| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/api/cast_channel/cast_auth_util.h" | 5 #include "extensions/browser/api/cast_channel/cast_auth_util.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <cryptohi.h> | 8 #include <cryptohi.h> |
| 9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
| 10 #include <seccomon.h> | 10 #include <seccomon.h> |
| (...skipping 658 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 669 crypto::EnsureNSSInit(); | 669 crypto::EnsureNSSInit(); |
| 670 SECItem der_cert; | 670 SECItem der_cert; |
| 671 der_cert.type = siDERCertBuffer; | 671 der_cert.type = siDERCertBuffer; |
| 672 // Make a copy of certificate string so it is safe to type cast. | 672 // Make a copy of certificate string so it is safe to type cast. |
| 673 der_cert.data = reinterpret_cast<unsigned char*>(const_cast<char*>( | 673 der_cert.data = reinterpret_cast<unsigned char*>(const_cast<char*>( |
| 674 certificate.data())); | 674 certificate.data())); |
| 675 der_cert.len = certificate.length(); | 675 der_cert.len = certificate.length(); |
| 676 | 676 |
| 677 // Parse into a certificate structure. | 677 // Parse into a certificate structure. |
| 678 ScopedCERTCertificate cert(CERT_NewTempCertificate( | 678 ScopedCERTCertificate cert(CERT_NewTempCertificate( |
| 679 CERT_GetDefaultCertDB(), &der_cert, NULL, PR_FALSE, PR_TRUE)); | 679 CERT_GetDefaultCertDB(), &der_cert, nullptr, PR_FALSE, PR_TRUE)); |
| 680 if (!cert.get()) { | 680 if (!cert.get()) { |
| 681 return AuthResult::CreateWithNSSError( | 681 return AuthResult::CreateWithNSSError( |
| 682 kErrorPrefix + "Failed to parse certificate.", | 682 kErrorPrefix + "Failed to parse certificate.", |
| 683 AuthResult::ERROR_NSS_CERT_PARSING_FAILED, | 683 AuthResult::ERROR_NSS_CERT_PARSING_FAILED, |
| 684 PORT_GetError()); | 684 PORT_GetError()); |
| 685 } | 685 } |
| 686 | 686 |
| 687 // Check that the certificate is signed by trusted CA. | 687 // Check that the certificate is signed by trusted CA. |
| 688 // NOTE: We const_cast trusted_ca_key_der since on some platforms | 688 // NOTE: We const_cast trusted_ca_key_der since on some platforms |
| 689 // SECKEY_ImportDERPublicKey API takes in SECItem* and not const | 689 // SECKEY_ImportDERPublicKey API takes in SECItem* and not const |
| 690 // SECItem*. | 690 // SECItem*. |
| 691 crypto::ScopedSECKEYPublicKey ca_public_key( | 691 crypto::ScopedSECKEYPublicKey ca_public_key( |
| 692 SECKEY_ImportDERPublicKey( | 692 SECKEY_ImportDERPublicKey( |
| 693 const_cast<SECItem*>(trusted_ca_key_der), CKK_RSA)); | 693 const_cast<SECItem*>(trusted_ca_key_der), CKK_RSA)); |
| 694 SECStatus verified = CERT_VerifySignedDataWithPublicKey( | 694 SECStatus verified = CERT_VerifySignedDataWithPublicKey( |
| 695 &cert->signatureWrap, ca_public_key.get(), NULL); | 695 &cert->signatureWrap, ca_public_key.get(), nullptr); |
| 696 if (verified != SECSuccess) { | 696 if (verified != SECSuccess) { |
| 697 return AuthResult::CreateWithNSSError( | 697 return AuthResult::CreateWithNSSError( |
| 698 kErrorPrefix + "Cert not signed by trusted CA", | 698 kErrorPrefix + "Cert not signed by trusted CA", |
| 699 AuthResult::ERROR_NSS_CERT_NOT_SIGNED_BY_TRUSTED_CA, | 699 AuthResult::ERROR_NSS_CERT_NOT_SIGNED_BY_TRUSTED_CA, |
| 700 PORT_GetError()); | 700 PORT_GetError()); |
| 701 } | 701 } |
| 702 | 702 |
| 703 VLOG(1) << "Cert signed by trusted CA"; | 703 VLOG(1) << "Cert signed by trusted CA"; |
| 704 | 704 |
| 705 // Verify that the |signature| matches |data|. | 705 // Verify that the |signature| matches |data|. |
| 706 crypto::ScopedSECKEYPublicKey public_key(CERT_ExtractPublicKey(cert.get())); | 706 crypto::ScopedSECKEYPublicKey public_key(CERT_ExtractPublicKey(cert.get())); |
| 707 if (!public_key.get()) { | 707 if (!public_key.get()) { |
| 708 return AuthResult::CreateWithNSSError( | 708 return AuthResult::CreateWithNSSError( |
| 709 kErrorPrefix + "Unable to extract public key from certificate", | 709 kErrorPrefix + "Unable to extract public key from certificate", |
| 710 AuthResult::ERROR_NSS_CANNOT_EXTRACT_PUBLIC_KEY, | 710 AuthResult::ERROR_NSS_CANNOT_EXTRACT_PUBLIC_KEY, |
| 711 PORT_GetError()); | 711 PORT_GetError()); |
| 712 } | 712 } |
| 713 SECItem signature_item; | 713 SECItem signature_item; |
| 714 signature_item.type = siBuffer; | 714 signature_item.type = siBuffer; |
| 715 signature_item.data = reinterpret_cast<unsigned char*>( | 715 signature_item.data = reinterpret_cast<unsigned char*>( |
| 716 const_cast<char*>(signature.data())); | 716 const_cast<char*>(signature.data())); |
| 717 signature_item.len = signature.length(); | 717 signature_item.len = signature.length(); |
| 718 verified = VFY_VerifyDataDirect( | 718 verified = VFY_VerifyDataDirect( |
| 719 reinterpret_cast<unsigned char*>(const_cast<char*>(data.data())), | 719 reinterpret_cast<unsigned char*>(const_cast<char*>(data.data())), |
| 720 data.size(), | 720 data.size(), |
| 721 public_key.get(), | 721 public_key.get(), |
| 722 &signature_item, | 722 &signature_item, |
| 723 SEC_OID_PKCS1_RSA_ENCRYPTION, | 723 SEC_OID_PKCS1_RSA_ENCRYPTION, |
| 724 SEC_OID_SHA1, NULL, NULL); | 724 SEC_OID_SHA1, |
| 725 nullptr, |
| 726 nullptr); |
| 725 | 727 |
| 726 if (verified != SECSuccess) { | 728 if (verified != SECSuccess) { |
| 727 return AuthResult::CreateWithNSSError( | 729 return AuthResult::CreateWithNSSError( |
| 728 kErrorPrefix + "Signed blobs did not match", | 730 kErrorPrefix + "Signed blobs did not match", |
| 729 AuthResult::ERROR_NSS_SIGNED_BLOBS_MISMATCH, | 731 AuthResult::ERROR_NSS_SIGNED_BLOBS_MISMATCH, |
| 730 PORT_GetError()); | 732 PORT_GetError()); |
| 731 } | 733 } |
| 732 | 734 |
| 733 VLOG(1) << "Signature verification succeeded"; | 735 VLOG(1) << "Signature verification succeeded"; |
| 734 | 736 |
| (...skipping 26 matching lines...) Expand all Loading... |
| 761 << ", NSS error code: " << result.nss_error_code; | 763 << ", NSS error code: " << result.nss_error_code; |
| 762 return result; | 764 return result; |
| 763 } | 765 } |
| 764 | 766 |
| 765 return AuthResult(); | 767 return AuthResult(); |
| 766 } | 768 } |
| 767 | 769 |
| 768 } // namespace cast_channel | 770 } // namespace cast_channel |
| 769 } // namespace core_api | 771 } // namespace core_api |
| 770 } // namespace extensions | 772 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 598173003:
Run clang-modernize -use-nullptr over src/extensions/. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master