Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(54)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/common/cast/cast_cert_validator.h

Issue 1924323002: Move Cast certificate verification code from extensions to components. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Simplified OWNERS files Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « extensions/browser/api/cast_channel/cast_auth_util_unittest.cc ('k') | extensions/common/cast/cast_cert_validator.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/common/cast/cast_cert_validator.h
diff --git a/extensions/common/cast/cast_cert_validator.h b/extensions/common/cast/cast_cert_validator.h
deleted file mode 100644
index 71ca34c0dddeca48dd0cab08cdf5a2280a0adbc9..0000000000000000000000000000000000000000
--- a/extensions/common/cast/cast_cert_validator.h
+++ /dev/null
@@ -1,103 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef EXTENSIONS_COMMON_CAST_CAST_CERT_VALIDATOR_H_
-#define EXTENSIONS_COMMON_CAST_CAST_CERT_VALIDATOR_H_
-
-#include <memory>
-#include <string>
-#include <vector>
-
-#include "base/compiler_specific.h"
-#include "base/macros.h"
-#include "base/strings/string_piece.h"
-#include "base/time/time.h"
-
-namespace extensions {
-namespace api {
-namespace cast_crypto {
-
-// Describes the policy for a Device certificate.
-enum class CastDeviceCertPolicy {
- // The device certificate is unrestricted.
- NONE,
-
- // The device certificate is for an audio-only device.
- AUDIO_ONLY,
-};
-
-// An object of this type is returned by the VerifyDeviceCert function, and can
-// be used for additional certificate-related operations, using the verified
-// certificate.
-class CertVerificationContext {
- public:
- CertVerificationContext() {}
- virtual ~CertVerificationContext() {}
-
- // Use the public key from the verified certificate to verify a
- // sha1WithRSAEncryption |signature| over arbitrary |data|. Both |signature|
- // and |data| hold raw binary data. Returns true if the signature was
- // correct.
- virtual bool VerifySignatureOverData(const base::StringPiece& signature,
- const base::StringPiece& data) const = 0;
-
- // Retrieve the Common Name attribute of the subject's distinguished name from
- // the verified certificate, if present. Returns an empty string if no Common
- // Name is found.
- virtual std::string GetCommonName() const = 0;
-
- private:
- DISALLOW_COPY_AND_ASSIGN(CertVerificationContext);
-};
-
-// Verifies a cast device certficate given a chain of DER-encoded certificates.
-//
-// Inputs:
-//
-// * |certs| is a chain of DER-encoded certificates:
-// * |certs[0]| is the target certificate (i.e. the device certificate)
-// * |certs[i]| is the certificate that issued certs[i-1]
-// * |certs.back()| must be signed by a trust anchor
-//
-// * |time| is the UTC time to use for determining if the certificate
-// is expired.
-//
-// Outputs:
-//
-// Returns true on success, false on failure. On success the output
-// parameters are filled with more details:
-//
-// * |context| is filled with an object that can be used to verify signatures
-// using the device certificate's public key, as well as to extract other
-// properties from the device certificate (Common Name).
-// * |policy| is filled with an indication of the device certificate's policy
-// (i.e. is it for audio-only devices or is it unrestricted?)
-bool VerifyDeviceCert(const std::vector<std::string>& certs,
- const base::Time::Exploded& time,
- std::unique_ptr<CertVerificationContext>* context,
- CastDeviceCertPolicy* policy) WARN_UNUSED_RESULT;
-
-// Exposed only for unit-tests, not for use in production code.
-// Production code would get a context from VerifyDeviceCert().
-//
-// Constructs a VerificationContext that uses the provided public key.
-// The common name will be hardcoded to some test value.
-std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest(
- const base::StringPiece& spki);
-
-// Exposed only for testing, not for use in production code.
-//
-// Injects trusted root certificates into the CastTrustStore.
-// |data| must remain valid and not be mutated throughout the lifetime of
-// the program.
-// Warning: Using this function concurrently with VerifyDeviceCert()
-// is not thread safe.
-bool AddTrustAnchorForTest(const uint8_t* data,
- size_t length) WARN_UNUSED_RESULT;
-
-} // namespace cast_crypto
-} // namespace api
-} // namespace extensions
-
-#endif // EXTENSIONS_COMMON_CAST_CAST_CERT_VALIDATOR_H_
« no previous file with comments | « extensions/browser/api/cast_channel/cast_auth_util_unittest.cc ('k') | extensions/common/cast/cast_cert_validator.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698