Hook up Chrome Cast sender to Cast CRL.

components/cast_certificate/cast_cert_validator.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef COMPONENTS_CAST_CERTIFICATE_CAST_CERT_VALIDATOR_H_
 #define COMPONENTS_CAST_CERTIFICATE_CAST_CERT_VALIDATOR_H_
 
 #include <memory>
 #include <string>
 #include <vector>
@@ skipping 60 matching lines @@
 //   * |certs[0]| is the target certificate (i.e. the device certificate).
 //   * |certs[1..n-1]| are intermediates certificates to use in path building.
 //     Their ordering does not matter.
 //
 // * |time| is the unix timestamp to use for determining if the certificate
 //   is expired.
 //
 // * |crl| is the CRL to check for certificate revocation status.
 //   If this is a nullptr, then revocation checking is currently disabled.
 //
-// * |crl_options| is for choosing how to handle the absence of a CRL.
-//   If crl_required is set to true, then an empty |crl| input would result
+// * |crl_policy| is for choosing how to handle the absence of a CRL.
+//   If CRL_REQUIRED is passed, then an empty |crl| input would result
 //   in a failed verification. Otherwise, |crl| is ignored if it is absent.
 //
 // Outputs:
 //
 // Returns true on success, false on failure. On success the output
 // parameters are filled with more details:
 //
 //   * |context| is filled with an object that can be used to verify signatures
 //     using the device certificate's public key, as well as to extract other
 //     properties from the device certificate (Common Name).
 //   * |policy| is filled with an indication of the device certificate's policy
 //     (i.e. is it for audio-only devices or is it unrestricted?)
 bool VerifyDeviceCert(const std::vector<std::string>& certs,
                       const base::Time& time,
                       std::unique_ptr<CertVerificationContext>* context,
                       CastDeviceCertPolicy* policy,
                       const CastCRL* crl,
                       CRLPolicy crl_policy) WARN_UNUSED_RESULT;
 
-// Exposed only for testing, not for use in production code.
-//
 // This is an overloaded version of VerifyDeviceCert that allows
 // the input of a custom TrustStore.
-bool VerifyDeviceCertForTest(const std::vector<std::string>& certs,
-                             const base::Time& time,
-                             std::unique_ptr<CertVerificationContext>* context,
-                             CastDeviceCertPolicy* policy,
-                             const CastCRL* crl,
-                             CRLPolicy crl_policy,
-                             net::TrustStore* trust_store) WARN_UNUSED_RESULT;
+//
+// For production use pass |trust_store| as nullptr to use the production trust
+// store.
+bool VerifyDeviceCertUsingCustomTrustStore(
+    const std::vector<std::string>& certs,
+    const base::Time& time,
+    std::unique_ptr<CertVerificationContext>* context,
+    CastDeviceCertPolicy* policy,
+    const CastCRL* crl,
+    CRLPolicy crl_policy,
+    net::TrustStore* trust_store) WARN_UNUSED_RESULT;
 
 // Exposed only for unit-tests, not for use in production code.
 // Production code would get a context from VerifyDeviceCert().
 //
 // Constructs a VerificationContext that uses the provided public key.
 // The common name will be hardcoded to some test value.
 std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest(
     const base::StringPiece& spki);
 
 }  // namespace cast_certificate
 
 #endif  // COMPONENTS_CAST_CERTIFICATE_CAST_CERT_VALIDATOR_H_