Add production Cast CRL certificate.

components/cast_certificate/cast_cert_validator.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef COMPONENTS_CAST_CERTIFICATE_CAST_CERT_VALIDATOR_H_
 #define COMPONENTS_CAST_CERTIFICATE_CAST_CERT_VALIDATOR_H_
 
 #include <memory>
 #include <string>
 #include <vector>
 
 #include "base/compiler_specific.h"
 #include "base/macros.h"
 #include "base/strings/string_piece.h"
 #include "base/time/time.h"
 
+namespace net {
+class TrustStore;
+}
 namespace cast_certificate {
 
 class CastCRL;
 
 // Describes the policy for a Device certificate.
 enum class CastDeviceCertPolicy {
   // The device certificate is unrestricted.
   NONE,
 
   // The device certificate is for an audio-only device.
@@ skipping 25 matching lines @@
 
   // Retrieve the Common Name attribute of the subject's distinguished name from
   // the verified certificate, if present.  Returns an empty string if no Common
   // Name is found.
   virtual std::string GetCommonName() const = 0;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(CertVerificationContext);
 };
 
-// Verifies a cast device certficate given a chain of DER-encoded certificates.
+// Verifies a cast device certficate given a chain of DER-encoded certificates,
+// using the built-in Cast trust anchors.
 //
 // Inputs:
 //
 // * |certs| is a chain of DER-encoded certificates:
 //   * |certs[0]| is the target certificate (i.e. the device certificate).
 //   * |certs[1..n-1]| are intermediates certificates to use in path building.
 //     Their ordering does not matter.
 //
 // * |time| is the unix timestamp to use for determining if the certificate
 //   is expired.
@@ skipping 15 matching lines @@
 //     properties from the device certificate (Common Name).
 //   * |policy| is filled with an indication of the device certificate's policy
 //     (i.e. is it for audio-only devices or is it unrestricted?)
 bool VerifyDeviceCert(const std::vector<std::string>& certs,
                       const base::Time& time,
                       std::unique_ptr<CertVerificationContext>* context,
                       CastDeviceCertPolicy* policy,
                       const CastCRL* crl,
                       CRLPolicy crl_policy) WARN_UNUSED_RESULT;
 
+// Exposed only for testing, not for use in production code.
+//
+// This is an overloaded version of VerifyDeviceCert that allows
+// the input of a custom TrustStore.
+bool VerifyDeviceCertForTest(const std::vector<std::string>& certs,
+                             const base::Time& time,
+                             std::unique_ptr<CertVerificationContext>* context,
+                             CastDeviceCertPolicy* policy,
+                             const CastCRL* crl,
+                             CRLPolicy crl_policy,
+                             net::TrustStore* trust_store) WARN_UNUSED_RESULT;
+
 // Exposed only for unit-tests, not for use in production code.
 // Production code would get a context from VerifyDeviceCert().
 //
 // Constructs a VerificationContext that uses the provided public key.
 // The common name will be hardcoded to some test value.
 std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest(
     const base::StringPiece& spki);
 
-// Exposed only for testing, not for use in production code.
-//
-// Replaces trusted root certificates in the CastTrustStore.
-// Returns true if successful, false if nothing is changed.
-bool SetTrustAnchorForTest(const std::string& cert) WARN_UNUSED_RESULT;
-
 }  // namespace cast_certificate
 
 #endif  // COMPONENTS_CAST_CERTIFICATE_CAST_CERT_VALIDATOR_H_