components/cast_certificate/cast_cert_validator.cc - Issue 2327973002: Add CertErrors* parameter to the main Certificate parsing functions.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: components/cast_certificate/cast_cert_validator.cc

Issue 2327973002: Add CertErrors* parameter to the main Certificate parsing functions. (Closed)

Patch Set: StringPiece is kind of dangerous... Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: components/cast_certificate/cast_cert_validator.cc

diff --git a/components/cast_certificate/cast_cert_validator.cc b/components/cast_certificate/cast_cert_validator.cc

index a36b7a315f63934736748afa30c930422b41f8ec..5cbf9bf896f66a7b4066e77591f742fc58ef16c2 100644

--- a/components/cast_certificate/cast_cert_validator.cc

+++ b/components/cast_certificate/cast_cert_validator.cc

@@ -67,11 +67,11 @@ class CastTrustStore {

// storage.

template <size_t N>

void AddAnchor(const uint8_t (&data)[N]) {

+ net::CertErrors errors;

scoped_refptr<net::ParsedCertificate> cert =

- net::ParsedCertificate::CreateFromCertificateData(

- data, N, net::ParsedCertificate::DataSource::EXTERNAL_REFERENCE,

- {});

- CHECK(cert);

+ net::ParsedCertificate::CreateWithoutCopyingUnsafe(data, N, {},

+ &errors);

+ CHECK(cert) << errors.ToDebugString();

// Enforce pathlen constraints and policies defined on the root certificate.

scoped_refptr<net::TrustAnchor> anchor =

net::TrustAnchor::CreateFromCertificateWithConstraints(std::move(cert));

@@ -255,7 +255,7 @@ net::ParseCertificateOptions GetCertParsingOptions() {

return options;

}

-// Verifies a cast device certficate given a chain of DER-encoded certificates.

+// Verifies a cast device certificate given a chain of DER-encoded certificates.

bool VerifyDeviceCert(const std::vector<std::string>& certs,

const base::Time& time,

std::unique_ptr<CertVerificationContext>* context,

@@ -266,16 +266,13 @@ bool VerifyDeviceCert(const std::vector<std::string>& certs,

if (certs.empty())

return false;

- // No reference to these ParsedCertificates is kept past the end of this

- // function, so using EXTERNAL_REFERENCE here is safe.

+ net::CertErrors errors;

scoped_refptr<net::ParsedCertificate> target_cert;

net::CertIssuerSourceStatic intermediate_cert_issuer_source;

for (size_t i = 0; i < certs.size(); ++i) {

- scoped_refptr<net::ParsedCertificate> cert(

- net::ParsedCertificate::CreateFromCertificateData(

- reinterpret_cast<const uint8_t*>(certs[i].data()), certs[i].size(),

- net::ParsedCertificate::DataSource::EXTERNAL_REFERENCE,

- GetCertParsingOptions()));

+ scoped_refptr<net::ParsedCertificate> cert(net::ParsedCertificate::Create(

+ certs[i], GetCertParsingOptions(), &errors));

+ // TODO(eroman): Propagate/log these parsing errors.

if (!cert)

return false;

« no previous file with comments | « no previous file | components/cast_certificate/cast_cert_validator_unittest.cc » ('j') | no next file with comments »