Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(351)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/browser/api/cast_channel/cast_auth_util.cc

Issue 2050983002: Cast device revocation checking. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: (Rebase only) Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« components/cast_certificate/proto/revocation.proto ('K') | « components/test/data/cast_certificate/testsuite/testsuite1.pb_text ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/browser/api/cast_channel/cast_auth_util.h" 5 #include "extensions/browser/api/cast_channel/cast_auth_util.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/macros.h" 10 #include "base/macros.h"
(...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after
144 std::vector<std::string> cert_chain; 144 std::vector<std::string> cert_chain;
145 cert_chain.push_back(response.client_auth_certificate()); 145 cert_chain.push_back(response.client_auth_certificate());
146 cert_chain.insert(cert_chain.end(), 146 cert_chain.insert(cert_chain.end(),
147 response.intermediate_certificate().begin(), 147 response.intermediate_certificate().begin(),
148 response.intermediate_certificate().end()); 148 response.intermediate_certificate().end());
149 149
150 // Use the current time when checking certificate validity. 150 // Use the current time when checking certificate validity.
151 base::Time::Exploded now; 151 base::Time::Exploded now;
152 base::Time::Now().UTCExplode(&now); 152 base::Time::Now().UTCExplode(&now);
153 153
154 // CRL should not be enforced until it is served.
155 cast_crypto::CRLOptions crl_options;
156 crl_options.crl_required = false;
154 cast_crypto::CastDeviceCertPolicy device_policy; 157 cast_crypto::CastDeviceCertPolicy device_policy;
155 if (!cast_crypto::VerifyDeviceCert(cert_chain, now, &verification_context, 158 if (!cast_crypto::VerifyDeviceCert(cert_chain, now, &verification_context,
156 &device_policy)) { 159 &device_policy, nullptr, crl_options)) {
157 // TODO(eroman): The error information was lost; this error is ambiguous. 160 // TODO(eroman): The error information was lost; this error is ambiguous.
158 return AuthResult("Failed verifying cast device certificate", 161 return AuthResult("Failed verifying cast device certificate",
159 AuthResult::ERROR_CERT_NOT_SIGNED_BY_TRUSTED_CA); 162 AuthResult::ERROR_CERT_NOT_SIGNED_BY_TRUSTED_CA);
160 } 163 }
161 164
162 if (!verification_context->VerifySignatureOverData(response.signature(), 165 if (!verification_context->VerifySignatureOverData(response.signature(),
163 signature_input)) { 166 signature_input)) {
164 return AuthResult("Failed verifying signature over data", 167 return AuthResult("Failed verifying signature over data",
165 AuthResult::ERROR_SIGNED_BLOBS_MISMATCH); 168 AuthResult::ERROR_SIGNED_BLOBS_MISMATCH);
166 } 169 }
167 170
168 AuthResult success; 171 AuthResult success;
169 172
170 // Set the policy into the result. 173 // Set the policy into the result.
171 switch (device_policy) { 174 switch (device_policy) {
172 case cast_crypto::CastDeviceCertPolicy::AUDIO_ONLY: 175 case cast_crypto::CastDeviceCertPolicy::AUDIO_ONLY:
173 success.channel_policies = AuthResult::POLICY_AUDIO_ONLY; 176 success.channel_policies = AuthResult::POLICY_AUDIO_ONLY;
174 break; 177 break;
175 case cast_crypto::CastDeviceCertPolicy::NONE: 178 case cast_crypto::CastDeviceCertPolicy::NONE:
176 success.channel_policies = AuthResult::POLICY_NONE; 179 success.channel_policies = AuthResult::POLICY_NONE;
177 break; 180 break;
178 } 181 }
179 182
180 return success; 183 return success;
181 } 184 }
182 185
183 } // namespace cast_channel 186 } // namespace cast_channel
184 } // namespace api 187 } // namespace api
185 } // namespace extensions 188 } // namespace extensions
OLDNEW
« components/cast_certificate/proto/revocation.proto ('K') | « components/test/data/cast_certificate/testsuite/testsuite1.pb_text ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698