| Index: extensions/common/cast/cast_cert_validator.h
|
| diff --git a/extensions/common/cast/cast_cert_validator.h b/extensions/common/cast/cast_cert_validator.h
|
| deleted file mode 100644
|
| index 71ca34c0dddeca48dd0cab08cdf5a2280a0adbc9..0000000000000000000000000000000000000000
|
| --- a/extensions/common/cast/cast_cert_validator.h
|
| +++ /dev/null
|
| @@ -1,103 +0,0 @@
|
| -// Copyright 2014 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -#ifndef EXTENSIONS_COMMON_CAST_CAST_CERT_VALIDATOR_H_
|
| -#define EXTENSIONS_COMMON_CAST_CAST_CERT_VALIDATOR_H_
|
| -
|
| -#include <memory>
|
| -#include <string>
|
| -#include <vector>
|
| -
|
| -#include "base/compiler_specific.h"
|
| -#include "base/macros.h"
|
| -#include "base/strings/string_piece.h"
|
| -#include "base/time/time.h"
|
| -
|
| -namespace extensions {
|
| -namespace api {
|
| -namespace cast_crypto {
|
| -
|
| -// Describes the policy for a Device certificate.
|
| -enum class CastDeviceCertPolicy {
|
| - // The device certificate is unrestricted.
|
| - NONE,
|
| -
|
| - // The device certificate is for an audio-only device.
|
| - AUDIO_ONLY,
|
| -};
|
| -
|
| -// An object of this type is returned by the VerifyDeviceCert function, and can
|
| -// be used for additional certificate-related operations, using the verified
|
| -// certificate.
|
| -class CertVerificationContext {
|
| - public:
|
| - CertVerificationContext() {}
|
| - virtual ~CertVerificationContext() {}
|
| -
|
| - // Use the public key from the verified certificate to verify a
|
| - // sha1WithRSAEncryption |signature| over arbitrary |data|. Both |signature|
|
| - // and |data| hold raw binary data. Returns true if the signature was
|
| - // correct.
|
| - virtual bool VerifySignatureOverData(const base::StringPiece& signature,
|
| - const base::StringPiece& data) const = 0;
|
| -
|
| - // Retrieve the Common Name attribute of the subject's distinguished name from
|
| - // the verified certificate, if present. Returns an empty string if no Common
|
| - // Name is found.
|
| - virtual std::string GetCommonName() const = 0;
|
| -
|
| - private:
|
| - DISALLOW_COPY_AND_ASSIGN(CertVerificationContext);
|
| -};
|
| -
|
| -// Verifies a cast device certficate given a chain of DER-encoded certificates.
|
| -//
|
| -// Inputs:
|
| -//
|
| -// * |certs| is a chain of DER-encoded certificates:
|
| -// * |certs[0]| is the target certificate (i.e. the device certificate)
|
| -// * |certs[i]| is the certificate that issued certs[i-1]
|
| -// * |certs.back()| must be signed by a trust anchor
|
| -//
|
| -// * |time| is the UTC time to use for determining if the certificate
|
| -// is expired.
|
| -//
|
| -// Outputs:
|
| -//
|
| -// Returns true on success, false on failure. On success the output
|
| -// parameters are filled with more details:
|
| -//
|
| -// * |context| is filled with an object that can be used to verify signatures
|
| -// using the device certificate's public key, as well as to extract other
|
| -// properties from the device certificate (Common Name).
|
| -// * |policy| is filled with an indication of the device certificate's policy
|
| -// (i.e. is it for audio-only devices or is it unrestricted?)
|
| -bool VerifyDeviceCert(const std::vector<std::string>& certs,
|
| - const base::Time::Exploded& time,
|
| - std::unique_ptr<CertVerificationContext>* context,
|
| - CastDeviceCertPolicy* policy) WARN_UNUSED_RESULT;
|
| -
|
| -// Exposed only for unit-tests, not for use in production code.
|
| -// Production code would get a context from VerifyDeviceCert().
|
| -//
|
| -// Constructs a VerificationContext that uses the provided public key.
|
| -// The common name will be hardcoded to some test value.
|
| -std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest(
|
| - const base::StringPiece& spki);
|
| -
|
| -// Exposed only for testing, not for use in production code.
|
| -//
|
| -// Injects trusted root certificates into the CastTrustStore.
|
| -// |data| must remain valid and not be mutated throughout the lifetime of
|
| -// the program.
|
| -// Warning: Using this function concurrently with VerifyDeviceCert()
|
| -// is not thread safe.
|
| -bool AddTrustAnchorForTest(const uint8_t* data,
|
| - size_t length) WARN_UNUSED_RESULT;
|
| -
|
| -} // namespace cast_crypto
|
| -} // namespace api
|
| -} // namespace extensions
|
| -
|
| -#endif // EXTENSIONS_COMMON_CAST_CAST_CERT_VALIDATOR_H_
|
|
|
Chromium Code Reviews
Issue 1924323002:
Move Cast certificate verification code from extensions to components. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master