698