Verify certificate of Privet v3 device

chrome/browser/local_discovery/privet_http.h

Index: chrome/browser/local_discovery/privet_http.h
diff --git a/chrome/browser/local_discovery/privet_http.h b/chrome/browser/local_discovery/privet_http.h
index e750b1b05e23b26bfce66ce2b5dea2be6365a58e..b0a807771201c1151bc08520773ee9000fd2cdd3 100644
--- a/chrome/browser/local_discovery/privet_http.h
+++ b/chrome/browser/local_discovery/privet_http.h
@@ -62,6 +62,23 @@ class PrivetHTTPClient {
 
   virtual void RefreshPrivetToken(
       const PrivetURLFetcher::TokenCallback& token_callback) = 0;
+
+  // After this call only HTTPS will be used. Only requests to the server with
+  // matching certificate will be allowed.
+  // Privet v3 devices must supports HTTPS. However the device has self-signed
+  // certificate so normal validation is not useful. The only know information
+  // about device is fingerprint of the certificate.
+  // Before using HTTPS, Privet v3 pairing generates a shared secret using
+  // SPAKE2 over an insecure channel. Then the device sends the fingerprint
+  // to the client, over the insecure channel, but signed using the shared
+  // secret.
+  // More info on pairing:
+  // https://developers.google.com/cloud-devices/v1/reference/local-api/pairing_start
+  virtual void SwitchToHttps(
+      uint16_t port,
+      const net::SHA256HashValue& certificate_fingerprint) = 0;
+
+  virtual bool IsInHttpsMode() const = 0;
 };
 
 class PrivetDataReadOperation {
@@ -101,7 +118,7 @@ class PrivetRegisterOperation {
     FAILURE_JSON_ERROR,
     FAILURE_MALFORMED_RESPONSE,
     FAILURE_TOKEN,
-    FAILURE_RETRY
+    FAILURE_UNKNOWN,
   };
 
   class Delegate {