| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/cast_certificate/cast_crl.h" | 5 #include "components/cast_certificate/cast_crl.h" |
| 6 | 6 |
| 7 #include <unordered_map> | 7 #include <unordered_map> |
| 8 #include <unordered_set> | 8 #include <unordered_set> |
| 9 | 9 |
| 10 #include "base/base64.h" | 10 #include "base/base64.h" |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 118 } | 118 } |
| 119 | 119 |
| 120 // Wrap the signature in a BitString. | 120 // Wrap the signature in a BitString. |
| 121 net::der::BitString signature_value_bit_string = net::der::BitString( | 121 net::der::BitString signature_value_bit_string = net::der::BitString( |
| 122 net::der::Input(base::StringPiece(crl.signature())), 0); | 122 net::der::Input(base::StringPiece(crl.signature())), 0); |
| 123 | 123 |
| 124 // Verify the signature. | 124 // Verify the signature. |
| 125 auto signature_policy = CreateCastSignaturePolicy(); | 125 auto signature_policy = CreateCastSignaturePolicy(); |
| 126 std::unique_ptr<net::SignatureAlgorithm> signature_algorithm_type = | 126 std::unique_ptr<net::SignatureAlgorithm> signature_algorithm_type = |
| 127 net::SignatureAlgorithm::CreateRsaPkcs1(net::DigestAlgorithm::Sha256); | 127 net::SignatureAlgorithm::CreateRsaPkcs1(net::DigestAlgorithm::Sha256); |
| 128 net::CertErrors errors; |
| 128 if (!VerifySignedData(*signature_algorithm_type, | 129 if (!VerifySignedData(*signature_algorithm_type, |
| 129 net::der::Input(&crl.tbs_crl()), | 130 net::der::Input(&crl.tbs_crl()), |
| 130 signature_value_bit_string, parsed_cert->tbs().spki_tlv, | 131 signature_value_bit_string, parsed_cert->tbs().spki_tlv, |
| 131 signature_policy.get())) { | 132 signature_policy.get(), &errors)) { |
| 133 // TODO(634443): Dump the error information. |
| 132 VLOG(2) << "CRL - Signature verification failed."; | 134 VLOG(2) << "CRL - Signature verification failed."; |
| 133 return false; | 135 return false; |
| 134 } | 136 } |
| 135 | 137 |
| 136 // Verify the issuer certificate. | 138 // Verify the issuer certificate. |
| 137 net::der::GeneralizedTime verification_time; | 139 net::der::GeneralizedTime verification_time; |
| 138 if (!net::der::EncodeTimeAsGeneralizedTime(time, &verification_time)) { | 140 if (!net::der::EncodeTimeAsGeneralizedTime(time, &verification_time)) { |
| 139 VLOG(2) << "CRL - Unable to parse verification time."; | 141 VLOG(2) << "CRL - Unable to parse verification time."; |
| 140 return false; | 142 return false; |
| 141 } | 143 } |
| (...skipping 210 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 352 } | 354 } |
| 353 | 355 |
| 354 std::unique_ptr<CastCRL> ParseAndVerifyCRLForTest( | 356 std::unique_ptr<CastCRL> ParseAndVerifyCRLForTest( |
| 355 const std::string& crl_proto, | 357 const std::string& crl_proto, |
| 356 const base::Time& time, | 358 const base::Time& time, |
| 357 net::TrustStore* trust_store) { | 359 net::TrustStore* trust_store) { |
| 358 return ParseAndVerifyCRL(crl_proto, time, trust_store); | 360 return ParseAndVerifyCRL(crl_proto, time, trust_store); |
| 359 } | 361 } |
| 360 | 362 |
| 361 } // namespace cast_certificate | 363 } // namespace cast_certificate |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2289363004:
Add error information to VerifySignedData(). (Closed)
