Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(190)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/browser/api/cast_channel/cast_auth_util.cc

Issue 2050983002: Cast device revocation checking. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: API change: use base::Time instead of base::Time::ExplodedTime Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« components/cast_certificate/cast_crl_unittest.cc ('K') | « components/test/data/cast_certificate/testsuite/testsuite1.pb_text ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/browser/api/cast_channel/cast_auth_util.h" 5 #include "extensions/browser/api/cast_channel/cast_auth_util.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/macros.h" 10 #include "base/macros.h"
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after
141 std::unique_ptr<cast_crypto::CertVerificationContext> verification_context; 141 std::unique_ptr<cast_crypto::CertVerificationContext> verification_context;
142 142
143 // Build a single vector containing the certificate chain. 143 // Build a single vector containing the certificate chain.
144 std::vector<std::string> cert_chain; 144 std::vector<std::string> cert_chain;
145 cert_chain.push_back(response.client_auth_certificate()); 145 cert_chain.push_back(response.client_auth_certificate());
146 cert_chain.insert(cert_chain.end(), 146 cert_chain.insert(cert_chain.end(),
147 response.intermediate_certificate().begin(), 147 response.intermediate_certificate().begin(),
148 response.intermediate_certificate().end()); 148 response.intermediate_certificate().end());
149 149
150 // Use the current time when checking certificate validity. 150 // Use the current time when checking certificate validity.
151 base::Time::Exploded now; 151 base::Time now = base::Time::Now();
152 base::Time::Now().UTCExplode(&now);
153 152
153 // CRL should not be enforced until it is served.
154 cast_crypto::CastDeviceCertPolicy device_policy; 154 cast_crypto::CastDeviceCertPolicy device_policy;
155 if (!cast_crypto::VerifyDeviceCert(cert_chain, now, &verification_context, 155 if (!cast_crypto::VerifyDeviceCert(
156 &device_policy)) { 156 cert_chain, now, &verification_context, &device_policy, nullptr,
157 cast_certificate::CRLPolicy::CRL_OPTIONAL)) {
157 // TODO(eroman): The error information was lost; this error is ambiguous. 158 // TODO(eroman): The error information was lost; this error is ambiguous.
158 return AuthResult("Failed verifying cast device certificate", 159 return AuthResult("Failed verifying cast device certificate",
159 AuthResult::ERROR_CERT_NOT_SIGNED_BY_TRUSTED_CA); 160 AuthResult::ERROR_CERT_NOT_SIGNED_BY_TRUSTED_CA);
160 } 161 }
161 162
162 if (!verification_context->VerifySignatureOverData(response.signature(), 163 if (!verification_context->VerifySignatureOverData(response.signature(),
163 signature_input)) { 164 signature_input)) {
164 return AuthResult("Failed verifying signature over data", 165 return AuthResult("Failed verifying signature over data",
165 AuthResult::ERROR_SIGNED_BLOBS_MISMATCH); 166 AuthResult::ERROR_SIGNED_BLOBS_MISMATCH);
166 } 167 }
167 168
168 AuthResult success; 169 AuthResult success;
169 170
170 // Set the policy into the result. 171 // Set the policy into the result.
171 switch (device_policy) { 172 switch (device_policy) {
172 case cast_crypto::CastDeviceCertPolicy::AUDIO_ONLY: 173 case cast_crypto::CastDeviceCertPolicy::AUDIO_ONLY:
173 success.channel_policies = AuthResult::POLICY_AUDIO_ONLY; 174 success.channel_policies = AuthResult::POLICY_AUDIO_ONLY;
174 break; 175 break;
175 case cast_crypto::CastDeviceCertPolicy::NONE: 176 case cast_crypto::CastDeviceCertPolicy::NONE:
176 success.channel_policies = AuthResult::POLICY_NONE; 177 success.channel_policies = AuthResult::POLICY_NONE;
177 break; 178 break;
178 } 179 }
179 180
180 return success; 181 return success;
181 } 182 }
182 183
183 } // namespace cast_channel 184 } // namespace cast_channel
184 } // namespace api 185 } // namespace api
185 } // namespace extensions 186 } // namespace extensions
OLDNEW
« components/cast_certificate/cast_crl_unittest.cc ('K') | « components/test/data/cast_certificate/testsuite/testsuite1.pb_text ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698