OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/cast_certificate/cast_cert_validator.h" | 5 #include "components/cast_certificate/cast_cert_validator.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <algorithm> | 10 #include <algorithm> |
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
109 // sizes) are acceptable. It is used when verifying a chain of certificates, as | 109 // sizes) are acceptable. It is used when verifying a chain of certificates, as |
110 // well as when verifying digital signature using the target certificate's | 110 // well as when verifying digital signature using the target certificate's |
111 // SPKI. | 111 // SPKI. |
112 // | 112 // |
113 // This particular policy allows for: | 113 // This particular policy allows for: |
114 // * ECDSA, RSA-SSA, and RSA-PSS | 114 // * ECDSA, RSA-SSA, and RSA-PSS |
115 // * Supported EC curves: P-256, P-384, P-521. | 115 // * Supported EC curves: P-256, P-384, P-521. |
116 // * Hashes: All SHA hashes including SHA-1 (despite being known weak). | 116 // * Hashes: All SHA hashes including SHA-1 (despite being known weak). |
117 // * RSA keys must have a modulus at least 2048-bits long. | 117 // * RSA keys must have a modulus at least 2048-bits long. |
118 std::unique_ptr<net::SignaturePolicy> CreateCastSignaturePolicy() { | 118 std::unique_ptr<net::SignaturePolicy> CreateCastSignaturePolicy() { |
119 return base::WrapUnique(new net::SimpleSignaturePolicy(2048)); | 119 return base::MakeUnique<net::SimpleSignaturePolicy>(2048); |
120 } | 120 } |
121 | 121 |
122 class CertVerificationContextImpl : public CertVerificationContext { | 122 class CertVerificationContextImpl : public CertVerificationContext { |
123 public: | 123 public: |
124 // Save a copy of the passed in public key (DER) and common name (text). | 124 // Save a copy of the passed in public key (DER) and common name (text). |
125 CertVerificationContextImpl(const net::der::Input& spki, | 125 CertVerificationContextImpl(const net::der::Input& spki, |
126 const base::StringPiece& common_name) | 126 const base::StringPiece& common_name) |
127 : spki_(spki.AsString()), common_name_(common_name.as_string()) {} | 127 : spki_(spki.AsString()), common_name_(common_name.as_string()) {} |
128 | 128 |
129 bool VerifySignatureOverData(const base::StringPiece& signature, | 129 bool VerifySignatureOverData(const base::StringPiece& signature, |
(...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
345 CRLPolicy crl_policy, | 345 CRLPolicy crl_policy, |
346 net::TrustStore* trust_store) { | 346 net::TrustStore* trust_store) { |
347 return VerifyDeviceCert(certs, time, context, policy, crl, crl_policy, | 347 return VerifyDeviceCert(certs, time, context, policy, crl, crl_policy, |
348 trust_store); | 348 trust_store); |
349 } | 349 } |
350 | 350 |
351 std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest( | 351 std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest( |
352 const base::StringPiece& spki) { | 352 const base::StringPiece& spki) { |
353 // Use a bogus CommonName, since this is just exposed for testing signature | 353 // Use a bogus CommonName, since this is just exposed for testing signature |
354 // verification by unittests. | 354 // verification by unittests. |
355 return base::WrapUnique( | 355 return base::MakeUnique<CertVerificationContextImpl>(net::der::Input(spki), |
356 new CertVerificationContextImpl(net::der::Input(spki), "CommonName")); | 356 "CommonName"); |
357 } | 357 } |
358 | 358 |
359 } // namespace cast_certificate | 359 } // namespace cast_certificate |
OLD | NEW |