Cast needs an implementation for verifying the custom Cast CRL and verifying a certificate's revocation status based on that CRL.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a758ec2ba845713d654a75c2c0251d460244c58d commit a758ec2ba845713d654a75c2c0251d460244c58d Author: ryanchung <ryanchung@chromium.org> Date: Fri Jun 17 08:23:09 2016 Add an out parameter to VerifyCertificateChain for retrieving the trusted chain. Until certificate path building is available, this will be temporarily used to obtain the full chain built by VerifyCertificateChain. BUG= 618463 Review-Url: https://codereview.chromium.org/2078653002 Cr-Commit-Position: refs/heads/master@{#400396} [modify] https://crrev.com/a758ec2ba845713d654a75c2c0251d460244c58d/components/cast_certificate/cast_cert_validator.cc [modify] https://crrev.com/a758ec2ba845713d654a75c2c0251d460244c58d/net/cert/internal/verify_certificate_chain.cc [modify] https://crrev.com/a758ec2ba845713d654a75c2c0251d460244c58d/net/cert/internal/verify_certificate_chain.h [modify] https://crrev.com/a758ec2ba845713d654a75c2c0251d460244c58d/net/cert/internal/verify_certificate_chain_pkits_unittest.cc [modify] https://crrev.com/a758ec2ba845713d654a75c2c0251d460244c58d/net/cert/internal/verify_certificate_chain_unittest.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/698608f28ed2df276f920c9691cbfcb8f9069337 commit 698608f28ed2df276f920c9691cbfcb8f9069337 Author: ryanchung <ryanchung@chromium.org> Date: Mon Jul 25 16:44:02 2016 Cast device revocation checking. Cast device certificates may be revoked through two ways: 1. The hash of the public key. 2. A serial number range for an issuer identified by the hash of its public key. A customized proto is used as the medium for this information. This change contains the implementation for verifying the custom CRL and verifying a certificate's revocation status based on that CRL. BUG= 618463 Review-Url: https://codereview.chromium.org/2050983002 Cr-Commit-Position: refs/heads/master@{#407492} [modify] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/chrome/common/extensions/api/networking_private/networking_private_crypto.cc [modify] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/chrome/common/extensions/api/networking_private/networking_private_crypto.h [modify] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/chrome/common/extensions/api/networking_private/networking_private_crypto_unittest.cc [modify] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/cast_certificate.gypi [modify] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/cast_certificate/BUILD.gn [modify] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/cast_certificate/DEPS [modify] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/cast_certificate/cast_cert_validator.cc [modify] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/cast_certificate/cast_cert_validator.h [modify] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/cast_certificate/cast_cert_validator_test_helpers.cc [modify] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/cast_certificate/cast_cert_validator_test_helpers.h [modify] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/cast_certificate/cast_cert_validator_unittest.cc [add] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/cast_certificate/cast_crl.cc [add] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/cast_certificate/cast_crl.h [add] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/cast_certificate/cast_crl_root_ca_cert_der-inc.h [add] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/cast_certificate/cast_crl_unittest.cc [add] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/cast_certificate/proto/BUILD.gn [add] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/cast_certificate/proto/revocation.proto [add] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/cast_certificate/proto/test_suite.proto [modify] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/components_tests.gyp [add] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/test/data/cast_certificate/certificates/cast_crl_test_root_ca.pem [add] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/test/data/cast_certificate/certificates/cast_test_root_ca.pem [add] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/test/data/cast_certificate/testsuite/README [add] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/test/data/cast_certificate/testsuite/testsuite1.pb [add] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/components/test/data/cast_certificate/testsuite/testsuite1.pb_text [modify] https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337/extensions/browser/api/cast_channel/cast_auth_util.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3c7b546289d230828d59a97ac569d0f96a3cfd66 commit 3c7b546289d230828d59a97ac569d0f96a3cfd66 Author: mpearson <mpearson@chromium.org> Date: Mon Jul 25 19:06:20 2016 Revert of Cast device revocation checking. (patchset #26 id:500001 of https://codereview.chromium.org/2050983002/ ) Reason for revert: Causes failure on https://build.chromium.org/p/chromium.linux/builders/Linux%20Tests%20%28dbg%29%281%29%2832%29/builds/31399 in components_unittests failures VerifyCastDeviceCertTest.ChromecastGen2InvalidTime VerifyCastDeviceCertTest.ChromecastGen2InvalidTime (run #1): [ RUN ] VerifyCastDeviceCertTest.ChromecastGen2InvalidTime ../../components/cast_certificate/cast_cert_validator_unittest.cc:99: Failure Value of: base::Time::FromUTCExploded(time, &result) Actual: false Expected: true [ FAILED ] VerifyCastDeviceCertTest.ChromecastGen2InvalidTime (13 ms) Original issue's description: > Cast device revocation checking. > > Cast device certificates may be revoked through two ways: > 1. The hash of the public key. > 2. A serial number range for an issuer identified by the hash > of its public key. > > A customized proto is used as the medium for this information. > > This change contains the implementation for verifying the custom CRL > and verifying a certificate's revocation status based on that CRL. > > BUG= 618463 > > Committed: https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337 > Cr-Commit-Position: refs/heads/master@{#407492} TBR=sheretov@chromium.org,eroman@chromium.org,asargent@chromium.org,davidben@chromium.org,ryanchung@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= 618463 Review-Url: https://codereview.chromium.org/2181013002 Cr-Commit-Position: refs/heads/master@{#407537} [modify] https://crrev.com/3c7b546289d230828d59a97ac569d0f96a3cfd66/chrome/common/extensions/api/networking_private/networking_private_crypto.cc [modify] https://crrev.com/3c7b546289d230828d59a97ac569d0f96a3cfd66/chrome/common/extensions/api/networking_private/networking_private_crypto.h [modify] https://crrev.com/3c7b546289d230828d59a97ac569d0f96a3cfd66/chrome/common/extensions/api/networking_private/networking_private_crypto_unittest.cc [modify] https://crrev.com/3c7b546289d230828d59a97ac569d0f96a3cfd66/components/cast_certificate.gypi [modify] https://crrev.com/3c7b546289d230828d59a97ac569d0f96a3cfd66/components/cast_certificate/BUILD.gn [modify] https://crrev.com/3c7b546289d230828d59a97ac569d0f96a3cfd66/components/cast_certificate/DEPS [modify] https://crrev.com/3c7b546289d230828d59a97ac569d0f96a3cfd66/components/cast_certificate/cast_cert_validator.cc [modify] https://crrev.com/3c7b546289d230828d59a97ac569d0f96a3cfd66/components/cast_certificate/cast_cert_validator.h [modify] https://crrev.com/3c7b546289d230828d59a97ac569d0f96a3cfd66/components/cast_certificate/cast_cert_validator_test_helpers.cc [modify] https://crrev.com/3c7b546289d230828d59a97ac569d0f96a3cfd66/components/cast_certificate/cast_cert_validator_test_helpers.h [modify] https://crrev.com/3c7b546289d230828d59a97ac569d0f96a3cfd66/components/cast_certificate/cast_cert_validator_unittest.cc [delete] https://crrev.com/0daad56565682b4aaf87ba2d290cb370b9344bba/components/cast_certificate/cast_crl.cc [delete] https://crrev.com/0daad56565682b4aaf87ba2d290cb370b9344bba/components/cast_certificate/cast_crl.h [delete] https://crrev.com/0daad56565682b4aaf87ba2d290cb370b9344bba/components/cast_certificate/cast_crl_root_ca_cert_der-inc.h [delete] https://crrev.com/0daad56565682b4aaf87ba2d290cb370b9344bba/components/cast_certificate/cast_crl_unittest.cc [delete] https://crrev.com/0daad56565682b4aaf87ba2d290cb370b9344bba/components/cast_certificate/proto/BUILD.gn [delete] https://crrev.com/0daad56565682b4aaf87ba2d290cb370b9344bba/components/cast_certificate/proto/revocation.proto [delete] https://crrev.com/0daad56565682b4aaf87ba2d290cb370b9344bba/components/cast_certificate/proto/test_suite.proto [modify] https://crrev.com/3c7b546289d230828d59a97ac569d0f96a3cfd66/components/components_tests.gyp [delete] https://crrev.com/0daad56565682b4aaf87ba2d290cb370b9344bba/components/test/data/cast_certificate/certificates/cast_crl_test_root_ca.pem [delete] https://crrev.com/0daad56565682b4aaf87ba2d290cb370b9344bba/components/test/data/cast_certificate/certificates/cast_test_root_ca.pem [delete] https://crrev.com/0daad56565682b4aaf87ba2d290cb370b9344bba/components/test/data/cast_certificate/testsuite/README [delete] https://crrev.com/0daad56565682b4aaf87ba2d290cb370b9344bba/components/test/data/cast_certificate/testsuite/testsuite1.pb [delete] https://crrev.com/0daad56565682b4aaf87ba2d290cb370b9344bba/components/test/data/cast_certificate/testsuite/testsuite1.pb_text [modify] https://crrev.com/3c7b546289d230828d59a97ac569d0f96a3cfd66/extensions/browser/api/cast_channel/cast_auth_util.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ed1a0da4ea59a8f42d133818eed5e34d45fa163b commit ed1a0da4ea59a8f42d133818eed5e34d45fa163b Author: ryanchung <ryanchung@chromium.org> Date: Tue Jul 26 04:14:13 2016 Cast device revocation checking. Cast device certificates may be revoked through two ways: 1. The hash of the public key. 2. A serial number range for an issuer identified by the hash of its public key. A customized proto is used as the medium for this information. This change contains the implementation for verifying the custom CRL and verifying a certificate's revocation status based on that CRL. BUG= 618463 Committed: https://crrev.com/698608f28ed2df276f920c9691cbfcb8f9069337 Review-Url: https://codereview.chromium.org/2050983002 Cr-Original-Commit-Position: refs/heads/master@{#407492} Cr-Commit-Position: refs/heads/master@{#407704} [modify] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/chrome/common/extensions/api/networking_private/networking_private_crypto.cc [modify] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/chrome/common/extensions/api/networking_private/networking_private_crypto.h [modify] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/chrome/common/extensions/api/networking_private/networking_private_crypto_unittest.cc [modify] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/cast_certificate.gypi [modify] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/cast_certificate/BUILD.gn [modify] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/cast_certificate/DEPS [modify] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/cast_certificate/cast_cert_validator.cc [modify] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/cast_certificate/cast_cert_validator.h [modify] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/cast_certificate/cast_cert_validator_test_helpers.cc [modify] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/cast_certificate/cast_cert_validator_test_helpers.h [modify] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/cast_certificate/cast_cert_validator_unittest.cc [add] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/cast_certificate/cast_crl.cc [add] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/cast_certificate/cast_crl.h [add] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/cast_certificate/cast_crl_root_ca_cert_der-inc.h [add] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/cast_certificate/cast_crl_unittest.cc [add] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/cast_certificate/proto/BUILD.gn [add] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/cast_certificate/proto/revocation.proto [add] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/cast_certificate/proto/test_suite.proto [modify] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/components_tests.gyp [add] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/test/data/cast_certificate/certificates/cast_crl_test_root_ca.pem [add] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/test/data/cast_certificate/certificates/cast_test_root_ca.pem [add] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/test/data/cast_certificate/testsuite/README [add] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/test/data/cast_certificate/testsuite/testsuite1.pb [add] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/components/test/data/cast_certificate/testsuite/testsuite1.pb_text [modify] https://crrev.com/ed1a0da4ea59a8f42d133818eed5e34d45fa163b/extensions/browser/api/cast_channel/cast_auth_util.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e0e3a6c65f43c70856bf100eadc1cdaed6adacd1 commit e0e3a6c65f43c70856bf100eadc1cdaed6adacd1 Author: ryanchung <ryanchung@chromium.org> Date: Thu Aug 04 23:31:24 2016 Add production Cast CRL certificate. Modify tests to support testing the production CRLs. BUG= 618463 Review-Url: https://codereview.chromium.org/2205403002 Cr-Commit-Position: refs/heads/master@{#409933} [modify] https://crrev.com/e0e3a6c65f43c70856bf100eadc1cdaed6adacd1/components/cast_certificate/cast_cert_validator.cc [modify] https://crrev.com/e0e3a6c65f43c70856bf100eadc1cdaed6adacd1/components/cast_certificate/cast_cert_validator.h [modify] https://crrev.com/e0e3a6c65f43c70856bf100eadc1cdaed6adacd1/components/cast_certificate/cast_crl.cc [modify] https://crrev.com/e0e3a6c65f43c70856bf100eadc1cdaed6adacd1/components/cast_certificate/cast_crl.h [modify] https://crrev.com/e0e3a6c65f43c70856bf100eadc1cdaed6adacd1/components/cast_certificate/cast_crl_root_ca_cert_der-inc.h [modify] https://crrev.com/e0e3a6c65f43c70856bf100eadc1cdaed6adacd1/components/cast_certificate/cast_crl_unittest.cc [modify] https://crrev.com/e0e3a6c65f43c70856bf100eadc1cdaed6adacd1/components/test/data/cast_certificate/testsuite/testsuite1.pb [modify] https://crrev.com/e0e3a6c65f43c70856bf100eadc1cdaed6adacd1/components/test/data/cast_certificate/testsuite/testsuite1.pb_text
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/559a29a14edcfdb03f5c952d0f6534b5bc4b7667 commit 559a29a14edcfdb03f5c952d0f6534b5bc4b7667 Author: ryanchung <ryanchung@chromium.org> Date: Tue Oct 18 02:57:38 2016 Hook up Chrome Cast sender to Cast CRL. * Hook up cast_auth_util to Cast CRL. * Revocation status is not enforced at the moment. * Allows custom trust store to be passed to VerifyDeviceCert and ParseAndVerifyCRL. This is so that testing the Chrome Cast sender can use test roots. * Running the whole proto-test-suite on the Chrome Cast sender. Sync-up of the following with internal: * test_suite.proto * cast_channel.proto BUG= 618463 Review-Url: https://codereview.chromium.org/2303673004 Cr-Commit-Position: refs/heads/master@{#425875} [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/components/cast_certificate/BUILD.gn [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/components/cast_certificate/cast_cert_validator.cc [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/components/cast_certificate/cast_cert_validator.h [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/components/cast_certificate/cast_cert_validator_test_helpers.cc [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/components/cast_certificate/cast_cert_validator_test_helpers.h [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/components/cast_certificate/cast_cert_validator_unittest.cc [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/components/cast_certificate/cast_crl.cc [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/components/cast_certificate/cast_crl.h [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/components/cast_certificate/cast_crl_unittest.cc [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/components/cast_certificate/proto/test_suite.proto [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/components/test/data/cast_certificate/testsuite/testsuite1.pb [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/components/test/data/cast_certificate/testsuite/testsuite1.pb_text [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/extensions/browser/BUILD.gn [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/extensions/browser/api/cast_channel/cast_auth_util.cc [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/extensions/browser/api/cast_channel/cast_auth_util.h [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/extensions/browser/api/cast_channel/cast_auth_util_unittest.cc [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/extensions/browser/api/cast_channel/logger.cc [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/extensions/common/api/cast_channel/cast_channel.proto [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/extensions/common/api/cast_channel/logging.proto [modify] https://crrev.com/559a29a14edcfdb03f5c952d0f6534b5bc4b7667/tools/metrics/histograms/histograms.xml
Comment 1 by bugdroid1@chromium.org
, Jun 17 2016