| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/cast_certificate/cast_cert_validator.h" | 5 #include "components/cast_certificate/cast_cert_validator.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 236 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 247 // INTEGER (non-minimal encoding). | 247 // INTEGER (non-minimal encoding). |
| 248 // | 248 // |
| 249 // Allow these sorts of serial numbers. | 249 // Allow these sorts of serial numbers. |
| 250 // | 250 // |
| 251 // TODO(eroman): At some point in the future this workaround will no longer be | 251 // TODO(eroman): At some point in the future this workaround will no longer be |
| 252 // necessary. Should revisit this for removal in 2017 if not earlier. | 252 // necessary. Should revisit this for removal in 2017 if not earlier. |
| 253 options.allow_invalid_serial_numbers = true; | 253 options.allow_invalid_serial_numbers = true; |
| 254 return options; | 254 return options; |
| 255 } | 255 } |
| 256 | 256 |
| 257 } // namespace |
| 258 |
| 257 // Verifies a cast device certficate given a chain of DER-encoded certificates. | 259 // Verifies a cast device certficate given a chain of DER-encoded certificates. |
| 258 bool VerifyDeviceCert(const std::vector<std::string>& certs, | 260 bool VerifyDeviceCertUsingCustomTrustStore( |
| 259 const base::Time& time, | 261 const std::vector<std::string>& certs, |
| 260 std::unique_ptr<CertVerificationContext>* context, | 262 const base::Time& time, |
| 261 CastDeviceCertPolicy* policy, | 263 std::unique_ptr<CertVerificationContext>* context, |
| 262 const CastCRL* crl, | 264 CastDeviceCertPolicy* policy, |
| 263 CRLPolicy crl_policy, | 265 const CastCRL* crl, |
| 264 net::TrustStore* trust_store) { | 266 CRLPolicy crl_policy, |
| 267 net::TrustStore* trust_store) { |
| 268 if (!trust_store) |
| 269 return false; |
| 270 |
| 265 if (certs.empty()) | 271 if (certs.empty()) |
| 266 return false; | 272 return false; |
| 267 | 273 |
| 268 // No reference to these ParsedCertificates is kept past the end of this | 274 // No reference to these ParsedCertificates is kept past the end of this |
| 269 // function, so using EXTERNAL_REFERENCE here is safe. | 275 // function, so using EXTERNAL_REFERENCE here is safe. |
| 270 scoped_refptr<net::ParsedCertificate> target_cert; | 276 scoped_refptr<net::ParsedCertificate> target_cert; |
| 271 net::CertIssuerSourceStatic intermediate_cert_issuer_source; | 277 net::CertIssuerSourceStatic intermediate_cert_issuer_source; |
| 272 for (size_t i = 0; i < certs.size(); ++i) { | 278 for (size_t i = 0; i < certs.size(); ++i) { |
| 273 scoped_refptr<net::ParsedCertificate> cert( | 279 scoped_refptr<net::ParsedCertificate> cert( |
| 274 net::ParsedCertificate::CreateFromCertificateData( | 280 net::ParsedCertificate::CreateFromCertificateData( |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 318 return false; | 324 return false; |
| 319 | 325 |
| 320 if (!crl->CheckRevocation(result.paths[result.best_result_index]->path, | 326 if (!crl->CheckRevocation(result.paths[result.best_result_index]->path, |
| 321 time)) { | 327 time)) { |
| 322 return false; | 328 return false; |
| 323 } | 329 } |
| 324 } | 330 } |
| 325 return true; | 331 return true; |
| 326 } | 332 } |
| 327 | 333 |
| 328 } // namespace | |
| 329 | |
| 330 bool VerifyDeviceCert(const std::vector<std::string>& certs, | 334 bool VerifyDeviceCert(const std::vector<std::string>& certs, |
| 331 const base::Time& time, | 335 const base::Time& time, |
| 332 std::unique_ptr<CertVerificationContext>* context, | 336 std::unique_ptr<CertVerificationContext>* context, |
| 333 CastDeviceCertPolicy* policy, | 337 CastDeviceCertPolicy* policy, |
| 334 const CastCRL* crl, | 338 const CastCRL* crl, |
| 335 CRLPolicy crl_policy) { | 339 CRLPolicy crl_policy) { |
| 336 return VerifyDeviceCert(certs, time, context, policy, crl, crl_policy, | 340 return VerifyDeviceCertUsingCustomTrustStore( |
| 337 &CastTrustStore::Get()); | 341 certs, time, context, policy, crl, crl_policy, &CastTrustStore::Get()); |
| 338 } | |
| 339 | |
| 340 bool VerifyDeviceCertForTest(const std::vector<std::string>& certs, | |
| 341 const base::Time& time, | |
| 342 std::unique_ptr<CertVerificationContext>* context, | |
| 343 CastDeviceCertPolicy* policy, | |
| 344 const CastCRL* crl, | |
| 345 CRLPolicy crl_policy, | |
| 346 net::TrustStore* trust_store) { | |
| 347 return VerifyDeviceCert(certs, time, context, policy, crl, crl_policy, | |
| 348 trust_store); | |
| 349 } | 342 } |
| 350 | 343 |
| 351 std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest( | 344 std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest( |
| 352 const base::StringPiece& spki) { | 345 const base::StringPiece& spki) { |
| 353 // Use a bogus CommonName, since this is just exposed for testing signature | 346 // Use a bogus CommonName, since this is just exposed for testing signature |
| 354 // verification by unittests. | 347 // verification by unittests. |
| 355 return base::WrapUnique( | 348 return base::WrapUnique( |
| 356 new CertVerificationContextImpl(net::der::Input(spki), "CommonName")); | 349 new CertVerificationContextImpl(net::der::Input(spki), "CommonName")); |
| 357 } | 350 } |
| 358 | 351 |
| 359 } // namespace cast_certificate | 352 } // namespace cast_certificate |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2303673004:
Hook up Chrome Cast sender to Cast CRL. (Closed)
