Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/browser/api/cast_channel/cast_auth_util_nss.cc

Issue 627573002: Enable passing cast channel certificate authority keys. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixed initialization code. Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« extensions/browser/api/cast_channel/cast_auth_util.h ('K') | « extensions/browser/api/cast_channel/cast_auth_util.h ('k') | extensions/browser/api/cast_channel/cast_channel_api.h » ('j') | extensions/browser/api/cast_channel/cast_channel_api.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/browser/api/cast_channel/cast_auth_util_nss.cc
diff --git a/extensions/browser/api/cast_channel/cast_auth_util_nss.cc b/extensions/browser/api/cast_channel/cast_auth_util_nss.cc
index bfee716b247a401e8b3514ad11e8aaec4936824a..c6ede18472238d3754996c184e13685d7d9ead36 100644
--- a/extensions/browser/api/cast_channel/cast_auth_util_nss.cc
+++ b/extensions/browser/api/cast_channel/cast_auth_util_nss.cc
@@ -10,11 +10,14 @@
#include <seccomon.h>
#include <string>
+#include "base/base64.h"
#include "base/logging.h"
#include "base/strings/stringprintf.h"
#include "crypto/nss_util.h"
#include "crypto/scoped_nss_types.h"
+#include "crypto/signature_verifier.h"
#include "extensions/browser/api/cast_channel/cast_message_util.h"
+#include "extensions/common/api/cast_channel/authority_keys.pb.h"
#include "extensions/common/api/cast_channel/cast_channel.pb.h"
#include "net/base/hash_value.h"
#include "net/cert/x509_certificate.h"
@@ -25,11 +28,13 @@ namespace cast_channel {
namespace {
-// Fingerprints and public keys of the allowed / trusted ICAs.
-static const net::SHA1HashValue kFingerprintICA1 = { {
- 0x57,0x16,0xE2,0xAD,0x73,0x2E,0xBE,0xDA,0xEB,0x18,
- 0xE8,0x47,0x15,0xA8,0xDE,0x90,0x3B,0x5E,0x2A,0xF4
-} };
+// Fingerprint, public key size, public key data of the allowed / trusted ICAs.
+static const unsigned char kFingerprintICA1[] = {
Ryan Sleevi 2014/10/09 21:02:42 You changed the format here, without updating the
vadimgo 2014/10/09 23:31:55 I did update the document. I would prefer to keep
+ 0x52,0x9D,0x9C,0xD6,0x7F,0xE5,0xEB,0x69,0x8E,0x70,0xDD,0x26,
+ 0xD7,0xD8,0xF1,0x26,0x59,0xF1,0xE6,0xE5,0x23,0x48,0xBF,0x6A,
+ 0x5C,0xF7,0x16,0xE1,0x3F,0x41,0x0E,0x73
+};
+
static const unsigned char kPublicKeyICA1[] = {
0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xBC,0x22,0x80,
0xBD,0x80,0xF6,0x3A,0x21,0x00,0x3B,0xAE,0x76,0x5E,0x35,0x7F,
@@ -56,10 +61,12 @@ static const unsigned char kPublicKeyICA1[] = {
0x1B,0x02,0x03,0x01,0x00,0x01
};
-static const net::SHA1HashValue kFingerprintICA2 = { {
- 0x1B,0xA2,0x9E,0xC9,0x8E,0x4E,0xB3,0x80,0xEE,0x55,
- 0xB2,0x97,0xFD,0x2E,0x2B,0x2C,0xB6,0x8E,0x0B,0x2F
-} };
+static const unsigned char kFingerprintICA2[] = {
+ 0x98,0xD6,0x6D,0xE8,0x1C,0x56,0x47,0x84,0x4D,0x96,0x43,0x4D,
+ 0x37,0xC4,0x8D,0xC2,0xCE,0x7F,0x08,0x72,0x50,0x19,0xE7,0xB6,
+ 0xE8,0x92,0x7F,0x56,0xD6,0x81,0xAA,0x18
+};
+
static const unsigned char kPublicKeyICA2[] = {
0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xBC,0x22,0x80,
0xBD,0x80,0xF6,0x3A,0x21,0x00,0x3B,0xAE,0x76,0x5E,0x35,0x7F,
@@ -86,11 +93,45 @@ static const unsigned char kPublicKeyICA2[] = {
0x1B,0x02,0x03,0x01,0x00,0x01
};
-static const net::SHA1HashValue kFingerprintICA3 = { {
- 0x97,0x05,0xCE,0xF6,0x3F,0xA9,0x5E,0x0F,0xE7,0x61,
- 0xFB,0x08,0x44,0x31,0xBE,0xDE,0x01,0xB8,0xFB,0xEB
-} };
+static const unsigned char kFingerprintICA3[] = {
+ 0xA2,0x48,0xC2,0xE8,0x54,0xE6,0x56,0xA5,0x6D,0xE8,0x23,0x1F,
+ 0x1E,0xE1,0x75,0x6F,0xDB,0xE4,0x07,0xF9,0xFE,0xD4,0x65,0x0D,
+ 0x60,0xCC,0x5A,0xCB,0x65,0x11,0xC7,0x20
+};
+
static const unsigned char kPublicKeyICA3[] = {
+ 0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xB0,0x0E,0x5E,
+ 0x07,0x3A,0xDF,0xA4,0x5F,0x68,0xF7,0x21,0xC7,0x64,0xDB,0xB6,
+ 0x76,0xEF,0xEE,0x8B,0x93,0xF8,0xF6,0x1B,0x88,0xE1,0x93,0xB7,
+ 0x17,0xF0,0x15,0x1E,0x7E,0x52,0x55,0x77,0x3C,0x02,0x8D,0x7B,
+ 0x4A,0x6C,0xD3,0xBD,0xD6,0xC1,0x9C,0x72,0xC8,0xB3,0x15,0xCF,
+ 0x11,0xC1,0xF5,0x46,0xC4,0xD5,0x20,0x47,0xFB,0x30,0xF4,0xE4,
+ 0x61,0x0C,0x68,0xF0,0x5E,0xAB,0x37,0x8E,0x9B,0xE1,0xBC,0x81,
+ 0xC3,0x70,0x8A,0x78,0xD6,0x83,0x34,0x32,0x9C,0x19,0x62,0xEB,
+ 0xE4,0x9C,0xED,0xE3,0x64,0x6C,0x41,0x1D,0x9C,0xD2,0x8B,0x48,
+ 0x4C,0x23,0x90,0x95,0xB3,0xE7,0x52,0xEA,0x05,0x57,0xCC,0x60,
+ 0xB3,0xBA,0x14,0xE4,0xBA,0x00,0x39,0xE4,0x46,0x55,0x74,0xCE,
+ 0x5A,0x8E,0x7A,0x67,0x23,0xDA,0x68,0x0A,0xFA,0xC4,0x84,0x1E,
+ 0xB4,0xC5,0xA1,0xA2,0x6A,0x73,0x1F,0x6E,0xC8,0x2E,0x2F,0x9A,
+ 0x9E,0xA8,0xB1,0x0E,0xFD,0x87,0xA6,0x8F,0x4D,0x3D,0x4B,0x05,
+ 0xD5,0x35,0x5A,0x74,0x4D,0xBC,0x8E,0x82,0x44,0x96,0xF4,0xB5,
+ 0x95,0x60,0x4E,0xA5,0xDF,0x27,0x3D,0x41,0x5C,0x07,0xA3,0xB4,
+ 0x35,0x5A,0xB3,0x9E,0xF2,0x05,0x24,0xCA,0xCD,0x31,0x5A,0x0D,
+ 0x26,0x4C,0xD4,0xD3,0xFD,0x50,0xE1,0x34,0xE9,0x4C,0x81,0x58,
+ 0x30,0xB2,0xC7,0x7A,0xDD,0x81,0x89,0xA6,0xD4,0x3A,0x38,0x84,
+ 0x03,0xB7,0x34,0x9E,0x77,0x3F,0xFF,0x78,0x07,0x5B,0x99,0xC1,
+ 0xB2,0x1F,0x35,0x56,0x6E,0x3A,0x3C,0x0C,0x25,0xE1,0x57,0xF6,
+ 0x8A,0x7E,0x49,0xC0,0xCC,0x83,0x11,0x35,0xE7,0x91,0x6D,0x2E,
+ 0x65,0x02,0x03,0x01,0x00,0x01
+};
+
+static const unsigned char kFingerprintICA4[] = {
+ 0x2B,0x9B,0xC7,0x92,0xCD,0x2A,0x20,0xB3,0x65,0x5E,0x57,0xFB,
+ 0x10,0x1A,0x95,0x93,0x62,0x53,0x69,0x50,0x52,0xA2,0x71,0x42,
+ 0x2B,0xFE,0xB5,0xB4,0x5D,0xC5,0xA5,0xE9
+};
+
+static const unsigned char kPublicKeyICA4[] = {
0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xB7,0xE8,0xC3,
0xE4,0x2C,0xDE,0x74,0x53,0xF2,0x49,0x95,0x6D,0xD1,0xDA,0x69,
0x57,0x0D,0x86,0xE5,0xED,0xB4,0xB9,0xE6,0x73,0x9F,0x6C,0xAD,
@@ -116,40 +157,12 @@ static const unsigned char kPublicKeyICA3[] = {
0x09,0x02,0x03,0x01,0x00,0x01
};
-static const net::SHA1HashValue kFingerprintICA4 = { {
- 0x01,0xF5,0x28,0x56,0x33,0x80,0x9B,0x31,0xE7,0xD9,
- 0xF7,0x4E,0xAA,0xDD,0x97,0x37,0xA0,0x28,0xE7,0x24
-} };
-static const unsigned char kPublicKeyICA4[] = {
- 0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xB0,0x0E,0x5E,
- 0x07,0x3A,0xDF,0xA4,0x5F,0x68,0xF7,0x21,0xC7,0x64,0xDB,0xB6,
- 0x76,0xEF,0xEE,0x8B,0x93,0xF8,0xF6,0x1B,0x88,0xE1,0x93,0xB7,
- 0x17,0xF0,0x15,0x1E,0x7E,0x52,0x55,0x77,0x3C,0x02,0x8D,0x7B,
- 0x4A,0x6C,0xD3,0xBD,0xD6,0xC1,0x9C,0x72,0xC8,0xB3,0x15,0xCF,
- 0x11,0xC1,0xF5,0x46,0xC4,0xD5,0x20,0x47,0xFB,0x30,0xF4,0xE4,
- 0x61,0x0C,0x68,0xF0,0x5E,0xAB,0x37,0x8E,0x9B,0xE1,0xBC,0x81,
- 0xC3,0x70,0x8A,0x78,0xD6,0x83,0x34,0x32,0x9C,0x19,0x62,0xEB,
- 0xE4,0x9C,0xED,0xE3,0x64,0x6C,0x41,0x1D,0x9C,0xD2,0x8B,0x48,
- 0x4C,0x23,0x90,0x95,0xB3,0xE7,0x52,0xEA,0x05,0x57,0xCC,0x60,
- 0xB3,0xBA,0x14,0xE4,0xBA,0x00,0x39,0xE4,0x46,0x55,0x74,0xCE,
- 0x5A,0x8E,0x7A,0x67,0x23,0xDA,0x68,0x0A,0xFA,0xC4,0x84,0x1E,
- 0xB4,0xC5,0xA1,0xA2,0x6A,0x73,0x1F,0x6E,0xC8,0x2E,0x2F,0x9A,
- 0x9E,0xA8,0xB1,0x0E,0xFD,0x87,0xA6,0x8F,0x4D,0x3D,0x4B,0x05,
- 0xD5,0x35,0x5A,0x74,0x4D,0xBC,0x8E,0x82,0x44,0x96,0xF4,0xB5,
- 0x95,0x60,0x4E,0xA5,0xDF,0x27,0x3D,0x41,0x5C,0x07,0xA3,0xB4,
- 0x35,0x5A,0xB3,0x9E,0xF2,0x05,0x24,0xCA,0xCD,0x31,0x5A,0x0D,
- 0x26,0x4C,0xD4,0xD3,0xFD,0x50,0xE1,0x34,0xE9,0x4C,0x81,0x58,
- 0x30,0xB2,0xC7,0x7A,0xDD,0x81,0x89,0xA6,0xD4,0x3A,0x38,0x84,
- 0x03,0xB7,0x34,0x9E,0x77,0x3F,0xFF,0x78,0x07,0x5B,0x99,0xC1,
- 0xB2,0x1F,0x35,0x56,0x6E,0x3A,0x3C,0x0C,0x25,0xE1,0x57,0xF6,
- 0x8A,0x7E,0x49,0xC0,0xCC,0x83,0x11,0x35,0xE7,0x91,0x6D,0x2E,
- 0x65,0x02,0x03,0x01,0x00,0x01
+static const unsigned char kFingerprintICA5[] = {
+ 0xFD,0xCD,0x0D,0x59,0x29,0xF8,0x7A,0x62,0xD2,0xFE,0x0F,0xD8,
+ 0x94,0xB8,0x32,0xF1,0xD4,0x9C,0x73,0xF9,0xD3,0x51,0x8B,0x64,
+ 0x67,0x3E,0x04,0x97,0x0B,0x0A,0x4F,0xAD
};
-static const net::SHA1HashValue kFingerprintICA5 = { {
- 0x59,0xD6,0xA3,0xAB,0xF3,0x2E,0x1D,0x33,0x6C,0xA1,
- 0x08,0xA4,0x8A,0xA4,0x32,0x90,0x5C,0x63,0x2B,0x1E
-} };
static const unsigned char kPublicKeyICA5[] = {
0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xC2,0xF6,0xD5,
0x91,0xDC,0x37,0xB4,0x9A,0x73,0x4A,0xE7,0x74,0x6D,0x03,0xAE,
@@ -176,10 +189,12 @@ static const unsigned char kPublicKeyICA5[] = {
0xDF,0x02,0x03,0x01,0x00,0x01
};
-static const net::SHA1HashValue kFingerprintICA6 = { {
- 0xE0,0xE1,0x57,0x47,0xFD,0x50,0xA4,0x99,0x80,0x6E,
- 0x52,0x40,0x9F,0x9C,0xE3,0x9F,0x6D,0x81,0x59,0xFE
-} };
+static const unsigned char kFingerprintICA6[] = {
+ 0xD6,0xA1,0xC4,0xBC,0x74,0x5B,0xC8,0xE9,0xED,0xF8,0x9C,0x0D,
+ 0x55,0xCC,0xB2,0xC9,0xF3,0x04,0xF6,0x6E,0x4D,0x3D,0x27,0x4C,
+ 0xA3,0xFC,0x0F,0x4B,0x95,0x55,0x10,0x7E
+};
+
static const unsigned char kPublicKeyICA6[] = {
0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xB5,0xC8,0x14,
0x5B,0x94,0x2E,0x8E,0x40,0xBC,0x8A,0xAB,0x1F,0x48,0xEE,0xA5,
@@ -206,10 +221,12 @@ static const unsigned char kPublicKeyICA6[] = {
0xE9,0x02,0x03,0x01,0x00,0x01
};
-static const net::SHA1HashValue kFingerprintICA7 = { {
- 0xF9,0xDC,0x51,0x97,0x48,0xB6,0x61,0xBD,0x60,0x78,
- 0x91,0x6B,0x20,0xC1,0x9A,0xA3,0xCA,0xEC,0xF8,0xFC
-} };
+static const unsigned char kFingerprintICA7[] = {
+ 0xB6,0xB3,0x4F,0x73,0x23,0x9D,0xA6,0xDD,0x9A,0x26,0xF7,0xD5,
+ 0x9E,0x26,0x3B,0xF0,0x0C,0x01,0x6B,0x21,0x17,0x41,0xE5,0xAD,
+ 0x92,0xA5,0xA0,0x0B,0xD7,0x31,0x26,0x11
+};
+
static const unsigned char kPublicKeyICA7[] = {
0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xCC,0xE2,0xB6,
0x2F,0x11,0xAB,0xFF,0xD0,0x5D,0x63,0x97,0x59,0xFA,0x5F,0x26,
@@ -236,10 +253,12 @@ static const unsigned char kPublicKeyICA7[] = {
0x3F,0x02,0x03,0x01,0x00,0x01
};
-static const net::SHA1HashValue kFingerprintICA8 = { {
- 0x51,0xD4,0x70,0x0A,0x03,0x6E,0xA5,0x6A,0xF3,0x99,
- 0xCF,0x3D,0x0F,0x17,0x8D,0x10,0x1A,0x4B,0xD2,0x44
-} };
+static const unsigned char kFingerprintICA8[] = {
+ 0xE9,0xD4,0x83,0xD3,0x78,0x01,0xB1,0x1A,0xB8,0x8E,0xE1,0x87,
+ 0xB1,0x88,0xD5,0xE2,0xF0,0xFE,0x18,0xE7,0xCE,0xB8,0x10,0x06,
+ 0x3E,0xA5,0x05,0x4A,0x1A,0x9D,0x1C,0x11
+};
+
static const unsigned char kPublicKeyICA8[] = {
0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xBF,0x3A,0x31,
0xFC,0xF8,0xE6,0xEE,0xC0,0x48,0x00,0xB4,0x05,0x65,0x36,0x23,
@@ -266,10 +285,12 @@ static const unsigned char kPublicKeyICA8[] = {
0xB9,0x02,0x03,0x01,0x00,0x01
};
-static const net::SHA1HashValue kFingerprintICA9 = { {
- 0x9B,0x2A,0x45,0xBD,0x4F,0x80,0x53,0x94,0xD3,0xA7,
- 0x9D,0xC7,0xFA,0xCD,0x77,0x0B,0x36,0xB2,0x3C,0x18
-} };
+static const unsigned char kFingerprintICA9[] = {
+ 0x7A,0x96,0xE1,0xA4,0xDE,0xEB,0x04,0x23,0xD6,0xC4,0xFD,0x98,
+ 0xDF,0x25,0x83,0x25,0x2C,0x3E,0xE0,0x23,0x35,0x9F,0x4B,0x92,
+ 0x08,0xAB,0xE8,0x7C,0xB1,0xD8,0x4D,0x85
+};
+
static const unsigned char kPublicKeyICA9[] = {
0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xE5,0x44,0x79,
0xD4,0x75,0x3A,0xBD,0x25,0x6F,0x89,0xF7,0x94,0xE9,0x23,0xAE,
@@ -296,10 +317,12 @@ static const unsigned char kPublicKeyICA9[] = {
0xA1,0x02,0x03,0x01,0x00,0x01
};
-static const net::SHA1HashValue kFingerprintICA10 = { {
- 0xDD,0x37,0x71,0xB1,0x84,0x07,0xA5,0x1A,0x8B,0x9C,
- 0x75,0xA3,0x77,0x3B,0xE4,0x67,0x04,0xB8,0x66,0xE5
-} };
+static const unsigned char kFingerprintICA10[] = {
+ 0x61,0x79,0xBE,0x64,0x83,0xD6,0x71,0xCE,0x4F,0xEE,0x95,0x5B,
+ 0xF3,0x6A,0x1D,0xDB,0xC9,0x51,0x2F,0xF4,0x0C,0xF8,0xA5,0x1C,
+ 0x4F,0x31,0x2A,0x93,0x9A,0x94,0x07,0xF7
+};
+
static const unsigned char kPublicKeyICA10[] = {
0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xAF,0xA1,0x27,
0x5B,0x18,0x01,0xF9,0x16,0x7C,0xB9,0x1D,0xBB,0x34,0xC4,0x45,
@@ -326,10 +349,12 @@ static const unsigned char kPublicKeyICA10[] = {
0x8F,0x02,0x03,0x01,0x00,0x01
};
-static const net::SHA1HashValue kFingerprintICA11 = { {
- 0x34,0xAB,0x0F,0x01,0x2C,0x4F,0x99,0x70,0xA2,0x44,
- 0x57,0x12,0xFB,0xE3,0x52,0xC4,0x9E,0x0A,0x20,0x6B
-} };
+static const unsigned char kFingerprintICA11[] = {
+ 0x9C,0x1E,0xB3,0xEA,0x88,0xAA,0x1C,0x1E,0x0A,0xE7,0x9C,0x2B,
+ 0x43,0xFF,0x46,0xD4,0xC8,0xF5,0xF4,0xFF,0x43,0x71,0xFB,0x83,
+ 0xE4,0x81,0x13,0x8D,0xAD,0x82,0x42,0xE8
+};
+
static const unsigned char kPublicKeyICA11[] = {
0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xA8,0xB2,0x65,
0xFB,0x07,0xB0,0x21,0xBE,0x11,0xD1,0xDA,0x5D,0x89,0xB5,0xAA,
@@ -356,10 +381,12 @@ static const unsigned char kPublicKeyICA11[] = {
0xF9,0x02,0x03,0x01,0x00,0x01
};
-static const net::SHA1HashValue kFingerprintICA12 = { {
- 0x7C,0x3E,0x64,0x37,0x30,0xA4,0x6D,0xE5,0x16,0x7F,
- 0xAC,0xEA,0xEA,0x2A,0x16,0x3E,0xE7,0x15,0x45,0x3A
-} };
+static const unsigned char kFingerprintICA12[] = {
+ 0xFF,0xFA,0x45,0x0D,0x1D,0xB6,0x31,0x13,0xA7,0x43,0x70,0x19,
+ 0x6E,0xCB,0xDB,0xA4,0x3F,0x74,0xF4,0xBD,0x63,0xAD,0x8E,0xFD,
+ 0x35,0x62,0xB3,0xF9,0xE8,0x69,0x1F,0xDB
+};
+
static const unsigned char kPublicKeyICA12[] = {
0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xD9,0xE3,0x76,
0x97,0x6A,0xEF,0x2D,0x16,0xD5,0xF9,0xDC,0x9D,0x0E,0x65,0x12,
@@ -386,10 +413,12 @@ static const unsigned char kPublicKeyICA12[] = {
0xF1,0x02,0x03,0x01,0x00,0x01
};
-static const net::SHA1HashValue kFingerprintICA13 = { {
- 0x26,0x43,0xE5,0x33,0x9E,0x07,0x14,0x83,0x9A,0xB1,
- 0xCF,0x38,0x1C,0x77,0x74,0xF0,0xE5,0xBF,0x88,0x6F
-} };
+static const unsigned char kFingerprintICA13[] = {
+ 0xE0,0x2C,0x66,0xCD,0x6F,0x96,0xFC,0x1B,0x5A,0x43,0xC4,0xA5,
+ 0x19,0xB6,0x6F,0x0B,0xFE,0xA7,0x58,0x0D,0xC1,0x02,0x3E,0xFE,
+ 0xFF,0x9C,0xE4,0x9E,0xB1,0x7E,0x3F,0x79
+};
+
static const unsigned char kPublicKeyICA13[] = {
0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xBB,0xE5,0x0F,
0xD2,0x1C,0x6B,0xBA,0x23,0xA9,0x2F,0x87,0xEC,0xDB,0x92,0x3F,
@@ -416,10 +445,12 @@ static const unsigned char kPublicKeyICA13[] = {
0x1D,0x02,0x03,0x01,0x00,0x01
};
-static const net::SHA1HashValue kFingerprintICA14 = { {
- 0xCF,0x58,0x82,0xEE,0x81,0x71,0x71,0x8E,0x2C,0xBD,
- 0xDB,0x87,0xE0,0x18,0xF5,0xED,0xDA,0x85,0x4A,0x13
-} };
+static const unsigned char kFingerprintICA14[] = {
+ 0x3B,0x60,0x2E,0xE9,0x9F,0x75,0x7C,0x18,0xE3,0x08,0x1E,0xC0,
+ 0x72,0xE9,0x20,0x05,0x0B,0x83,0xD7,0xB7,0x5E,0x25,0x47,0xE7,
+ 0xE6,0x44,0x2C,0x40,0xF4,0xA9,0xA1,0xD0
+};
+
static const unsigned char kPublicKeyICA14[] = {
0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xAD,0x16,0x57,
0x87,0xD7,0x0D,0xA3,0xA2,0x7E,0x8B,0xAE,0x45,0x7A,0x1F,0xCA,
@@ -446,10 +477,12 @@ static const unsigned char kPublicKeyICA14[] = {
0xD9,0x02,0x03,0x01,0x00,0x01
};
-static const net::SHA1HashValue kFingerprintICA15 = { {
- 0xFD,0x28,0xC3,0x71,0x00,0x27,0x0F,0x36,0x28,0x32,
- 0x7F,0xE6,0xD6,0x8A,0x6F,0x59,0x58,0x4B,0x3E,0x1E
-} };
+static const unsigned char kFingerprintICA15[] = {
+ 0x09,0xA7,0x9F,0x65,0xE5,0x55,0x72,0xAA,0xFD,0xDB,0x74,0xE9,
+ 0xF8,0xFA,0x01,0x45,0x1D,0x8E,0xA4,0x17,0x48,0xAB,0x50,0x75,
+ 0xF9,0xB1,0x12,0xB0,0x6F,0xC8,0x08,0xAE
+};
+
static const unsigned char kPublicKeyICA15[] = {
0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xDD,0xFE,0x56,
0x5F,0x53,0x05,0x59,0x8F,0x7C,0xF4,0x8B,0x90,0x38,0xED,0x51,
@@ -476,10 +509,12 @@ static const unsigned char kPublicKeyICA15[] = {
0x99,0x02,0x03,0x01,0x00,0x01
};
-static const net::SHA1HashValue kFingerprintICA16 = { {
- 0xBC,0x59,0x07,0x13,0xA9,0xCE,0x8B,0xFE,0xE3,0x5B,
- 0xB7,0xC3,0xC3,0xC2,0x48,0x44,0xE8,0x6A,0x77,0xC0
-} };
+static const unsigned char kFingerprintICA16[] = {
+ 0x49,0x0D,0xC9,0x48,0xA1,0x6B,0x02,0xEA,0xC6,0xDA,0x47,0x99,
+ 0x36,0x4D,0xD2,0xAF,0x04,0xF7,0xEA,0x46,0x30,0xCF,0x33,0x79,
+ 0x73,0x10,0xAC,0x4C,0x07,0xB4,0x67,0xAD
+};
+
static const unsigned char kPublicKeyICA16[] = {
0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xD2,0xB0,0xC9,
0xB3,0x88,0xCD,0x93,0x23,0x6A,0x46,0xD3,0x69,0x0A,0xD7,0xFF,
@@ -508,91 +543,103 @@ static const unsigned char kPublicKeyICA16[] = {
// Info for trusted ICA certs.
struct ICACertInfo {
- const net::SHA1HashValue* fingerprint;
+ const net::SHA256HashValue* fingerprint;
SECItem public_key;
};
-// List of allowed / trusted ICAs.
static const ICACertInfo kAllowedICAs[] = {
- { &kFingerprintICA1,
+ { reinterpret_cast<const net::SHA256HashValue*>(&kFingerprintICA1),
{ siDERCertBuffer,
const_cast<unsigned char*>(kPublicKeyICA1),
sizeof(kPublicKeyICA1) } },
- { &kFingerprintICA2,
+ { reinterpret_cast<const net::SHA256HashValue*>(&kFingerprintICA2),
{ siDERCertBuffer,
const_cast<unsigned char*>(kPublicKeyICA2),
sizeof(kPublicKeyICA2) } },
- { &kFingerprintICA3,
+ { reinterpret_cast<const net::SHA256HashValue*>(&kFingerprintICA3),
{ siDERCertBuffer,
const_cast<unsigned char*>(kPublicKeyICA3),
sizeof(kPublicKeyICA3) } },
- { &kFingerprintICA4,
+ { reinterpret_cast<const net::SHA256HashValue*>(&kFingerprintICA4),
{ siDERCertBuffer,
const_cast<unsigned char*>(kPublicKeyICA4),
sizeof(kPublicKeyICA4) } },
- { &kFingerprintICA5,
+ { reinterpret_cast<const net::SHA256HashValue*>(&kFingerprintICA5),
{ siDERCertBuffer,
const_cast<unsigned char*>(kPublicKeyICA5),
sizeof(kPublicKeyICA5) } },
- { &kFingerprintICA6,
+ { reinterpret_cast<const net::SHA256HashValue*>(&kFingerprintICA6),
{ siDERCertBuffer,
const_cast<unsigned char*>(kPublicKeyICA6),
sizeof(kPublicKeyICA6) } },
- { &kFingerprintICA7,
+ { reinterpret_cast<const net::SHA256HashValue*>(&kFingerprintICA7),
{ siDERCertBuffer,
const_cast<unsigned char*>(kPublicKeyICA7),
sizeof(kPublicKeyICA7) } },
- { &kFingerprintICA8,
+ { reinterpret_cast<const net::SHA256HashValue*>(&kFingerprintICA8),
{ siDERCertBuffer,
const_cast<unsigned char*>(kPublicKeyICA8),
sizeof(kPublicKeyICA8) } },
- { &kFingerprintICA9,
+ { reinterpret_cast<const net::SHA256HashValue*>(&kFingerprintICA9),
{ siDERCertBuffer,
const_cast<unsigned char*>(kPublicKeyICA9),
sizeof(kPublicKeyICA9) } },
- { &kFingerprintICA10,
+ { reinterpret_cast<const net::SHA256HashValue*>(&kFingerprintICA10),
{ siDERCertBuffer,
const_cast<unsigned char*>(kPublicKeyICA10),
sizeof(kPublicKeyICA10) } },
- { &kFingerprintICA11,
+ { reinterpret_cast<const net::SHA256HashValue*>(&kFingerprintICA11),
{ siDERCertBuffer,
const_cast<unsigned char*>(kPublicKeyICA11),
sizeof(kPublicKeyICA11) } },
- { &kFingerprintICA12,
+ { reinterpret_cast<const net::SHA256HashValue*>(&kFingerprintICA12),
{ siDERCertBuffer,
const_cast<unsigned char*>(kPublicKeyICA12),
sizeof(kPublicKeyICA12) } },
- { &kFingerprintICA13,
+ { reinterpret_cast<const net::SHA256HashValue*>(&kFingerprintICA13),
{ siDERCertBuffer,
const_cast<unsigned char*>(kPublicKeyICA13),
sizeof(kPublicKeyICA13) } },
- { &kFingerprintICA14,
+ { reinterpret_cast<const net::SHA256HashValue*>(&kFingerprintICA14),
{ siDERCertBuffer,
const_cast<unsigned char*>(kPublicKeyICA14),
sizeof(kPublicKeyICA14) } },
- { &kFingerprintICA15,
+ { reinterpret_cast<const net::SHA256HashValue*>(&kFingerprintICA15),
{ siDERCertBuffer,
const_cast<unsigned char*>(kPublicKeyICA15),
sizeof(kPublicKeyICA15) } },
- { &kFingerprintICA16,
+ { reinterpret_cast<const net::SHA256HashValue*>(&kFingerprintICA16),
{ siDERCertBuffer,
const_cast<unsigned char*>(kPublicKeyICA16),
sizeof(kPublicKeyICA16) } },
};
+std::vector<ICACertInfo> g_AllowedICAs;
+std::unique_ptr<proto::AuthorityKeys> g_AuthorityKeys;
Ryan Sleevi 2014/10/09 21:02:42 BUG: We do not allow static class-types STYLE: g_A
vadimgo 2014/10/09 23:31:55 Done.
+
typedef scoped_ptr<
CERTCertificate,
crypto::NSSDestroyer<CERTCertificate, CERT_DestroyCertificate> >
ScopedCERTCertificate;
-// Returns the index of the ICA whose fingerprint matches |fingerprint|.
-// Returns -1, if no such ICA is found.
-static int GetICAWithFingerprint(const net::SHA1HashValue& fingerprint) {
- for (size_t i = 0; i < arraysize(kAllowedICAs); ++i) {
- if (kAllowedICAs[i].fingerprint->Equals(fingerprint))
- return static_cast<int>(i);
+// Initializes allowed ICAs using passed in data in the following format:
+static void InitializeAllowedICAs() {
+ for (size_t i = 0; i < arraysize(kAllowedICAs); i++) {
+ g_AllowedICAs.push_back(kAllowedICAs[i]);
}
- return -1;
+}
+
+// Returns the public key of the ICA whose fingerprint matches |fingerprint|.
+// Returns NULL, if no such ICA is found.
+static const SECItem* GetICAWithFingerprint(
+ const net::SHA256HashValue& fingerprint) {
+ for (std::vector<ICACertInfo>::const_iterator iter = g_AllowedICAs.begin();
+ iter != g_AllowedICAs.end();
+ ++iter) {
+ if ((*iter).fingerprint->Equals(fingerprint))
+ return &(*iter).public_key;
+ }
+ return NULL;
}
// Parses out DeviceAuthMessage from CastMessage
@@ -652,18 +699,26 @@ AuthResult VerifyCredentials(const AuthResponse& response,
VLOG(1) << "Response has " << num_intermediates << " intermediates";
+ if (g_AllowedICAs.size() == 0) {
+ InitializeAllowedICAs();
+ }
Ryan Sleevi 2014/10/09 21:02:42 BUG: Thread-unsafe initialization
vadimgo 2014/10/09 23:31:55 Done.
+
if (num_intermediates <= 0) {
- trusted_ca_key_der = &kAllowedICAs[0].public_key;
+ trusted_ca_key_der = &g_AllowedICAs[0].public_key;
} else {
const std::string& ica = response.intermediate_certificate(0);
scoped_refptr<net::X509Certificate> ica_cert
= net::X509Certificate::CreateFromBytes(ica.data(), ica.length());
- int index = GetICAWithFingerprint(ica_cert->fingerprint());
- if (index == -1) {
+
+ net::X509Certificate::OSCertHandles intermediate;
+ trusted_ca_key_der = GetICAWithFingerprint(
+ net::X509Certificate::CalculateChainFingerprint256(
+ ica_cert->os_cert_handle(), intermediate));
+
+ if (trusted_ca_key_der == NULL) {
return AuthResult::Create(kErrorPrefix + "Disallowed intermediate cert",
AuthResult::ERROR_FINGERPRINT_NOT_FOUND);
}
- trusted_ca_key_der = &kAllowedICAs[index].public_key;
}
crypto::EnsureNSSInit();
@@ -735,6 +790,61 @@ AuthResult VerifyCredentials(const AuthResponse& response,
return AuthResult();
}
+// Built in public key for verifying trusted authorities data.
+const uint8 kPublicKey[294]={
Ryan Sleevi 2014/10/09 21:02:43 STYLE: "const uint8 kPublicKey[] = { " 1) No nee
vadimgo 2014/10/09 23:31:55 Done.
+ 0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,
+ 0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,
+ 0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xD7,0x15,0xA7,
+ 0x03,0xC1,0xDE,0x7C,0x0E,0x8F,0x3E,0x15,0x7A,0x49,0x34,0x89,
+ 0xBC,0x00,0x4C,0x56,0xF3,0x75,0xD2,0x22,0x6D,0x23,0xE7,0x98,
+ 0x18,0x45,0xAB,0x24,0x4F,0x1B,0x24,0xAA,0xAD,0x60,0x11,0xDB,
+ 0xBF,0x9E,0xD5,0xD2,0x95,0x96,0x23,0x89,0xE3,0x60,0xEB,0xD3,
+ 0xF0,0x34,0xC2,0x17,0xFC,0x0E,0x86,0x46,0x74,0x67,0xFA,0x49,
+ 0xD9,0x79,0x04,0x3C,0xC4,0x69,0x97,0x5A,0x40,0x5F,0x39,0x3F,
+ 0xC3,0x9C,0xAC,0xD0,0xF0,0xD1,0xE1,0x6B,0xB9,0x48,0xEA,0x84,
+ 0x92,0x0C,0x4D,0xBE,0x32,0x59,0x47,0x00,0x9E,0x51,0xFD,0xA8,
+ 0xF5,0x8B,0x3C,0x85,0xB9,0xED,0x52,0xDA,0xDA,0x40,0x7D,0x8E,
+ 0xCE,0x8A,0x77,0x9D,0x0F,0xCA,0x6A,0x8F,0xC7,0xE3,0xFC,0xE2,
+ 0x29,0x30,0xE5,0xCE,0xCF,0xCB,0xFA,0x22,0x3F,0xFA,0x32,0x95,
+ 0x05,0x47,0xE9,0x1C,0xEE,0x31,0xBE,0xFE,0x35,0xFB,0x58,0xC8,
+ 0xF9,0x48,0xB3,0xE5,0xB0,0x1B,0xD6,0x40,0xFC,0xF4,0xB0,0xEC,
+ 0x9C,0x7F,0x21,0xDF,0xD7,0x3B,0x99,0xAA,0x07,0x53,0x73,0x50,
+ 0x78,0x72,0x31,0x48,0xDF,0x21,0x79,0xE3,0x86,0x19,0x66,0xC9,
+ 0x18,0x5F,0x35,0xC8,0x1C,0x10,0xE4,0xA1,0x19,0x4E,0x11,0xBD,
+ 0xFE,0xA9,0xFF,0x20,0x84,0xF6,0xC8,0xB7,0x48,0xFA,0xF0,0x74,
+ 0x55,0x37,0x0B,0xB1,0x66,0x8D,0xEE,0x3E,0x64,0x39,0xA3,0x90,
+ 0x60,0x88,0xAF,0x14,0xE9,0xE0,0x1A,0x22,0x4B,0xA4,0x48,0x42,
+ 0x1F,0xCF,0x16,0x9C,0x8F,0x6B,0x29,0xFB,0x80,0xF6,0x3D,0xA5,
+ 0x2E,0x51,0x2C,0x05,0x1F,0xD6,0x17,0x51,0x72,0x03,0x4C,0x30,
+ 0x37,0x02,0x03,0x01,0x00,0x01,
+};
+
+// Verifies signature of the data using built-in public key.
+bool VerifySignature(const std::string& signature, const std::string& data)
+{
Ryan Sleevi 2014/10/09 21:02:42 STYLE: Brace goes on the former line. You can use
vadimgo 2014/10/09 23:31:55 Done.
+ crypto::SignatureVerifier verifier;
+ crypto::SignatureVerifier::HashAlgorithm hash_alg =
+ crypto::SignatureVerifier::SHA256;
+ crypto::SignatureVerifier::HashAlgorithm mask_hash_alg = hash_alg;
+ unsigned int hash_len = 32;
+
+ if (!verifier.VerifyInitRSAPSS(
+ hash_alg,
+ mask_hash_alg,
+ hash_len,
+ reinterpret_cast<const uint8*>(signature.data()),
+ signature.size(),
+ kPublicKey,
+ sizeof(kPublicKey))) {
+ return false;
+ }
+
+ verifier.VerifyUpdate(reinterpret_cast<const uint8*>(data.data()),
+ data.size());
+
+ return verifier.VerifyFinal();
+}
+
} // namespace
AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,
@@ -765,6 +875,44 @@ AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,
return AuthResult();
}
+bool SetTrustedCertificateAuthorities(const std::string& signature,
+ const std::string& keys) {
+ std::string decodedSignature;
Ryan Sleevi 2014/10/09 21:02:42 STYLE: These variables need to be named consistent
vadimgo 2014/10/09 23:31:55 Done.
+ if (!base::Base64Decode(signature, &decodedSignature))
+ return false;
+
+ std::string decodedKeys;
+ if (!base::Base64Decode(keys, &decodedKeys))
+ return false;
+
+ if (!VerifySignature(decodedSignature, decodedKeys))
+ return false;
+
+ std::unique_ptr<proto::AuthorityKeys> authorityKeys(new proto::AuthorityKeys);
Ryan Sleevi 2014/10/09 21:02:42 STYLE: use scoped_ptr<>. unique_ptr<> is NOT bless
vadimgo 2014/10/09 23:31:55 Done.
+ if (!authorityKeys->ParseFromString(decodedKeys))
+ return false;
Ryan Sleevi 2014/10/09 21:02:43 STYLE: Invalid indent
vadimgo 2014/10/09 23:31:55 Done.
+
+ g_AllowedICAs.clear();
+ g_AuthorityKeys.swap(authorityKeys);
+
+ for (int i = 0; i < g_AuthorityKeys->keys_size(); i++) {
+ const std::string& fingerprint = g_AuthorityKeys->keys(i).fingerprint();
+ const std::string& public_key = g_AuthorityKeys->keys(i).public_key();
+
+ g_AllowedICAs.push_back(
+ {
Ryan Sleevi 2014/10/09 21:02:43 STYLE: This is some crazy syntax (isn't it GCC dep
vadimgo 2014/10/09 23:31:56 Done.
+ reinterpret_cast<const net::SHA256HashValue*>(fingerprint.data()),
+ {
+ siDERCertBuffer,
+ (unsigned char*)public_key.data(),
Ryan Sleevi 2014/10/09 21:02:42 style: Invalid cast (use static_cast)
vadimgo 2014/10/09 23:31:55 Done.
+ public_key.size()
+ }
+ });
+ }
+
+ return true;
+}
+
} // namespace cast_channel
} // namespace core_api
} // namespace extensions
« extensions/browser/api/cast_channel/cast_auth_util.h ('K') | « extensions/browser/api/cast_channel/cast_auth_util.h ('k') | extensions/browser/api/cast_channel/cast_channel_api.h » ('j') | extensions/browser/api/cast_channel/cast_channel_api.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698