Cast device revocation checking.

components/cast_certificate/cast_crl.h

Index: components/cast_certificate/cast_crl.h
diff --git a/components/cast_certificate/cast_crl.h b/components/cast_certificate/cast_crl.h
new file mode 100644
index 0000000000000000000000000000000000000000..2e5b29f08c17ebcd1cedf14b4b68bf4c1259dbe5
--- /dev/null
+++ b/components/cast_certificate/cast_crl.h
@@ -0,0 +1,73 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_CAST_CERTIFICATE_CAST_CRL_H_
+#define COMPONENTS_CAST_CERTIFICATE_CAST_CRL_H_
+
+#include <memory>
+#include <string>
+#include <unordered_map>
+#include <unordered_set>
+#include <vector>
+
+#include "base/compiler_specific.h"
+#include "base/memory/ref_counted.h"
+#include "base/time/time.h"
+
+namespace net {
+class ParsedCertificate;
+}  // namespace net
+
+namespace cast_certificate {
+
+// This class represents the CRL information parsed from the binary proto.
+class CastCRL {
+ public:
+  virtual ~CastCRL(){};
+
+  // Verifies the revocation status of a cast device certificate given a chain
+  // of DER-encoded certificates.
+  //
+  // Inputs:
+  // * |certs| is the verified chain of DER-encoded certificates:
+  //   * |certs[0]| is the target certificate (i.e. the device certificate)
+  //   * |certs[i]| is the certificate that issued certs[i-1]
+  //   * |certs.back()| must be trusted anchor.
+  //
+  // * |time| is the UTC time to use for determining if the certificate
+  //   is revoked.
+  virtual bool CheckRevocation(
+      const std::vector<scoped_refptr<net::ParsedCertificate>>& certs,
+      const base::Time::Exploded& time) const = 0;
+};
+
+// Parse and verify the CRL used to verify the revocation status of
+// Cast device certificates.
+//
+// Inputs:
+// * |crl_proto| is the byte representation of the Cast CRL proto.
+// * |time| is the UTC time to use for determining if the CRL is valid.
+// Output:
+// Returns the CRL object if success, nullptr otherwise.
+std::unique_ptr<CastCRL> ParseCRL(const std::string& crl_proto,

[sheretov, 2016/06/24 20:24:31]

How about "ParseAndVerifyCrl"?

[ryanchung, 2016/06/29 22:09:48]

Done.

+                                  const base::Time::Exploded& time);
+
+// Exposed only for testing, not for use in production code.
+//
+// Injects trusted root certificates into the CastCRLTrustStore.
+// |data| must remain valid and not be mutated throughout the lifetime of
+// the program.
+// Warning: Using this function concurrently with CheckRevocation()
+//          is not thread safe.
+bool AddCRLTrustAnchorForTest(const uint8_t* data,

[sheretov, 2016/06/24 20:24:31]

I have a couple suggestions, both aimed at making it less likely that a test
trust anchor will end up in production code:

1. Instead of adding test trust anchors to production trust anchors for testing,
replace production trust anchors with test trust anchors. So, a function like
this would become SetCRLTrustAnchorForTest().

2. Unless we have scenarios of production certs being used with test CRLs, I
would go even further than (1) and create a single
cast_certificate.SetTrustAnchorsForTest(cert_trust_anchor, crl_trust_anchor)
function that sets both anchors.  Given that the test trust anchors are well
known, may not even need to take parameters, but rather hard-code the test test
trust anchors into that function.

[ryanchung, 2016/06/29 22:09:48]

Done. Keeping them separate for now because we plan on adding production certs
to CRL tests.

+                              size_t length) WARN_UNUSED_RESULT;
+
+// Exposed only for testing, not for use in production code.
+//
+// Clears trusted root certificates from CastCRLTrustStore
+void ClearCRLTrustAnchorForTest();
+
+}  // namespace cast_certificate
+
+#endif  // COMPONENTS_CAST_CERTIFICATE_CAST_CRL_H_