Make Cast certificate verification enforce constraints specified in the trusted root certificate.

net/cert/internal/verify_certificate_chain.h

Index: net/cert/internal/verify_certificate_chain.h
diff --git a/net/cert/internal/verify_certificate_chain.h b/net/cert/internal/verify_certificate_chain.h
index 35a3ebaea89c680ec6013776bc74ff584c2abcc1..46a03f136184c218c6f9bd81f9878d051c6dd7a8 100644
--- a/net/cert/internal/verify_certificate_chain.h
+++ b/net/cert/internal/verify_certificate_chain.h
@@ -13,11 +13,12 @@
 #include "base/compiler_specific.h"
 #include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
+#include "net/cert/internal/parse_certificate.h"
+#include "net/der/input.h"
 
 namespace net {
 
 namespace der {
-class Input;
 struct GeneralizedTime;
 }
 
@@ -26,20 +27,50 @@ class SignaturePolicy;
 struct NET_EXPORT TrustAnchor {
   ~TrustAnchor();
 
-  // DER-encoded SubjectPublicKeyInfo for the trusted key.
-  std::string spki;
+  // Initializes the TrustAnchor given a DER-encoded certificate. If |copy|
+  // is true, a copy of the provided data is made. Otherwise no copy is
+  // made but the caller must ensure the pointer remains valid for the
+  // lifetime of the TrustStore.
+  bool AssignCertData(const uint8_t* data, size_t length, bool copy);
 
-  // DER-encoded "Name" corresponding to the key.
-  std::string name;
+  // The backing store for the certificate data in case it was copied.
+  std::string owned_cert_tlv;
+
+  // Points to the raw certificate DER (might be |owned_cert_tlv|, or might
+  // be something else).
+  der::Input cert_tlv;
+
+  ParsedCertificate cert;
+  ParsedTbsCertificate tbs;
 };
 
-// A very simple implementation of a TrustStore, which contains mappings from
-// names to trusted public keys.
+// A very simple implementation of a TrustStore, which contains a set of
+// trusted certificates.

[mattm, 2016/04/16 02:40:29]

I thought we still wanted to allow having trust anchors without a full cert,
from the conversations with Ryan a while ago.

[eroman, 2016/04/18 20:43:03]

I spoke with Ryan and he was of the opinion that requiring trust anchors to be
full certificates was fine (and perhaps desirable).

Requiring this allows for some simplifications. For instance the constructed
paths can simply be a sequence of certificates, rather than having to
communicate what the trust anchor was separately. This is nice from an API
perspective, and also great for diagnostics.

 struct NET_EXPORT TrustStore {
   TrustStore();
   TrustStore(const TrustStore& other);
   ~TrustStore();
 
+  bool AddTrustedCertificate(const uint8_t* data,
+                             size_t length) WARN_UNUSED_RESULT;
+  bool AddTrustedCertificate(const base::StringPiece& data) WARN_UNUSED_RESULT;
+
+  // Same as AddTrustedCertificate(), but skips copying the certificate
+  // data. The caller MUST ensure that data pointer remains valid and is not
+  // mutated. This can be used to point to static data and avoid copying it,
+  // but shoudl otherwise be avoided.

[mattm, 2016/04/16 02:40:29]

should

[eroman, 2016/04/18 20:43:03]

Done.

+  bool AddTrustedCertificateWithoutCopying(const uint8_t* data,
+                                           size_t length) WARN_UNUSED_RESULT;
+
+  // Returns nullptr if no certificate matching |name| is in the TrustStore.
+  // Otherwise returns the DER data for the matching certificate.
+  const der::Input* FindTrustedCertificateByName(const der::Input& name) const
+      WARN_UNUSED_RESULT;
+
+  // Returns true if |cert_der| matches a certificate in the TrustStore.
+  bool IsTrustedCertificate(const der::Input& cert_der) const
+      WARN_UNUSED_RESULT;
+
   std::vector<TrustAnchor> anchors;
 };