Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(260)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/browser/api/cast_channel/cast_auth_util.cc

Issue 2050983002: Cast device revocation checking. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixed proto again Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« components/test/data/cast_certificate/testsuite/testsuite1.pb_text ('K') | « components/test/data/cast_certificate/testsuite/testsuite1.pb_text ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/browser/api/cast_channel/cast_auth_util.h" 5 #include "extensions/browser/api/cast_channel/cast_auth_util.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/macros.h" 10 #include "base/macros.h"
(...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after
144 std::vector<std::string> cert_chain; 144 std::vector<std::string> cert_chain;
145 cert_chain.push_back(response.client_auth_certificate()); 145 cert_chain.push_back(response.client_auth_certificate());
146 cert_chain.insert(cert_chain.end(), 146 cert_chain.insert(cert_chain.end(),
147 response.intermediate_certificate().begin(), 147 response.intermediate_certificate().begin(),
148 response.intermediate_certificate().end()); 148 response.intermediate_certificate().end());
149 149
150 // Use the current time when checking certificate validity. 150 // Use the current time when checking certificate validity.
151 base::Time::Exploded now; 151 base::Time::Exploded now;
152 base::Time::Now().UTCExplode(&now); 152 base::Time::Now().UTCExplode(&now);
153 153
154 // CRL should not be enforced until it is served.
154 cast_crypto::CastDeviceCertPolicy device_policy; 155 cast_crypto::CastDeviceCertPolicy device_policy;
155 if (!cast_crypto::VerifyDeviceCert(cert_chain, now, &verification_context, 156 if (!cast_crypto::VerifyDeviceCert(
156 &device_policy)) { 157 cert_chain, now, &verification_context, &device_policy, nullptr,
158 cast_certificate::CRLPolicy::CRL_OPTIONAL)) {
157 // TODO(eroman): The error information was lost; this error is ambiguous. 159 // TODO(eroman): The error information was lost; this error is ambiguous.
158 return AuthResult("Failed verifying cast device certificate", 160 return AuthResult("Failed verifying cast device certificate",
159 AuthResult::ERROR_CERT_NOT_SIGNED_BY_TRUSTED_CA); 161 AuthResult::ERROR_CERT_NOT_SIGNED_BY_TRUSTED_CA);
160 } 162 }
161 163
162 if (!verification_context->VerifySignatureOverData(response.signature(), 164 if (!verification_context->VerifySignatureOverData(response.signature(),
163 signature_input)) { 165 signature_input)) {
164 return AuthResult("Failed verifying signature over data", 166 return AuthResult("Failed verifying signature over data",
165 AuthResult::ERROR_SIGNED_BLOBS_MISMATCH); 167 AuthResult::ERROR_SIGNED_BLOBS_MISMATCH);
166 } 168 }
167 169
168 AuthResult success; 170 AuthResult success;
169 171
170 // Set the policy into the result. 172 // Set the policy into the result.
171 switch (device_policy) { 173 switch (device_policy) {
172 case cast_crypto::CastDeviceCertPolicy::AUDIO_ONLY: 174 case cast_crypto::CastDeviceCertPolicy::AUDIO_ONLY:
173 success.channel_policies = AuthResult::POLICY_AUDIO_ONLY; 175 success.channel_policies = AuthResult::POLICY_AUDIO_ONLY;
174 break; 176 break;
175 case cast_crypto::CastDeviceCertPolicy::NONE: 177 case cast_crypto::CastDeviceCertPolicy::NONE:
176 success.channel_policies = AuthResult::POLICY_NONE; 178 success.channel_policies = AuthResult::POLICY_NONE;
177 break; 179 break;
178 } 180 }
179 181
180 return success; 182 return success;
181 } 183 }
182 184
183 } // namespace cast_channel 185 } // namespace cast_channel
184 } // namespace api 186 } // namespace api
185 } // namespace extensions 187 } // namespace extensions
OLDNEW
« components/test/data/cast_certificate/testsuite/testsuite1.pb_text ('K') | « components/test/data/cast_certificate/testsuite/testsuite1.pb_text ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698