| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/cast_certificate/cast_crl.h" | 5 #include "components/cast_certificate/cast_crl.h" |
| 6 | 6 |
| 7 #include <unordered_map> | 7 #include <unordered_map> |
| 8 #include <unordered_set> | 8 #include <unordered_set> |
| 9 | 9 |
| 10 #include "base/base64.h" | 10 #include "base/base64.h" |
| (...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 135 return false; | 135 return false; |
| 136 } | 136 } |
| 137 | 137 |
| 138 // Verify the issuer certificate. | 138 // Verify the issuer certificate. |
| 139 net::der::GeneralizedTime verification_time; | 139 net::der::GeneralizedTime verification_time; |
| 140 if (!net::der::EncodeTimeAsGeneralizedTime(time, &verification_time)) { | 140 if (!net::der::EncodeTimeAsGeneralizedTime(time, &verification_time)) { |
| 141 VLOG(2) << "CRL - Unable to parse verification time."; | 141 VLOG(2) << "CRL - Unable to parse verification time."; |
| 142 return false; | 142 return false; |
| 143 } | 143 } |
| 144 net::CertPathBuilder::Result result; | 144 net::CertPathBuilder::Result result; |
| 145 net::CertPathBuilder path_builder(parsed_cert.get(), trust_store, | 145 net::CertPathBuilder path_builder( |
| 146 signature_policy.get(), verification_time, | 146 parsed_cert.get(), trust_store, signature_policy.get(), verification_time, |
| 147 net::KeyPurpose::ANY_EKU, &result); | 147 net::KeyPurpose::ANY_EKU, net::InitialExplicitPolicy::kFalse, |
| 148 {net::AnyPolicy()}, net::InitialPolicyMappingInhibit::kFalse, |
| 149 net::InitialAnyPolicyInhibit::kFalse, &result); |
| 148 path_builder.Run(); | 150 path_builder.Run(); |
| 149 if (!result.HasValidPath()) { | 151 if (!result.HasValidPath()) { |
| 150 VLOG(2) << "CRL - Issuer certificate verification failed."; | 152 VLOG(2) << "CRL - Issuer certificate verification failed."; |
| 151 // TODO(crbug.com/634443): Log the error information. | 153 // TODO(crbug.com/634443): Log the error information. |
| 152 return false; | 154 return false; |
| 153 } | 155 } |
| 154 // There are no requirements placed on the leaf certificate having any | 156 // There are no requirements placed on the leaf certificate having any |
| 155 // particular KeyUsages. Leaf certificate checks are bypassed. | 157 // particular KeyUsages. Leaf certificate checks are bypassed. |
| 156 | 158 |
| 157 // Verify the CRL is still valid. | 159 // Verify the CRL is still valid. |
| (...skipping 184 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 342 LOG(ERROR) << "CRL - Verification failed."; | 344 LOG(ERROR) << "CRL - Verification failed."; |
| 343 return nullptr; | 345 return nullptr; |
| 344 } | 346 } |
| 345 return base::MakeUnique<CastCRLImpl>(tbs_crl, overall_not_after); | 347 return base::MakeUnique<CastCRLImpl>(tbs_crl, overall_not_after); |
| 346 } | 348 } |
| 347 LOG(ERROR) << "No supported version of revocation data."; | 349 LOG(ERROR) << "No supported version of revocation data."; |
| 348 return nullptr; | 350 return nullptr; |
| 349 } | 351 } |
| 350 | 352 |
| 351 } // namespace cast_certificate | 353 } // namespace cast_certificate |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2898303005:
Wire up certificate policies support in PathBuilder. (Closed)
