| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/cast_certificate/cast_cert_validator.h" | 5 #include "components/cast_certificate/cast_cert_validator.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 271 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 282 } | 282 } |
| 283 } | 283 } |
| 284 | 284 |
| 285 // Use a signature policy compatible with Cast's PKI. | 285 // Use a signature policy compatible with Cast's PKI. |
| 286 auto signature_policy = CreateCastSignaturePolicy(); | 286 auto signature_policy = CreateCastSignaturePolicy(); |
| 287 | 287 |
| 288 // Do RFC 5280 compatible certificate verification using the two Cast | 288 // Do RFC 5280 compatible certificate verification using the two Cast |
| 289 // trust anchors and Cast signature policy. | 289 // trust anchors and Cast signature policy. |
| 290 if (!net::VerifyCertificateChain(input_chain, CastTrustStore::Get(), | 290 if (!net::VerifyCertificateChain(input_chain, CastTrustStore::Get(), |
| 291 signature_policy.get(), | 291 signature_policy.get(), |
| 292 ConvertExplodedTime(time))) { | 292 ConvertExplodedTime(time), nullptr)) { |
| 293 return false; | 293 return false; |
| 294 } | 294 } |
| 295 | 295 |
| 296 // Check properties of the leaf certificate (key usage, policy), and construct | 296 // Check properties of the leaf certificate (key usage, policy), and construct |
| 297 // a CertVerificationContext that uses its public key. | 297 // a CertVerificationContext that uses its public key. |
| 298 return CheckTargetCertificate(input_chain[0].get(), context, policy); | 298 return CheckTargetCertificate(input_chain[0].get(), context, policy); |
| 299 } | 299 } |
| 300 | 300 |
| 301 std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest( | 301 std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest( |
| 302 const base::StringPiece& spki) { | 302 const base::StringPiece& spki) { |
| 303 // Use a bogus CommonName, since this is just exposed for testing signature | 303 // Use a bogus CommonName, since this is just exposed for testing signature |
| 304 // verification by unittests. | 304 // verification by unittests. |
| 305 return base::WrapUnique( | 305 return base::WrapUnique( |
| 306 new CertVerificationContextImpl(net::der::Input(spki), "CommonName")); | 306 new CertVerificationContextImpl(net::der::Input(spki), "CommonName")); |
| 307 } | 307 } |
| 308 | 308 |
| 309 bool AddTrustAnchorForTest(const uint8_t* data, size_t length) { | 309 bool AddTrustAnchorForTest(const uint8_t* data, size_t length) { |
| 310 scoped_refptr<net::ParsedCertificate> anchor( | 310 scoped_refptr<net::ParsedCertificate> anchor( |
| 311 net::ParsedCertificate::CreateFromCertificateData( | 311 net::ParsedCertificate::CreateFromCertificateData( |
| 312 data, length, | 312 data, length, |
| 313 net::ParsedCertificate::DataSource::EXTERNAL_REFERENCE)); | 313 net::ParsedCertificate::DataSource::EXTERNAL_REFERENCE)); |
| 314 if (!anchor) | 314 if (!anchor) |
| 315 return false; | 315 return false; |
| 316 CastTrustStore::Get().AddTrustedCertificate(std::move(anchor)); | 316 CastTrustStore::Get().AddTrustedCertificate(std::move(anchor)); |
| 317 return true; | 317 return true; |
| 318 } | 318 } |
| 319 | 319 |
| 320 } // namespace cast_certificate | 320 } // namespace cast_certificate |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2078653002:
Add an out parameter to VerifyCertificateChain for retrieving the trusted chain. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master