Chromium Code Reviews Chromium Code Reviews
Issue 2050983002:
Cast device revocation checking. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef COMPONENTS_CAST_CERTIFICATE_CAST_CRL_H_ | |
| 6 #define COMPONENTS_CAST_CERTIFICATE_CAST_CRL_H_ | |
| 7 | |
| 8 #include <memory> | |
| 9 #include <string> | |
| 10 #include <vector> | |
| 11 | |
| 12 #include "base/compiler_specific.h" | |
| 13 #include "base/memory/ref_counted.h" | |
| 14 #include "base/time/time.h" | |
| 15 | |
| 16 namespace net { | |
| 17 class ParsedCertificate; | |
| 18 } // namespace net | |
| 19 | |
| 20 namespace cast_certificate { | |
| 21 | |
| 22 // This class represents the CRL information parsed from the binary proto. | |
| 23 class CastCRL { | |
| 24 public: | |
| 25 virtual ~CastCRL(){}; | |
| 26 | |
| 27 // Verifies the revocation status of a cast device certificate given a chain | |
| 28 // of DER-encoded certificates. | |
| 29 // | |
| 30 // Inputs: | |
| 31 // * |certs| is the verified chain of DER-encoded certificates: | |
| 32 // * |certs[0]| is the target certificate (i.e. the device certificate) | |
| 33 // * |certs[i]| is the certificate that issued certs[i-1] | |
| 34 // * |certs.back()| must be trusted anchor. | |
| 35 // | |
| 36 // * |time| is the UTC time to use for determining if the certificate | |
| 37 // is revoked. | |
| 38 virtual bool CheckRevocation( | |
| 39 const std::vector<scoped_refptr<net::ParsedCertificate>>& certs, | |
| 40 const base::Time::Exploded& time) const = 0; | |
| 41 }; | |
| 42 | |
| 43 // Parse and verify the CRL used to verify the revocation status of | |
| 44 // Cast device certificates. | |
| 45 // | |
| 46 // Inputs: | |
| 47 // * |crl_proto| is the byte representation of the Cast CRL proto. | |
|
sheretov
2016/07/08 18:07:07
How about: "is a serialized cast.CrlBundle proto.
ryanchung
2016/07/08 22:49:29
Done.
| |
| 48 // * |time| is the UTC time to use for determining if the CRL is valid. | |
| 49 // Output: | |
| 50 // Returns the CRL object if success, nullptr otherwise. | |
| 51 std::unique_ptr<CastCRL> ParseAndVerifyCRL(const std::string& crl_proto, | |
| 52 const base::Time::Exploded& time); | |
| 53 | |
| 54 // Exposed only for testing, not for use in production code. | |
| 55 // | |
| 56 // Injects trusted root certificates into the CastCRLTrustStore. | |
| 57 // |data| must remain valid and not be mutated throughout the lifetime of | |
| 58 // the program. | |
| 59 // Any existing trust anchors are cleared. | |
| 60 // Warning: Using this function concurrently with CheckRevocation() | |
| 61 // is not thread safe. | |
| 62 bool SetCRLTrustAnchorForTest(const uint8_t* data, | |
| 63 size_t length) WARN_UNUSED_RESULT; | |
| 64 | |
| 65 // Exposed only for testing, not for use in production code. | |
| 66 // | |
| 67 // Clears trusted root certificates from CastCRLTrustStore | |
| 68 void ClearCRLTrustAnchorForTest(); | |
| 69 | |
| 70 } // namespace cast_certificate | |
| 71 | |
| 72 #endif // COMPONENTS_CAST_CERTIFICATE_CAST_CRL_H_ | |
| OLD | NEW |
