| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/api/cast_channel/cast_auth_util.h" | 5 #include "extensions/browser/api/cast_channel/cast_auth_util.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/strings/string_number_conversions.h" | 8 #include "base/strings/string_number_conversions.h" |
| 9 #include "base/strings/stringprintf.h" | 9 #include "base/strings/stringprintf.h" |
| 10 #include "extensions/browser/api/cast_channel/cast_message_util.h" | 10 #include "extensions/browser/api/cast_channel/cast_message_util.h" |
| 11 #include "extensions/common/api/cast_channel/cast_channel.pb.h" | 11 #include "extensions/common/api/cast_channel/cast_channel.pb.h" |
| 12 | 12 |
| 13 namespace extensions { | 13 namespace extensions { |
| 14 namespace core_api { | 14 namespace core_api { |
| 15 namespace cast_channel { | 15 namespace cast_channel { |
| 16 namespace { | 16 namespace { |
| 17 | 17 |
| 18 const char* const kParseErrorPrefix = "Failed to parse auth message: "; | 18 const char* const kParseErrorPrefix = "Failed to parse auth message: "; |
| 19 | 19 |
| 20 } // namespace | 20 // Extracts an embedded DeviceAuthMessage payload from an auth challenge reply |
| 21 | 21 // message. |
| 22 AuthResult::AuthResult() : error_type(ERROR_NONE), nss_error_code(0) { | |
| 23 } | |
| 24 | |
| 25 AuthResult::~AuthResult() { | |
| 26 } | |
| 27 | |
| 28 // static | |
| 29 AuthResult AuthResult::CreateWithParseError(const std::string& error_message, | |
| 30 ErrorType error_type) { | |
| 31 return AuthResult(kParseErrorPrefix + error_message, error_type, 0); | |
| 32 } | |
| 33 | |
| 34 // static | |
| 35 AuthResult AuthResult::CreateWithNSSError(const std::string& error_message, | |
| 36 ErrorType error_type, | |
| 37 int nss_error_code) { | |
| 38 return AuthResult(error_message, error_type, nss_error_code); | |
| 39 } | |
| 40 | |
| 41 AuthResult::AuthResult(const std::string& error_message, | |
| 42 ErrorType error_type, | |
| 43 int nss_error_code) | |
| 44 : error_message(error_message), | |
| 45 error_type(error_type), | |
| 46 nss_error_code(nss_error_code) { | |
| 47 } | |
| 48 | |
| 49 AuthResult ParseAuthMessage(const CastMessage& challenge_reply, | 22 AuthResult ParseAuthMessage(const CastMessage& challenge_reply, |
| 50 DeviceAuthMessage* auth_message) { | 23 DeviceAuthMessage* auth_message) { |
| 51 if (challenge_reply.payload_type() != CastMessage_PayloadType_BINARY) { | 24 if (challenge_reply.payload_type() != CastMessage_PayloadType_BINARY) { |
| 52 return AuthResult::CreateWithParseError( | 25 return AuthResult::CreateWithParseError( |
| 53 "Wrong payload type in challenge reply", | 26 "Wrong payload type in challenge reply", |
| 54 AuthResult::ERROR_WRONG_PAYLOAD_TYPE); | 27 AuthResult::ERROR_WRONG_PAYLOAD_TYPE); |
| 55 } | 28 } |
| 56 if (!challenge_reply.has_payload_binary()) { | 29 if (!challenge_reply.has_payload_binary()) { |
| 57 return AuthResult::CreateWithParseError( | 30 return AuthResult::CreateWithParseError( |
| 58 "Payload type is binary but payload_binary field not set", | 31 "Payload type is binary but payload_binary field not set", |
| (...skipping 13 matching lines...) Expand all Loading... |
| 72 base::IntToString(auth_message->error().error_type()), | 45 base::IntToString(auth_message->error().error_type()), |
| 73 AuthResult::ERROR_MESSAGE_ERROR); | 46 AuthResult::ERROR_MESSAGE_ERROR); |
| 74 } | 47 } |
| 75 if (!auth_message->has_response()) { | 48 if (!auth_message->has_response()) { |
| 76 return AuthResult::CreateWithParseError( | 49 return AuthResult::CreateWithParseError( |
| 77 "Auth message has no response field", AuthResult::ERROR_NO_RESPONSE); | 50 "Auth message has no response field", AuthResult::ERROR_NO_RESPONSE); |
| 78 } | 51 } |
| 79 return AuthResult(); | 52 return AuthResult(); |
| 80 } | 53 } |
| 81 | 54 |
| 55 } // namespace |
| 56 |
| 57 AuthResult::AuthResult() : error_type(ERROR_NONE), nss_error_code(0) { |
| 58 } |
| 59 |
| 60 AuthResult::~AuthResult() { |
| 61 } |
| 62 |
| 63 AuthResult::AuthResult(const AuthResult& rvalue) : |
| 64 error_message(rvalue.error_message), |
| 65 error_type(rvalue.error_type), |
| 66 nss_error_code(rvalue.nss_error_code), |
| 67 openssl_error_stack(rvalue.openssl_error_stack) {} |
| 68 |
| 69 // static |
| 70 AuthResult AuthResult::CreateWithParseError(const std::string& error_message, |
| 71 ErrorType error_type) { |
| 72 return AuthResult(kParseErrorPrefix + error_message, error_type, 0, |
| 73 std::vector<OpenSslErrorEntry>()); |
| 74 } |
| 75 |
| 76 // static |
| 77 AuthResult AuthResult::CreateWithNSSError(const std::string& error_message, |
| 78 ErrorType error_type, |
| 79 int nss_error_code) { |
| 80 return AuthResult(error_message, error_type, nss_error_code, |
| 81 std::vector<OpenSslErrorEntry>()); |
| 82 } |
| 83 |
| 84 // static |
| 85 AuthResult AuthResult::CreateWithOpenSSLErrors( |
| 86 const std::string& error_message, |
| 87 ErrorType error_type, |
| 88 const std::vector<OpenSslErrorEntry>& openssl_error_stack) { |
| 89 return AuthResult(kParseErrorPrefix + error_message, error_type, 0, |
| 90 openssl_error_stack); |
| 91 } |
| 92 |
| 93 AuthResult::AuthResult( |
| 94 const std::string& error_message, |
| 95 ErrorType error_type, |
| 96 int nss_error_code, |
| 97 const std::vector<OpenSslErrorEntry>& openssl_error_stack) |
| 98 : error_message(error_message), |
| 99 error_type(error_type), |
| 100 nss_error_code(nss_error_code), |
| 101 openssl_error_stack(openssl_error_stack) { |
| 102 } |
| 103 |
| 104 AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply, |
| 105 const std::string& peer_cert) { |
| 106 if (peer_cert.empty()) { |
| 107 AuthResult result = AuthResult::CreateWithParseError( |
| 108 "Peer cert was empty.", AuthResult::ERROR_PEER_CERT_EMPTY); |
| 109 VLOG(1) << result.error_message; |
| 110 return result; |
| 111 } |
| 112 |
| 113 DeviceAuthMessage auth_message; |
| 114 AuthResult result = ParseAuthMessage(challenge_reply, &auth_message); |
| 115 if (!result.success()) { |
| 116 VLOG(1) << result.error_message; |
| 117 return result; |
| 118 } |
| 119 |
| 120 const AuthResponse& response = auth_message.response(); |
| 121 result = VerifyCredentials(response, peer_cert); |
| 122 if (!result.success()) { |
| 123 VLOG(1) << result.error_message; |
| 124 return result; |
| 125 } |
| 126 |
| 127 return AuthResult(); |
| 128 } |
| 129 |
| 82 } // namespace cast_channel | 130 } // namespace cast_channel |
| 83 } // namespace core_api | 131 } // namespace core_api |
| 84 } // namespace extensions | 132 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 687733004:
Implement crypto signature verification routines using OpenSSL. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master