| Index: components/cast_certificate/cast_cert_validator.h
|
| diff --git a/components/cast_certificate/cast_cert_validator.h b/components/cast_certificate/cast_cert_validator.h
|
| index be924be74da3713f8f2ec81db1c05b24d6642f87..23378cb684c65bd84371f04bfb2b26e7419796db 100644
|
| --- a/components/cast_certificate/cast_cert_validator.h
|
| +++ b/components/cast_certificate/cast_cert_validator.h
|
| @@ -16,8 +16,6 @@
|
|
|
| namespace cast_certificate {
|
|
|
| -class CastCRL;
|
| -
|
| // Describes the policy for a Device certificate.
|
| enum class CastDeviceCertPolicy {
|
| // The device certificate is unrestricted.
|
| @@ -25,14 +23,6 @@
|
|
|
| // The device certificate is for an audio-only device.
|
| AUDIO_ONLY,
|
| -};
|
| -
|
| -enum class CRLPolicy {
|
| - // Revocation is only checked if a CRL is provided.
|
| - CRL_OPTIONAL,
|
| -
|
| - // Revocation is always checked. A missing CRL results in failure.
|
| - CRL_REQUIRED,
|
| };
|
|
|
| // An object of this type is returned by the VerifyDeviceCert function, and can
|
| @@ -68,15 +58,8 @@
|
| // * |certs[1..n-1]| are intermediates certificates to use in path building.
|
| // Their ordering does not matter.
|
| //
|
| -// * |time| is the unix timestamp to use for determining if the certificate
|
| +// * |time| is the UTC time to use for determining if the certificate
|
| // is expired.
|
| -//
|
| -// * |crl| is the CRL to check for certificate revocation status.
|
| -// If this is a nullptr, then revocation checking is currently disabled.
|
| -//
|
| -// * |crl_options| is for choosing how to handle the absence of a CRL.
|
| -// If crl_required is set to true, then an empty |crl| input would result
|
| -// in a failed verification. Otherwise, |crl| is ignored if it is absent.
|
| //
|
| // Outputs:
|
| //
|
| @@ -89,11 +72,9 @@
|
| // * |policy| is filled with an indication of the device certificate's policy
|
| // (i.e. is it for audio-only devices or is it unrestricted?)
|
| bool VerifyDeviceCert(const std::vector<std::string>& certs,
|
| - const base::Time& time,
|
| + const base::Time::Exploded& time,
|
| std::unique_ptr<CertVerificationContext>* context,
|
| - CastDeviceCertPolicy* policy,
|
| - const CastCRL* crl,
|
| - CRLPolicy crl_policy) WARN_UNUSED_RESULT;
|
| + CastDeviceCertPolicy* policy) WARN_UNUSED_RESULT;
|
|
|
| // Exposed only for unit-tests, not for use in production code.
|
| // Production code would get a context from VerifyDeviceCert().
|
| @@ -105,9 +86,13 @@
|
|
|
| // Exposed only for testing, not for use in production code.
|
| //
|
| -// Replaces trusted root certificates in the CastTrustStore.
|
| -// Returns true if successful, false if nothing is changed.
|
| -bool SetTrustAnchorForTest(const std::string& cert) WARN_UNUSED_RESULT;
|
| +// Injects trusted root certificates into the CastTrustStore.
|
| +// |data| must remain valid and not be mutated throughout the lifetime of
|
| +// the program.
|
| +// Warning: Using this function concurrently with VerifyDeviceCert()
|
| +// is not thread safe.
|
| +bool AddTrustAnchorForTest(const uint8_t* data,
|
| + size_t length) WARN_UNUSED_RESULT;
|
|
|
| } // namespace cast_certificate
|
|
|
|
|
Chromium Code Reviews
Issue 2181013002:
Revert of Cast device revocation checking. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master