| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/cast_certificate/cast_cert_validator.h" | 5 #include "components/cast_certificate/cast_cert_validator.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 67 // Adds a trust anchor given a DER-encoded certificate from static | 67 // Adds a trust anchor given a DER-encoded certificate from static |
| 68 // storage. | 68 // storage. |
| 69 template <size_t N> | 69 template <size_t N> |
| 70 void AddAnchor(const uint8_t (&data)[N]) { | 70 void AddAnchor(const uint8_t (&data)[N]) { |
| 71 net::CertErrors errors; | 71 net::CertErrors errors; |
| 72 scoped_refptr<net::ParsedCertificate> cert = | 72 scoped_refptr<net::ParsedCertificate> cert = |
| 73 net::ParsedCertificate::CreateWithoutCopyingUnsafe(data, N, {}, | 73 net::ParsedCertificate::CreateWithoutCopyingUnsafe(data, N, {}, |
| 74 &errors); | 74 &errors); |
| 75 CHECK(cert) << errors.ToDebugString(); | 75 CHECK(cert) << errors.ToDebugString(); |
| 76 // Enforce pathlen constraints and policies defined on the root certificate. | 76 // Enforce pathlen constraints and policies defined on the root certificate. |
| 77 scoped_refptr<net::TrustAnchor> anchor = | 77 store_.AddTrustAnchorWithConstraints(std::move(cert)); |
| 78 net::TrustAnchor::CreateFromCertificateWithConstraints(std::move(cert)); | |
| 79 store_.AddTrustAnchor(std::move(anchor)); | |
| 80 } | 78 } |
| 81 | 79 |
| 82 net::TrustStoreInMemory store_; | 80 net::TrustStoreInMemory store_; |
| 83 DISALLOW_COPY_AND_ASSIGN(CastTrustStore); | 81 DISALLOW_COPY_AND_ASSIGN(CastTrustStore); |
| 84 }; | 82 }; |
| 85 | 83 |
| 86 // Returns the OID for the Audio-Only Cast policy | 84 // Returns the OID for the Audio-Only Cast policy |
| 87 // (1.3.6.1.4.1.11129.2.5.2) in DER form. | 85 // (1.3.6.1.4.1.11129.2.5.2) in DER form. |
| 88 net::der::Input AudioOnlyPolicyOid() { | 86 net::der::Input AudioOnlyPolicyOid() { |
| 89 static const uint8_t kAudioOnlyPolicy[] = {0x2B, 0x06, 0x01, 0x04, 0x01, | 87 static const uint8_t kAudioOnlyPolicy[] = {0x2B, 0x06, 0x01, 0x04, 0x01, |
| (...skipping 206 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 296 | 294 |
| 297 std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest( | 295 std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest( |
| 298 const base::StringPiece& spki) { | 296 const base::StringPiece& spki) { |
| 299 // Use a bogus CommonName, since this is just exposed for testing signature | 297 // Use a bogus CommonName, since this is just exposed for testing signature |
| 300 // verification by unittests. | 298 // verification by unittests. |
| 301 return base::MakeUnique<CertVerificationContextImpl>(net::der::Input(spki), | 299 return base::MakeUnique<CertVerificationContextImpl>(net::der::Input(spki), |
| 302 "CommonName"); | 300 "CommonName"); |
| 303 } | 301 } |
| 304 | 302 |
| 305 } // namespace cast_certificate | 303 } // namespace cast_certificate |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2832703002:
Allow the TrustStore interface to return matching intermediates, and identify distrusted certs. (Closed)
