Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(78)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/cast_certificate/cast_crl.cc

Issue 2800993002: Add a key purpose parameter to Certificate PathBuilder. (Closed)
Patch Set: rebase Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/cast_certificate/cast_cert_validator.cc ('k') | net/BUILD.gn » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/cast_certificate/cast_crl.h" 5 #include "components/cast_certificate/cast_crl.h"
6 6
7 #include <unordered_map> 7 #include <unordered_map>
8 #include <unordered_set> 8 #include <unordered_set>
9 9
10 #include "base/base64.h" 10 #include "base/base64.h"
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after
140 140
141 // Verify the issuer certificate. 141 // Verify the issuer certificate.
142 net::der::GeneralizedTime verification_time; 142 net::der::GeneralizedTime verification_time;
143 if (!net::der::EncodeTimeAsGeneralizedTime(time, &verification_time)) { 143 if (!net::der::EncodeTimeAsGeneralizedTime(time, &verification_time)) {
144 VLOG(2) << "CRL - Unable to parse verification time."; 144 VLOG(2) << "CRL - Unable to parse verification time.";
145 return false; 145 return false;
146 } 146 }
147 net::CertPathBuilder::Result result; 147 net::CertPathBuilder::Result result;
148 net::CertPathBuilder path_builder(parsed_cert.get(), trust_store, 148 net::CertPathBuilder path_builder(parsed_cert.get(), trust_store,
149 signature_policy.get(), verification_time, 149 signature_policy.get(), verification_time,
150 &result); 150 net::KeyPurpose::ANY_EKU, &result);
151 path_builder.Run(); 151 path_builder.Run();
152 if (!result.HasValidPath()) { 152 if (!result.HasValidPath()) {
153 VLOG(2) << "CRL - Issuer certificate verification failed."; 153 VLOG(2) << "CRL - Issuer certificate verification failed.";
154 // TODO(crbug.com/634443): Log the error information. 154 // TODO(crbug.com/634443): Log the error information.
155 return false; 155 return false;
156 } 156 }
157 // There are no requirements placed on the leaf certificate having any 157 // There are no requirements placed on the leaf certificate having any
158 // particular KeyUsages. Leaf certificate checks are bypassed. 158 // particular KeyUsages. Leaf certificate checks are bypassed.
159 159
160 // Verify the CRL is still valid. 160 // Verify the CRL is still valid.
(...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after
352 LOG(ERROR) << "CRL - Verification failed."; 352 LOG(ERROR) << "CRL - Verification failed.";
353 return nullptr; 353 return nullptr;
354 } 354 }
355 return base::MakeUnique<CastCRLImpl>(tbs_crl, overall_not_after); 355 return base::MakeUnique<CastCRLImpl>(tbs_crl, overall_not_after);
356 } 356 }
357 LOG(ERROR) << "No supported version of revocation data."; 357 LOG(ERROR) << "No supported version of revocation data.";
358 return nullptr; 358 return nullptr;
359 } 359 }
360 360
361 } // namespace cast_certificate 361 } // namespace cast_certificate
OLDNEW
« no previous file with comments | « components/cast_certificate/cast_cert_validator.cc ('k') | net/BUILD.gn » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698