Chromium Code Reviews Chromium Code Reviews
Issue 2303673004:
Hook up Chrome Cast sender to Cast CRL. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/cast_certificate/cast_cert_validator.h" | 5 #include "components/cast_certificate/cast_cert_validator.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 238 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 249 // | 249 // |
| 250 // Allow these sorts of serial numbers. | 250 // Allow these sorts of serial numbers. |
| 251 // | 251 // |
| 252 // TODO(eroman): At some point in the future this workaround will no longer be | 252 // TODO(eroman): At some point in the future this workaround will no longer be |
| 253 // necessary. Should revisit this for removal in 2017 if not earlier. | 253 // necessary. Should revisit this for removal in 2017 if not earlier. |
| 254 options.allow_invalid_serial_numbers = true; | 254 options.allow_invalid_serial_numbers = true; |
| 255 return options; | 255 return options; |
| 256 } | 256 } |
| 257 | 257 |
| 258 // Verifies a cast device certificate given a chain of DER-encoded certificates. | 258 // Verifies a cast device certificate given a chain of DER-encoded certificates. |
| 259 bool VerifyDeviceCert(const std::vector<std::string>& certs, | 259 bool VerifyDeviceCert(const std::vector<std::string>& certs, |
|
eroman
2016/09/22 22:02:50
Can you remove this overload of VerifyDeviceCert a
ryanchung
2016/09/22 22:43:35
Done.
| |
| 260 const base::Time& time, | 260 const base::Time& time, |
| 261 std::unique_ptr<CertVerificationContext>* context, | 261 std::unique_ptr<CertVerificationContext>* context, |
| 262 CastDeviceCertPolicy* policy, | 262 CastDeviceCertPolicy* policy, |
| 263 const CastCRL* crl, | 263 const CastCRL* crl, |
| 264 CRLPolicy crl_policy, | 264 CRLPolicy crl_policy, |
| 265 net::TrustStore* trust_store) { | 265 net::TrustStore* trust_store) { |
| 266 if (!trust_store) | |
| 267 return false; | |
| 268 | |
| 266 if (certs.empty()) | 269 if (certs.empty()) |
| 267 return false; | 270 return false; |
| 268 | 271 |
| 269 net::CertErrors errors; | 272 net::CertErrors errors; |
| 270 scoped_refptr<net::ParsedCertificate> target_cert; | 273 scoped_refptr<net::ParsedCertificate> target_cert; |
| 271 net::CertIssuerSourceStatic intermediate_cert_issuer_source; | 274 net::CertIssuerSourceStatic intermediate_cert_issuer_source; |
| 272 for (size_t i = 0; i < certs.size(); ++i) { | 275 for (size_t i = 0; i < certs.size(); ++i) { |
| 273 scoped_refptr<net::ParsedCertificate> cert(net::ParsedCertificate::Create( | 276 scoped_refptr<net::ParsedCertificate> cert(net::ParsedCertificate::Create( |
| 274 certs[i], GetCertParsingOptions(), &errors)); | 277 certs[i], GetCertParsingOptions(), &errors)); |
| 275 // TODO(eroman): Propagate/log these parsing errors. | 278 // TODO(eroman): Propagate/log these parsing errors. |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 325 bool VerifyDeviceCert(const std::vector<std::string>& certs, | 328 bool VerifyDeviceCert(const std::vector<std::string>& certs, |
| 326 const base::Time& time, | 329 const base::Time& time, |
| 327 std::unique_ptr<CertVerificationContext>* context, | 330 std::unique_ptr<CertVerificationContext>* context, |
| 328 CastDeviceCertPolicy* policy, | 331 CastDeviceCertPolicy* policy, |
| 329 const CastCRL* crl, | 332 const CastCRL* crl, |
| 330 CRLPolicy crl_policy) { | 333 CRLPolicy crl_policy) { |
| 331 return VerifyDeviceCert(certs, time, context, policy, crl, crl_policy, | 334 return VerifyDeviceCert(certs, time, context, policy, crl, crl_policy, |
| 332 &CastTrustStore::Get()); | 335 &CastTrustStore::Get()); |
| 333 } | 336 } |
| 334 | 337 |
| 335 bool VerifyDeviceCertForTest(const std::vector<std::string>& certs, | 338 bool VerifyDeviceCertUsingCustomTrustStore( |
| 336 const base::Time& time, | 339 const std::vector<std::string>& certs, |
| 337 std::unique_ptr<CertVerificationContext>* context, | 340 const base::Time& time, |
| 338 CastDeviceCertPolicy* policy, | 341 std::unique_ptr<CertVerificationContext>* context, |
| 339 const CastCRL* crl, | 342 CastDeviceCertPolicy* policy, |
| 340 CRLPolicy crl_policy, | 343 const CastCRL* crl, |
| 341 net::TrustStore* trust_store) { | 344 CRLPolicy crl_policy, |
| 345 net::TrustStore* trust_store) { | |
| 346 if (!trust_store) | |
| 347 return VerifyDeviceCert(certs, time, context, policy, crl, crl_policy); | |
| 342 return VerifyDeviceCert(certs, time, context, policy, crl, crl_policy, | 348 return VerifyDeviceCert(certs, time, context, policy, crl, crl_policy, |
| 343 trust_store); | 349 trust_store); |
| 344 } | 350 } |
| 345 | 351 |
| 346 std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest( | 352 std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest( |
| 347 const base::StringPiece& spki) { | 353 const base::StringPiece& spki) { |
| 348 // Use a bogus CommonName, since this is just exposed for testing signature | 354 // Use a bogus CommonName, since this is just exposed for testing signature |
| 349 // verification by unittests. | 355 // verification by unittests. |
| 350 return base::MakeUnique<CertVerificationContextImpl>(net::der::Input(spki), | 356 return base::MakeUnique<CertVerificationContextImpl>(net::der::Input(spki), |
| 351 "CommonName"); | 357 "CommonName"); |
| 352 } | 358 } |
| 353 | 359 |
| 354 } // namespace cast_certificate | 360 } // namespace cast_certificate |
| OLD | NEW |
