Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(893)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/cast_certificate/cast_cert_validator.cc

Issue 2205403002: Add production Cast CRL certificate. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: TrustStore as explicit dependency for testing verify functions. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« components/cast_certificate/cast_cert_validator.h ('K') | « components/cast_certificate/cast_cert_validator.h ('k') | components/cast_certificate/cast_crl.h » ('j') | components/cast_certificate/cast_crl.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/cast_certificate/cast_cert_validator.cc
diff --git a/components/cast_certificate/cast_cert_validator.cc b/components/cast_certificate/cast_cert_validator.cc
index f7c62dd7aff5bc32904119251bc05f78a79ff329..98025086cfffb2c399857d4ccc9b841d9e138172 100644
--- a/components/cast_certificate/cast_cert_validator.cc
+++ b/components/cast_certificate/cast_cert_validator.cc
@@ -251,14 +251,14 @@ net::ParseCertificateOptions GetCertParsingOptions() {
return options;
}
-} // namespace
-
+// Verifies a cast device certficate given a chain of DER-encoded certificates.
bool VerifyDeviceCert(const std::vector<std::string>& certs,
const base::Time& time,
std::unique_ptr<CertVerificationContext>* context,
CastDeviceCertPolicy* policy,
const CastCRL* crl,
- CRLPolicy crl_policy) {
+ CRLPolicy crl_policy,
+ net::TrustStore& trust_store) {
eroman 2016/08/04 19:28:52 Please pass this as a pointer (or const reference
ryanchung 2016/08/04 21:56:52 Done.
if (certs.empty())
return false;
@@ -290,7 +290,7 @@ bool VerifyDeviceCert(const std::vector<std::string>& certs,
if (!net::der::EncodeTimeAsGeneralizedTime(time, &verification_time))
return false;
net::CertPathBuilder::Result result;
- net::CertPathBuilder path_builder(target_cert.get(), &CastTrustStore::Get(),
+ net::CertPathBuilder path_builder(target_cert.get(), &trust_store,
signature_policy.get(), verification_time,
&result);
path_builder.AddCertIssuerSource(&intermediate_cert_issuer_source);
@@ -322,6 +322,29 @@ bool VerifyDeviceCert(const std::vector<std::string>& certs,
return true;
}
+} // namespace
+
+bool VerifyDeviceCert(const std::vector<std::string>& certs,
+ const base::Time& time,
+ std::unique_ptr<CertVerificationContext>* context,
+ CastDeviceCertPolicy* policy,
+ const CastCRL* crl,
+ CRLPolicy crl_policy) {
+ return VerifyDeviceCert(certs, time, context, policy, crl, crl_policy,
+ CastTrustStore::Get());
+}
+
+bool VerifyDeviceCertForTest(const std::vector<std::string>& certs,
+ const base::Time& time,
+ std::unique_ptr<CertVerificationContext>* context,
+ CastDeviceCertPolicy* policy,
+ const CastCRL* crl,
+ CRLPolicy crl_policy,
+ net::TrustStore& trust_store) {
eroman 2016/08/04 19:28:52 Same comment as elsewhere (pointer or const-refere
ryanchung 2016/08/04 21:56:52 Done.
+ return VerifyDeviceCert(certs, time, context, policy, crl, crl_policy,
+ trust_store);
+}
+
std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest(
const base::StringPiece& spki) {
// Use a bogus CommonName, since this is just exposed for testing signature
« components/cast_certificate/cast_cert_validator.h ('K') | « components/cast_certificate/cast_cert_validator.h ('k') | components/cast_certificate/cast_crl.h » ('j') | components/cast_certificate/cast_crl.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698