Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(59)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/cast_certificate/cast_cert_validator.cc

Issue 2292333002: Add errors per ResultPath for CertPathBuilder. (Closed)
Patch Set: Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | components/cast_certificate/cast_crl.cc » ('j') | net/cert/internal/path_builder.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/cast_certificate/cast_cert_validator.h" 5 #include "components/cast_certificate/cast_cert_validator.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include <algorithm> 10 #include <algorithm>
(...skipping 281 matching lines...) Expand 10 before | Expand all | Expand 10 after
292 net::der::GeneralizedTime verification_time; 292 net::der::GeneralizedTime verification_time;
293 if (!net::der::EncodeTimeAsGeneralizedTime(time, &verification_time)) 293 if (!net::der::EncodeTimeAsGeneralizedTime(time, &verification_time))
294 return false; 294 return false;
295 net::CertPathBuilder::Result result; 295 net::CertPathBuilder::Result result;
296 net::CertPathBuilder path_builder(target_cert.get(), trust_store, 296 net::CertPathBuilder path_builder(target_cert.get(), trust_store,
297 signature_policy.get(), verification_time, 297 signature_policy.get(), verification_time,
298 &result); 298 &result);
299 path_builder.AddCertIssuerSource(&intermediate_cert_issuer_source); 299 path_builder.AddCertIssuerSource(&intermediate_cert_issuer_source);
300 net::CompletionStatus rv = path_builder.Run(base::Closure()); 300 net::CompletionStatus rv = path_builder.Run(base::Closure());
301 DCHECK_EQ(rv, net::CompletionStatus::SYNC); 301 DCHECK_EQ(rv, net::CompletionStatus::SYNC);
302 if (!result.is_success()) 302 if (!result.HasValidPath()) {
303 // TODO(crbug.com/634443): Log error information.
303 return false; 304 return false;
305 }
304 306
305 // Check properties of the leaf certificate (key usage, policy), and construct 307 // Check properties of the leaf certificate (key usage, policy), and construct
306 // a CertVerificationContext that uses its public key. 308 // a CertVerificationContext that uses its public key.
307 if (!CheckTargetCertificate(target_cert.get(), context, policy)) 309 if (!CheckTargetCertificate(target_cert.get(), context, policy))
308 return false; 310 return false;
309 311
310 // Check if a CRL is available. 312 // Check if a CRL is available.
311 if (!crl) { 313 if (!crl) {
312 if (crl_policy == CRLPolicy::CRL_REQUIRED) { 314 if (crl_policy == CRLPolicy::CRL_REQUIRED) {
313 return false; 315 return false;
314 } 316 }
315 } else { 317 } else {
316 if (result.paths.empty() || 318 if (!crl->CheckRevocation(result.GetBestValidPath()->path, time)) {
317 !result.paths[result.best_result_index]->is_success())
318 return false;
319
320 if (!crl->CheckRevocation(result.paths[result.best_result_index]->path,
321 time)) {
322 return false; 319 return false;
323 } 320 }
324 } 321 }
325 return true; 322 return true;
326 } 323 }
327 324
328 } // namespace 325 } // namespace
329 326
330 bool VerifyDeviceCert(const std::vector<std::string>& certs, 327 bool VerifyDeviceCert(const std::vector<std::string>& certs,
331 const base::Time& time, 328 const base::Time& time,
(...skipping 18 matching lines...) Expand all
350 347
351 std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest( 348 std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest(
352 const base::StringPiece& spki) { 349 const base::StringPiece& spki) {
353 // Use a bogus CommonName, since this is just exposed for testing signature 350 // Use a bogus CommonName, since this is just exposed for testing signature
354 // verification by unittests. 351 // verification by unittests.
355 return base::WrapUnique( 352 return base::WrapUnique(
356 new CertVerificationContextImpl(net::der::Input(spki), "CommonName")); 353 new CertVerificationContextImpl(net::der::Input(spki), "CommonName"));
357 } 354 }
358 355
359 } // namespace cast_certificate 356 } // namespace cast_certificate
OLDNEW
« no previous file with comments | « no previous file | components/cast_certificate/cast_crl.cc » ('j') | net/cert/internal/path_builder.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698