Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(287)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/browser/api/cast_channel/cast_auth_util.cc

Issue 2181013002: Revert of Cast device revocation checking. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/test/data/cast_certificate/testsuite/testsuite1.pb_text ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/browser/api/cast_channel/cast_auth_util.h" 5 #include "extensions/browser/api/cast_channel/cast_auth_util.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/macros.h" 10 #include "base/macros.h"
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after
141 std::unique_ptr<cast_crypto::CertVerificationContext> verification_context; 141 std::unique_ptr<cast_crypto::CertVerificationContext> verification_context;
142 142
143 // Build a single vector containing the certificate chain. 143 // Build a single vector containing the certificate chain.
144 std::vector<std::string> cert_chain; 144 std::vector<std::string> cert_chain;
145 cert_chain.push_back(response.client_auth_certificate()); 145 cert_chain.push_back(response.client_auth_certificate());
146 cert_chain.insert(cert_chain.end(), 146 cert_chain.insert(cert_chain.end(),
147 response.intermediate_certificate().begin(), 147 response.intermediate_certificate().begin(),
148 response.intermediate_certificate().end()); 148 response.intermediate_certificate().end());
149 149
150 // Use the current time when checking certificate validity. 150 // Use the current time when checking certificate validity.
151 base::Time now = base::Time::Now(); 151 base::Time::Exploded now;
152 base::Time::Now().UTCExplode(&now);
152 153
153 // CRL should not be enforced until it is served.
154 cast_crypto::CastDeviceCertPolicy device_policy; 154 cast_crypto::CastDeviceCertPolicy device_policy;
155 if (!cast_crypto::VerifyDeviceCert( 155 if (!cast_crypto::VerifyDeviceCert(cert_chain, now, &verification_context,
156 cert_chain, now, &verification_context, &device_policy, nullptr, 156 &device_policy)) {
157 cast_certificate::CRLPolicy::CRL_OPTIONAL)) {
158 // TODO(eroman): The error information was lost; this error is ambiguous. 157 // TODO(eroman): The error information was lost; this error is ambiguous.
159 return AuthResult("Failed verifying cast device certificate", 158 return AuthResult("Failed verifying cast device certificate",
160 AuthResult::ERROR_CERT_NOT_SIGNED_BY_TRUSTED_CA); 159 AuthResult::ERROR_CERT_NOT_SIGNED_BY_TRUSTED_CA);
161 } 160 }
162 161
163 if (!verification_context->VerifySignatureOverData(response.signature(), 162 if (!verification_context->VerifySignatureOverData(response.signature(),
164 signature_input)) { 163 signature_input)) {
165 return AuthResult("Failed verifying signature over data", 164 return AuthResult("Failed verifying signature over data",
166 AuthResult::ERROR_SIGNED_BLOBS_MISMATCH); 165 AuthResult::ERROR_SIGNED_BLOBS_MISMATCH);
167 } 166 }
168 167
169 AuthResult success; 168 AuthResult success;
170 169
171 // Set the policy into the result. 170 // Set the policy into the result.
172 switch (device_policy) { 171 switch (device_policy) {
173 case cast_crypto::CastDeviceCertPolicy::AUDIO_ONLY: 172 case cast_crypto::CastDeviceCertPolicy::AUDIO_ONLY:
174 success.channel_policies = AuthResult::POLICY_AUDIO_ONLY; 173 success.channel_policies = AuthResult::POLICY_AUDIO_ONLY;
175 break; 174 break;
176 case cast_crypto::CastDeviceCertPolicy::NONE: 175 case cast_crypto::CastDeviceCertPolicy::NONE:
177 success.channel_policies = AuthResult::POLICY_NONE; 176 success.channel_policies = AuthResult::POLICY_NONE;
178 break; 177 break;
179 } 178 }
180 179
181 return success; 180 return success;
182 } 181 }
183 182
184 } // namespace cast_channel 183 } // namespace cast_channel
185 } // namespace api 184 } // namespace api
186 } // namespace extensions 185 } // namespace extensions
OLDNEW
« no previous file with comments | « components/test/data/cast_certificate/testsuite/testsuite1.pb_text ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698