Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(677)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/cast_certificate/cast_cert_validator.cc

Issue 2050983002: Cast device revocation checking. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixed proto again Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « components/cast_certificate/cast_cert_validator.h ('k') | components/cast_certificate/cast_cert_validator_test_helpers.h » ('j') | components/cast_certificate/cast_crl.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/cast_certificate/cast_cert_validator.cc
diff --git a/components/cast_certificate/cast_cert_validator.cc b/components/cast_certificate/cast_cert_validator.cc
index ec1fae2ee850d8a9b230ef0bb2cfc0b4d7debc6b..5c696c0b5cc5488b1710413cf670da5e1768b1ae 100644
--- a/components/cast_certificate/cast_cert_validator.cc
+++ b/components/cast_certificate/cast_cert_validator.cc
@@ -14,6 +14,7 @@
#include "base/memory/ptr_util.h"
#include "base/memory/singleton.h"
#include "net/cert/internal/cert_issuer_source_static.h"
+#include "components/cast_certificate/cast_crl.h"
#include "net/cert/internal/certificate_policies.h"
#include "net/cert/internal/extended_key_usage.h"
#include "net/cert/internal/parse_certificate.h"
@@ -267,7 +268,9 @@ net::ParseCertificateOptions GetCertParsingOptions() {
bool VerifyDeviceCert(const std::vector<std::string>& certs,
const base::Time::Exploded& time,
std::unique_ptr<CertVerificationContext>* context,
- CastDeviceCertPolicy* policy) {
+ CastDeviceCertPolicy* policy,
+ const CastCRL* crl,
+ CRLPolicy crl_policy) {
if (certs.empty())
return false;
@@ -307,7 +310,24 @@ bool VerifyDeviceCert(const std::vector<std::string>& certs,
// Check properties of the leaf certificate (key usage, policy), and construct
// a CertVerificationContext that uses its public key.
- return CheckTargetCertificate(target_cert.get(), context, policy);
+ if (!CheckTargetCertificate(target_cert.get(), context, policy))
+ return false;
+
+ // Check if a CRL is available.
+ if (!crl) {
+ if (crl_policy == CRLPolicy::CRL_REQUIRED) {
+ return false;
+ }
+ } else {
+ if (result.paths.empty() ||
eroman 2016/07/15 22:52:48 I'll see about simplifying these checks later, kin
+ !result.paths[result.best_result_index]->is_success())
+ return false;
+
+ if (!crl->CheckRevocation(result.paths[result.best_result_index]->path,
+ time))
+ return false;
+ }
+ return true;
}
std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest(
@@ -318,11 +338,11 @@ std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest(
new CertVerificationContextImpl(net::der::Input(spki), "CommonName"));
}
-bool AddTrustAnchorForTest(const uint8_t* data, size_t length) {
+bool SetTrustAnchorForTest(const std::string& cert) {
scoped_refptr<net::ParsedCertificate> anchor(
- net::ParsedCertificate::CreateFromCertificateData(
- data, length, net::ParsedCertificate::DataSource::EXTERNAL_REFERENCE,
- GetCertParsingOptions()));
+ net::ParsedCertificate::CreateFromCertificateCopy(
+ cert, GetCertParsingOptions()));
+ CastTrustStore::Get().Clear();
if (!anchor)
return false;
CastTrustStore::Get().AddTrustedCertificate(std::move(anchor));
« no previous file with comments | « components/cast_certificate/cast_cert_validator.h ('k') | components/cast_certificate/cast_cert_validator_test_helpers.h » ('j') | components/cast_certificate/cast_crl.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698