components/cast_certificate/cast_cert_validator.h - Issue 2303673004: Hook up Chrome Cast sender to Cast CRL.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: components/cast_certificate/cast_cert_validator.h

Issue 2303673004: Hook up Chrome Cast sender to Cast CRL. (Closed)

Patch Set: Merged Impl with UsingCustomTrustStore Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « components/cast_certificate/BUILD.gn ('k') | components/cast_certificate/cast_cert_validator.cc » ('j') | extensions/browser/api/cast_channel/cast_auth_util.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: components/cast_certificate/cast_cert_validator.h

diff --git a/components/cast_certificate/cast_cert_validator.h b/components/cast_certificate/cast_cert_validator.h

index a918dd582070f1c496f7e40120922f3f46669e02..d7d9c98e7bfae199e4fd40288653448bdb0f7982 100644

--- a/components/cast_certificate/cast_cert_validator.h

+++ b/components/cast_certificate/cast_cert_validator.h

@@ -78,8 +78,8 @@ class CertVerificationContext {

// * |crl| is the CRL to check for certificate revocation status.

// If this is a nullptr, then revocation checking is currently disabled.

-// * |crl_options| is for choosing how to handle the absence of a CRL.

-// If crl_required is set to true, then an empty |crl| input would result

+// * |crl_policy| is for choosing how to handle the absence of a CRL.

+// If CRL_REQUIRED is passed, then an empty |crl| input would result

// in a failed verification. Otherwise, |crl| is ignored if it is absent.

// Outputs:

@@ -99,17 +99,20 @@ bool VerifyDeviceCert(const std::vector<std::string>& certs,

const CastCRL* crl,

CRLPolicy crl_policy) WARN_UNUSED_RESULT;

-// Exposed only for testing, not for use in production code.

-//

// This is an overloaded version of VerifyDeviceCert that allows

-// the input of a custom TrustStore.

-bool VerifyDeviceCertForTest(const std::vector<std::string>& certs,

- const base::Time& time,

- std::unique_ptr<CertVerificationContext>* context,

- CastDeviceCertPolicy* policy,

- const CastCRL* crl,

- CRLPolicy crl_policy,

- net::TrustStore* trust_store) WARN_UNUSED_RESULT;

+// the input of a custom TrustStore. If |trust_store| is null, then the default

+// is used.

+//

+// For production use pass |trust_store| as nullptr to use the production trust

eroman 2016/09/10 01:03:23 This comment does not agree with the implementatio

ryanchung 2016/09/14 18:53:40 Done.

+// store.

+bool VerifyDeviceCertUsingCustomTrustStore(

+ const std::vector<std::string>& certs,

+ const base::Time& time,

+ std::unique_ptr<CertVerificationContext>* context,

+ CastDeviceCertPolicy* policy,

+ const CastCRL* crl,

+ CRLPolicy crl_policy,

+ net::TrustStore* trust_store) WARN_UNUSED_RESULT;

// Exposed only for unit-tests, not for use in production code.

// Production code would get a context from VerifyDeviceCert().