Hook up Chrome Cast sender to Cast CRL.

extensions/browser/api/cast_channel/cast_auth_util.h

Index: extensions/browser/api/cast_channel/cast_auth_util.h
diff --git a/extensions/browser/api/cast_channel/cast_auth_util.h b/extensions/browser/api/cast_channel/cast_auth_util.h
index 61f100792282c9e21e253b41b831142ae511234f..6875becf97d57987f082e5aa632ea59d9ff3c161 100644
--- a/extensions/browser/api/cast_channel/cast_auth_util.h
+++ b/extensions/browser/api/cast_channel/cast_auth_util.h
@@ -8,9 +8,15 @@
 #include <string>
 
 #include "base/memory/ref_counted.h"
+#include "base/time/time.h"
+
+namespace cast_certificate {
+enum class CRLPolicy;
+}
 
 namespace net {
 class X509Certificate;
+class TrustStore;
 }  // namespace net
 
 namespace extensions {
@@ -40,6 +46,8 @@ struct AuthResult {
     ERROR_VALIDITY_PERIOD_TOO_LONG,
     ERROR_VALID_START_DATE_IN_FUTURE,
     ERROR_CERT_EXPIRED,
+    ERROR_CRL_INVALID,
+    ERROR_CERT_REVOKED,
   };
 
   enum PolicyType { POLICY_NONE = 0, POLICY_AUDIO_ONLY = 1 << 0 };
@@ -73,6 +81,18 @@ AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,
 AuthResult VerifyCredentials(const AuthResponse& response,
                              const std::string& signature_input);
 
+// Exposed for testing only.
+//
+// Overloaded version of VerifyCredentials that allows modifying
+// the crl policy, trust stores, and verification times.
+AuthResult VerifyCredentialsForTest(
+    const AuthResponse& response,
+    const std::string& signature_input,
+    const cast_certificate::CRLPolicy& crl_policy,
+    net::TrustStore* cast_trust_store,
+    net::TrustStore* crl_trust_store,
+    const base::Time& verification_time);
+
 }  // namespace cast_channel
 }  // namespace api
 }  // namespace extensions