OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/cast_certificate/cast_crl.h" | 5 #include "components/cast_certificate/cast_crl.h" |
6 | 6 |
7 #include <unordered_map> | 7 #include <unordered_map> |
8 #include <unordered_set> | 8 #include <unordered_set> |
9 | 9 |
10 #include "base/base64.h" | 10 #include "base/base64.h" |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
85 base::Time::UnixEpoch() + | 85 base::Time::UnixEpoch() + |
86 base::TimeDelta::FromSeconds(base::saturated_cast<int64_t>(seconds)); | 86 base::TimeDelta::FromSeconds(base::saturated_cast<int64_t>(seconds)); |
87 return net::der::EncodeTimeAsGeneralizedTime(unix_timestamp, | 87 return net::der::EncodeTimeAsGeneralizedTime(unix_timestamp, |
88 generalized_time); | 88 generalized_time); |
89 } | 89 } |
90 | 90 |
91 // Specifies the signature verification policy. | 91 // Specifies the signature verification policy. |
92 // The required algorithms are: | 92 // The required algorithms are: |
93 // RSASSA PKCS#1 v1.5 with SHA-256, using RSA keys 2048-bits or longer. | 93 // RSASSA PKCS#1 v1.5 with SHA-256, using RSA keys 2048-bits or longer. |
94 std::unique_ptr<net::SignaturePolicy> CreateCastSignaturePolicy() { | 94 std::unique_ptr<net::SignaturePolicy> CreateCastSignaturePolicy() { |
95 return base::WrapUnique(new net::SimpleSignaturePolicy(2048)); | 95 return base::MakeUnique<net::SimpleSignaturePolicy>(2048); |
96 } | 96 } |
97 | 97 |
98 // Verifies the CRL is signed by a trusted CRL authority at the time the CRL | 98 // Verifies the CRL is signed by a trusted CRL authority at the time the CRL |
99 // was issued. Verifies the signature of |tbs_crl| is valid based on the | 99 // was issued. Verifies the signature of |tbs_crl| is valid based on the |
100 // certificate and signature in |crl|. The validity of |tbs_crl| is verified | 100 // certificate and signature in |crl|. The validity of |tbs_crl| is verified |
101 // at |time|. The validity period of the CRL is adjusted to be the earliest | 101 // at |time|. The validity period of the CRL is adjusted to be the earliest |
102 // of the issuer certificate chain's expiration and the CRL's expiration and | 102 // of the issuer certificate chain's expiration and the CRL's expiration and |
103 // the result is stored in |overall_not_after|. | 103 // the result is stored in |overall_not_after|. |
104 bool VerifyCRL(const Crl& crl, | 104 bool VerifyCRL(const Crl& crl, |
105 const TbsCrl& tbs_crl, | 105 const TbsCrl& tbs_crl, |
(...skipping 225 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
331 continue; | 331 continue; |
332 } | 332 } |
333 if (tbs_crl.version() != CRL_VERSION_0) { | 333 if (tbs_crl.version() != CRL_VERSION_0) { |
334 continue; | 334 continue; |
335 } | 335 } |
336 net::der::GeneralizedTime overall_not_after; | 336 net::der::GeneralizedTime overall_not_after; |
337 if (!VerifyCRL(crl, tbs_crl, time, trust_store, &overall_not_after)) { | 337 if (!VerifyCRL(crl, tbs_crl, time, trust_store, &overall_not_after)) { |
338 LOG(ERROR) << "CRL - Verification failed."; | 338 LOG(ERROR) << "CRL - Verification failed."; |
339 return nullptr; | 339 return nullptr; |
340 } | 340 } |
341 return base::WrapUnique(new CastCRLImpl(tbs_crl, overall_not_after)); | 341 return base::MakeUnique<CastCRLImpl>(tbs_crl, overall_not_after); |
342 } | 342 } |
343 LOG(ERROR) << "No supported version of revocation data."; | 343 LOG(ERROR) << "No supported version of revocation data."; |
344 return nullptr; | 344 return nullptr; |
345 } | 345 } |
346 | 346 |
347 } // namespace | 347 } // namespace |
348 | 348 |
349 std::unique_ptr<CastCRL> ParseAndVerifyCRL(const std::string& crl_proto, | 349 std::unique_ptr<CastCRL> ParseAndVerifyCRL(const std::string& crl_proto, |
350 const base::Time& time) { | 350 const base::Time& time) { |
351 return ParseAndVerifyCRL(crl_proto, time, &CastCRLTrustStore::Get()); | 351 return ParseAndVerifyCRL(crl_proto, time, &CastCRLTrustStore::Get()); |
352 } | 352 } |
353 | 353 |
354 std::unique_ptr<CastCRL> ParseAndVerifyCRLForTest( | 354 std::unique_ptr<CastCRL> ParseAndVerifyCRLForTest( |
355 const std::string& crl_proto, | 355 const std::string& crl_proto, |
356 const base::Time& time, | 356 const base::Time& time, |
357 net::TrustStore* trust_store) { | 357 net::TrustStore* trust_store) { |
358 return ParseAndVerifyCRL(crl_proto, time, trust_store); | 358 return ParseAndVerifyCRL(crl_proto, time, trust_store); |
359 } | 359 } |
360 | 360 |
361 } // namespace cast_certificate | 361 } // namespace cast_certificate |
OLD | NEW |