Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(808)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/cast_certificate/cast_crl.h

Issue 2205403002: Add production Cast CRL certificate. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Addresses comments Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/cast_certificate/cast_cert_validator.cc ('k') | components/cast_certificate/cast_crl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef COMPONENTS_CAST_CERTIFICATE_CAST_CRL_H_ 5 #ifndef COMPONENTS_CAST_CERTIFICATE_CAST_CRL_H_
6 #define COMPONENTS_CAST_CERTIFICATE_CAST_CRL_H_ 6 #define COMPONENTS_CAST_CERTIFICATE_CAST_CRL_H_
7 7
8 #include <memory> 8 #include <memory>
9 #include <string> 9 #include <string>
10 #include <vector> 10 #include <vector>
11 11
12 #include "base/compiler_specific.h" 12 #include "base/compiler_specific.h"
13 #include "base/memory/ref_counted.h" 13 #include "base/memory/ref_counted.h"
14 #include "base/time/time.h" 14 #include "base/time/time.h"
15 #include "net/cert/internal/parsed_certificate.h" 15 #include "net/cert/internal/parsed_certificate.h"
16 16
17 namespace net {
18 class TrustStore;
19 }
20
17 namespace cast_certificate { 21 namespace cast_certificate {
18 22
19 // This class represents the CRL information parsed from the binary proto. 23 // This class represents the CRL information parsed from the binary proto.
20 class CastCRL { 24 class CastCRL {
21 public: 25 public:
22 virtual ~CastCRL(){}; 26 virtual ~CastCRL(){};
23 27
24 // Verifies the revocation status of a cast device certificate given a chain 28 // Verifies the revocation status of a cast device certificate given a chain
25 // of X.509 certificates. 29 // of X.509 certificates.
26 // 30 //
27 // Inputs: 31 // Inputs:
28 // * |certs| is the verified chain of X.509 certificates: 32 // * |certs| is the verified chain of X.509 certificates:
29 // * |certs[0]| is the target certificate (i.e. the device certificate). 33 // * |certs[0]| is the target certificate (i.e. the device certificate).
30 // * |certs[i]| is the certificate that issued certs[i-1]. 34 // * |certs[i]| is the certificate that issued certs[i-1].
31 // * |certs.back()| is assumed to be a trusted root. 35 // * |certs.back()| is assumed to be a trusted root.
32 // 36 //
33 // * |time| is the unix timestamp to use for determining if the certificate 37 // * |time| is the unix timestamp to use for determining if the certificate
34 // is revoked. 38 // is revoked.
35 // 39 //
36 // Output: 40 // Output:
37 // Returns true if no certificate in the chain was revoked. 41 // Returns true if no certificate in the chain was revoked.
38 virtual bool CheckRevocation(const net::ParsedCertificateList& certs, 42 virtual bool CheckRevocation(const net::ParsedCertificateList& certs,
39 const base::Time& time) const = 0; 43 const base::Time& time) const = 0;
40 }; 44 };
41 45
42 // Parses and verifies the CRL used to verify the revocation status of 46 // Parses and verifies the CRL used to verify the revocation status of
43 // Cast device certificates. 47 // Cast device certificates, using the built-in Cast CRL trust anchors.
44 // 48 //
45 // Inputs: 49 // Inputs:
46 // * |crl_proto| is a serialized cast_certificate.CrlBundle proto. 50 // * |crl_proto| is a serialized cast_certificate.CrlBundle proto.
47 // * |time| is the unix timestamp to use for determining if the CRL is valid. 51 // * |time| is the unix timestamp to use for determining if the CRL is valid.
48 // 52 //
49 // Output: 53 // Output:
50 // Returns the CRL object if success, nullptr otherwise. 54 // Returns the CRL object if success, nullptr otherwise.
51 std::unique_ptr<CastCRL> ParseAndVerifyCRL(const std::string& crl_proto, 55 std::unique_ptr<CastCRL> ParseAndVerifyCRL(const std::string& crl_proto,
52 const base::Time& time); 56 const base::Time& time);
53 57
54 // Exposed only for testing, not for use in production code. 58 // Exposed only for testing, not for use in production code.
55 // 59 //
56 // Replaces trusted root certificates into the CastCRLTrustStore. 60 // This is an overloaded version of ParseAndVerifyCRL that allows
57 // 61 // the input of a custom TrustStore.
58 // Output: 62 std::unique_ptr<CastCRL> ParseAndVerifyCRLForTest(const std::string& crl_proto,
59 // Returns true if successful, false if nothing is changed. 63 const base::Time& time,
60 bool SetCRLTrustAnchorForTest(const std::string& cert) WARN_UNUSED_RESULT; 64 net::TrustStore* trust_store);
61 65
62 } // namespace cast_certificate 66 } // namespace cast_certificate
63 67
64 #endif // COMPONENTS_CAST_CERTIFICATE_CAST_CRL_H_ 68 #endif // COMPONENTS_CAST_CERTIFICATE_CAST_CRL_H_
OLDNEW
« no previous file with comments | « components/cast_certificate/cast_cert_validator.cc ('k') | components/cast_certificate/cast_crl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698