| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/cast_certificate/cast_cert_validator.h" | 5 #include "components/cast_certificate/cast_cert_validator.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 237 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 248 // INTEGER (non-minimal encoding). | 248 // INTEGER (non-minimal encoding). |
| 249 // | 249 // |
| 250 // Allow these sorts of serial numbers. | 250 // Allow these sorts of serial numbers. |
| 251 // | 251 // |
| 252 // TODO(eroman): At some point in the future this workaround will no longer be | 252 // TODO(eroman): At some point in the future this workaround will no longer be |
| 253 // necessary. Should revisit this for removal in 2017 if not earlier. | 253 // necessary. Should revisit this for removal in 2017 if not earlier. |
| 254 options.allow_invalid_serial_numbers = true; | 254 options.allow_invalid_serial_numbers = true; |
| 255 return options; | 255 return options; |
| 256 } | 256 } |
| 257 | 257 |
| 258 // Verifies a cast device certificate given a chain of DER-encoded certificates. | 258 } // namespace |
| 259 |
| 259 bool VerifyDeviceCert(const std::vector<std::string>& certs, | 260 bool VerifyDeviceCert(const std::vector<std::string>& certs, |
| 260 const base::Time& time, | 261 const base::Time& time, |
| 261 std::unique_ptr<CertVerificationContext>* context, | 262 std::unique_ptr<CertVerificationContext>* context, |
| 262 CastDeviceCertPolicy* policy, | 263 CastDeviceCertPolicy* policy, |
| 263 const CastCRL* crl, | 264 const CastCRL* crl, |
| 264 CRLPolicy crl_policy, | 265 CRLPolicy crl_policy) { |
| 265 net::TrustStore* trust_store) { | 266 return VerifyDeviceCertUsingCustomTrustStore( |
| 267 certs, time, context, policy, crl, crl_policy, &CastTrustStore::Get()); |
| 268 } |
| 269 |
| 270 bool VerifyDeviceCertUsingCustomTrustStore( |
| 271 const std::vector<std::string>& certs, |
| 272 const base::Time& time, |
| 273 std::unique_ptr<CertVerificationContext>* context, |
| 274 CastDeviceCertPolicy* policy, |
| 275 const CastCRL* crl, |
| 276 CRLPolicy crl_policy, |
| 277 net::TrustStore* trust_store) { |
| 278 if (!trust_store) |
| 279 return VerifyDeviceCert(certs, time, context, policy, crl, crl_policy); |
| 280 |
| 266 if (certs.empty()) | 281 if (certs.empty()) |
| 267 return false; | 282 return false; |
| 268 | 283 |
| 269 net::CertErrors errors; | 284 net::CertErrors errors; |
| 270 scoped_refptr<net::ParsedCertificate> target_cert; | 285 scoped_refptr<net::ParsedCertificate> target_cert; |
| 271 net::CertIssuerSourceStatic intermediate_cert_issuer_source; | 286 net::CertIssuerSourceStatic intermediate_cert_issuer_source; |
| 272 for (size_t i = 0; i < certs.size(); ++i) { | 287 for (size_t i = 0; i < certs.size(); ++i) { |
| 273 scoped_refptr<net::ParsedCertificate> cert(net::ParsedCertificate::Create( | 288 scoped_refptr<net::ParsedCertificate> cert(net::ParsedCertificate::Create( |
| 274 certs[i], GetCertParsingOptions(), &errors)); | 289 certs[i], GetCertParsingOptions(), &errors)); |
| 275 // TODO(eroman): Propagate/log these parsing errors. | 290 // TODO(eroman): Propagate/log these parsing errors. |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 313 return false; | 328 return false; |
| 314 } | 329 } |
| 315 } else { | 330 } else { |
| 316 if (!crl->CheckRevocation(result.GetBestValidPath()->path, time)) { | 331 if (!crl->CheckRevocation(result.GetBestValidPath()->path, time)) { |
| 317 return false; | 332 return false; |
| 318 } | 333 } |
| 319 } | 334 } |
| 320 return true; | 335 return true; |
| 321 } | 336 } |
| 322 | 337 |
| 323 } // namespace | |
| 324 | |
| 325 bool VerifyDeviceCert(const std::vector<std::string>& certs, | |
| 326 const base::Time& time, | |
| 327 std::unique_ptr<CertVerificationContext>* context, | |
| 328 CastDeviceCertPolicy* policy, | |
| 329 const CastCRL* crl, | |
| 330 CRLPolicy crl_policy) { | |
| 331 return VerifyDeviceCert(certs, time, context, policy, crl, crl_policy, | |
| 332 &CastTrustStore::Get()); | |
| 333 } | |
| 334 | |
| 335 bool VerifyDeviceCertForTest(const std::vector<std::string>& certs, | |
| 336 const base::Time& time, | |
| 337 std::unique_ptr<CertVerificationContext>* context, | |
| 338 CastDeviceCertPolicy* policy, | |
| 339 const CastCRL* crl, | |
| 340 CRLPolicy crl_policy, | |
| 341 net::TrustStore* trust_store) { | |
| 342 return VerifyDeviceCert(certs, time, context, policy, crl, crl_policy, | |
| 343 trust_store); | |
| 344 } | |
| 345 | |
| 346 std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest( | 338 std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest( |
| 347 const base::StringPiece& spki) { | 339 const base::StringPiece& spki) { |
| 348 // Use a bogus CommonName, since this is just exposed for testing signature | 340 // Use a bogus CommonName, since this is just exposed for testing signature |
| 349 // verification by unittests. | 341 // verification by unittests. |
| 350 return base::MakeUnique<CertVerificationContextImpl>(net::der::Input(spki), | 342 return base::MakeUnique<CertVerificationContextImpl>(net::der::Input(spki), |
| 351 "CommonName"); | 343 "CommonName"); |
| 352 } | 344 } |
| 353 | 345 |
| 354 } // namespace cast_certificate | 346 } // namespace cast_certificate |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2303673004:
Hook up Chrome Cast sender to Cast CRL. (Closed)
