Chromium Code Reviews Chromium Code Reviews
Issue 2303673004:
Hook up Chrome Cast sender to Cast CRL. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/cast_certificate/cast_cert_validator.h" | 5 #include "components/cast_certificate/cast_cert_validator.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 237 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 248 // | 248 // |
| 249 // Allow these sorts of serial numbers. | 249 // Allow these sorts of serial numbers. |
| 250 // | 250 // |
| 251 // TODO(eroman): At some point in the future this workaround will no longer be | 251 // TODO(eroman): At some point in the future this workaround will no longer be |
| 252 // necessary. Should revisit this for removal in 2017 if not earlier. | 252 // necessary. Should revisit this for removal in 2017 if not earlier. |
| 253 options.allow_invalid_serial_numbers = true; | 253 options.allow_invalid_serial_numbers = true; |
| 254 return options; | 254 return options; |
| 255 } | 255 } |
| 256 | 256 |
| 257 // Verifies a cast device certficate given a chain of DER-encoded certificates. | 257 // Verifies a cast device certficate given a chain of DER-encoded certificates. |
| 258 bool VerifyDeviceCert(const std::vector<std::string>& certs, | 258 bool VerifyDeviceCertImpl(const std::vector<std::string>& certs, |
| 259 const base::Time& time, | 259 const base::Time& time, |
| 260 std::unique_ptr<CertVerificationContext>* context, | 260 std::unique_ptr<CertVerificationContext>* context, |
| 261 CastDeviceCertPolicy* policy, | 261 CastDeviceCertPolicy* policy, |
| 262 const CastCRL* crl, | 262 const CastCRL* crl, |
| 263 CRLPolicy crl_policy, | 263 CRLPolicy crl_policy, |
| 264 net::TrustStore* trust_store) { | 264 net::TrustStore* trust_store) { |
| 265 if (certs.empty()) | 265 if (certs.empty()) |
| 266 return false; | 266 return false; |
| 267 | 267 |
| 268 // No reference to these ParsedCertificates is kept past the end of this | 268 // No reference to these ParsedCertificates is kept past the end of this |
| 269 // function, so using EXTERNAL_REFERENCE here is safe. | 269 // function, so using EXTERNAL_REFERENCE here is safe. |
| 270 scoped_refptr<net::ParsedCertificate> target_cert; | 270 scoped_refptr<net::ParsedCertificate> target_cert; |
| 271 net::CertIssuerSourceStatic intermediate_cert_issuer_source; | 271 net::CertIssuerSourceStatic intermediate_cert_issuer_source; |
| 272 for (size_t i = 0; i < certs.size(); ++i) { | 272 for (size_t i = 0; i < certs.size(); ++i) { |
| 273 scoped_refptr<net::ParsedCertificate> cert( | 273 scoped_refptr<net::ParsedCertificate> cert( |
| 274 net::ParsedCertificate::CreateFromCertificateData( | 274 net::ParsedCertificate::CreateFromCertificateData( |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 326 } | 326 } |
| 327 | 327 |
| 328 } // namespace | 328 } // namespace |
| 329 | 329 |
| 330 bool VerifyDeviceCert(const std::vector<std::string>& certs, | 330 bool VerifyDeviceCert(const std::vector<std::string>& certs, |
| 331 const base::Time& time, | 331 const base::Time& time, |
| 332 std::unique_ptr<CertVerificationContext>* context, | 332 std::unique_ptr<CertVerificationContext>* context, |
| 333 CastDeviceCertPolicy* policy, | 333 CastDeviceCertPolicy* policy, |
| 334 const CastCRL* crl, | 334 const CastCRL* crl, |
| 335 CRLPolicy crl_policy) { | 335 CRLPolicy crl_policy) { |
| 336 return VerifyDeviceCert(certs, time, context, policy, crl, crl_policy, | 336 return VerifyDeviceCertImpl(certs, time, context, policy, crl, crl_policy, |
|
sheretov
2016/09/10 00:26:57
Same comment as in cast_crl.cc: seems like we coul
ryanchung
2016/09/10 00:50:09
Done.
| |
| 337 &CastTrustStore::Get()); | 337 &CastTrustStore::Get()); |
| 338 } | 338 } |
| 339 | 339 |
| 340 bool VerifyDeviceCertForTest(const std::vector<std::string>& certs, | 340 bool VerifyDeviceCertUsingCustomTrustStore( |
| 341 const base::Time& time, | 341 const std::vector<std::string>& certs, |
| 342 std::unique_ptr<CertVerificationContext>* context, | 342 const base::Time& time, |
| 343 CastDeviceCertPolicy* policy, | 343 std::unique_ptr<CertVerificationContext>* context, |
| 344 const CastCRL* crl, | 344 CastDeviceCertPolicy* policy, |
| 345 CRLPolicy crl_policy, | 345 const CastCRL* crl, |
| 346 net::TrustStore* trust_store) { | 346 CRLPolicy crl_policy, |
| 347 return VerifyDeviceCert(certs, time, context, policy, crl, crl_policy, | 347 net::TrustStore* trust_store) { |
| 348 trust_store); | 348 if (!trust_store) |
| 349 return false; | |
| 350 return VerifyDeviceCertImpl(certs, time, context, policy, crl, crl_policy, | |
| 351 trust_store); | |
| 349 } | 352 } |
| 350 | 353 |
| 351 std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest( | 354 std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest( |
| 352 const base::StringPiece& spki) { | 355 const base::StringPiece& spki) { |
| 353 // Use a bogus CommonName, since this is just exposed for testing signature | 356 // Use a bogus CommonName, since this is just exposed for testing signature |
| 354 // verification by unittests. | 357 // verification by unittests. |
| 355 return base::WrapUnique( | 358 return base::WrapUnique( |
| 356 new CertVerificationContextImpl(net::der::Input(spki), "CommonName")); | 359 new CertVerificationContextImpl(net::der::Input(spki), "CommonName")); |
| 357 } | 360 } |
| 358 | 361 |
| 359 } // namespace cast_certificate | 362 } // namespace cast_certificate |
| OLD | NEW |
