Chromium Code Reviews Chromium Code Reviews
Issue 2832703002:
Allow the TrustStore interface to return matching intermediates, and identify distrusted certs. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/cast_certificate/cast_cert_validator.h" | 5 #include "components/cast_certificate/cast_cert_validator.h" |
| 6 | 6 |
| 7 #include "components/cast_certificate/cast_cert_validator_test_helpers.h" | 7 #include "components/cast_certificate/cast_cert_validator_test_helpers.h" |
| 8 #include "net/cert/internal/cert_errors.h" | 8 #include "net/cert/internal/cert_errors.h" |
| 9 #include "net/cert/internal/parsed_certificate.h" | 9 #include "net/cert/internal/parsed_certificate.h" |
| 10 #include "net/cert/internal/trust_store_in_memory.h" | 10 #include "net/cert/internal/trust_store_in_memory.h" |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 88 ASSERT_TRUE(root) << errors.ToDebugString(); | 88 ASSERT_TRUE(root) << errors.ToDebugString(); |
| 89 | 89 |
| 90 // Remove it from the chain. | 90 // Remove it from the chain. |
| 91 certs.pop_back(); | 91 certs.pop_back(); |
| 92 | 92 |
| 93 // Add it to the trust store as a trust anchor | 93 // Add it to the trust store as a trust anchor |
| 94 trust_store.reset(new net::TrustStoreInMemory); | 94 trust_store.reset(new net::TrustStoreInMemory); |
| 95 | 95 |
| 96 if (trust_store_dependency == TRUST_STORE_FROM_TEST_FILE_UNCONSTRAINED) { | 96 if (trust_store_dependency == TRUST_STORE_FROM_TEST_FILE_UNCONSTRAINED) { |
| 97 // This is a test-only mode where anchor constraints are not enforced. | 97 // This is a test-only mode where anchor constraints are not enforced. |
| 98 trust_store->AddTrustAnchor( | 98 trust_store->AddTrustAnchor(std::move(root)); |
| 99 net::TrustAnchor::CreateFromCertificateNoConstraints( | |
| 100 std::move(root))); | |
| 101 } else { | 99 } else { |
| 102 // This is the regular mode used by the TrustAnchors for the built-in | 100 // Add a trust anchor and enforce constraints on it (regular mode for |
| 103 // Cast store. | 101 // buil-in Cast roots). |
|
mattm
2017/04/28 20:26:47
built-in
eroman
2017/04/28 21:48:03
Done.
| |
| 104 trust_store->AddTrustAnchor( | 102 trust_store->AddTrustAnchorWithConstraints(std::move(root)); |
| 105 net::TrustAnchor::CreateFromCertificateWithConstraints( | |
| 106 std::move(root))); | |
| 107 } | 103 } |
| 108 } | 104 } |
| 109 } | 105 } |
| 110 | 106 |
| 111 std::unique_ptr<CertVerificationContext> context; | 107 std::unique_ptr<CertVerificationContext> context; |
| 112 CastDeviceCertPolicy policy; | 108 CastDeviceCertPolicy policy; |
| 113 | 109 |
| 114 bool result = VerifyDeviceCertUsingCustomTrustStore( | 110 bool result = VerifyDeviceCertUsingCustomTrustStore( |
| 115 certs, time, &context, &policy, nullptr, CRLPolicy::CRL_OPTIONAL, | 111 certs, time, &context, &policy, nullptr, CRLPolicy::CRL_OPTIONAL, |
| 116 trust_store.get()); | 112 trust_store.get()); |
| (...skipping 431 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 548 auto context = | 544 auto context = |
| 549 CertVerificationContextImplForTest(CreateString(kEx2PublicKeySpki)); | 545 CertVerificationContextImplForTest(CreateString(kEx2PublicKeySpki)); |
| 550 | 546 |
| 551 EXPECT_TRUE(context->VerifySignatureOverData(CreateString(kEx2Signature), | 547 EXPECT_TRUE(context->VerifySignatureOverData(CreateString(kEx2Signature), |
| 552 CreateString(kEx2Message))); | 548 CreateString(kEx2Message))); |
| 553 } | 549 } |
| 554 | 550 |
| 555 } // namespace | 551 } // namespace |
| 556 | 552 |
| 557 } // namespace cast_certificate | 553 } // namespace cast_certificate |
| OLD | NEW |
