| Index: components/cast_certificate/cast_cert_validator.cc
|
| diff --git a/components/cast_certificate/cast_cert_validator.cc b/components/cast_certificate/cast_cert_validator.cc
|
| index f7c62dd7aff5bc32904119251bc05f78a79ff329..9dcff2fe63f99412671f756366a8591e34027614 100644
|
| --- a/components/cast_certificate/cast_cert_validator.cc
|
| +++ b/components/cast_certificate/cast_cert_validator.cc
|
| @@ -251,14 +251,14 @@ net::ParseCertificateOptions GetCertParsingOptions() {
|
| return options;
|
| }
|
|
|
| -} // namespace
|
| -
|
| +// Verifies a cast device certficate given a chain of DER-encoded certificates.
|
| bool VerifyDeviceCert(const std::vector<std::string>& certs,
|
| const base::Time& time,
|
| std::unique_ptr<CertVerificationContext>* context,
|
| CastDeviceCertPolicy* policy,
|
| const CastCRL* crl,
|
| - CRLPolicy crl_policy) {
|
| + CRLPolicy crl_policy,
|
| + net::TrustStore* trust_store) {
|
| if (certs.empty())
|
| return false;
|
|
|
| @@ -290,7 +290,7 @@ bool VerifyDeviceCert(const std::vector<std::string>& certs,
|
| if (!net::der::EncodeTimeAsGeneralizedTime(time, &verification_time))
|
| return false;
|
| net::CertPathBuilder::Result result;
|
| - net::CertPathBuilder path_builder(target_cert.get(), &CastTrustStore::Get(),
|
| + net::CertPathBuilder path_builder(target_cert.get(), trust_store,
|
| signature_policy.get(), verification_time,
|
| &result);
|
| path_builder.AddCertIssuerSource(&intermediate_cert_issuer_source);
|
| @@ -322,6 +322,29 @@ bool VerifyDeviceCert(const std::vector<std::string>& certs,
|
| return true;
|
| }
|
|
|
| +} // namespace
|
| +
|
| +bool VerifyDeviceCert(const std::vector<std::string>& certs,
|
| + const base::Time& time,
|
| + std::unique_ptr<CertVerificationContext>* context,
|
| + CastDeviceCertPolicy* policy,
|
| + const CastCRL* crl,
|
| + CRLPolicy crl_policy) {
|
| + return VerifyDeviceCert(certs, time, context, policy, crl, crl_policy,
|
| + &CastTrustStore::Get());
|
| +}
|
| +
|
| +bool VerifyDeviceCertForTest(const std::vector<std::string>& certs,
|
| + const base::Time& time,
|
| + std::unique_ptr<CertVerificationContext>* context,
|
| + CastDeviceCertPolicy* policy,
|
| + const CastCRL* crl,
|
| + CRLPolicy crl_policy,
|
| + net::TrustStore* trust_store) {
|
| + return VerifyDeviceCert(certs, time, context, policy, crl, crl_policy,
|
| + trust_store);
|
| +}
|
| +
|
| std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest(
|
| const base::StringPiece& spki) {
|
| // Use a bogus CommonName, since this is just exposed for testing signature
|
| @@ -330,15 +353,4 @@ std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest(
|
| new CertVerificationContextImpl(net::der::Input(spki), "CommonName"));
|
| }
|
|
|
| -bool SetTrustAnchorForTest(const std::string& cert) {
|
| - scoped_refptr<net::ParsedCertificate> anchor(
|
| - net::ParsedCertificate::CreateFromCertificateCopy(
|
| - cert, GetCertParsingOptions()));
|
| - if (!anchor)
|
| - return false;
|
| - CastTrustStore::Get().Clear();
|
| - CastTrustStore::Get().AddTrustedCertificate(std::move(anchor));
|
| - return true;
|
| -}
|
| -
|
| } // namespace cast_certificate
|
|
|
Chromium Code Reviews
Issue 2205403002:
Add production Cast CRL certificate. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master