Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(472)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/browser/api/cast_channel/cast_auth_util.h

Issue 2709523008: [Cast Channel] Add support for nonce challenge to Cast channel authentication. (Closed)
Patch Set: Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | extensions/browser/api/cast_channel/cast_auth_util.cc » ('j') | extensions/browser/api/cast_channel/cast_auth_util.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_ 5 #ifndef EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_
6 #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_ 6 #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/memory/ref_counted.h" 10 #include "base/memory/ref_counted.h"
(...skipping 28 matching lines...) Expand all
39 ERROR_FINGERPRINT_NOT_FOUND, 39 ERROR_FINGERPRINT_NOT_FOUND,
40 ERROR_CERT_PARSING_FAILED, 40 ERROR_CERT_PARSING_FAILED,
41 ERROR_CERT_NOT_SIGNED_BY_TRUSTED_CA, 41 ERROR_CERT_NOT_SIGNED_BY_TRUSTED_CA,
42 ERROR_CANNOT_EXTRACT_PUBLIC_KEY, 42 ERROR_CANNOT_EXTRACT_PUBLIC_KEY,
43 ERROR_SIGNED_BLOBS_MISMATCH, 43 ERROR_SIGNED_BLOBS_MISMATCH,
44 ERROR_TLS_CERT_VALIDITY_PERIOD_TOO_LONG, 44 ERROR_TLS_CERT_VALIDITY_PERIOD_TOO_LONG,
45 ERROR_TLS_CERT_VALID_START_DATE_IN_FUTURE, 45 ERROR_TLS_CERT_VALID_START_DATE_IN_FUTURE,
46 ERROR_TLS_CERT_EXPIRED, 46 ERROR_TLS_CERT_EXPIRED,
47 ERROR_CRL_INVALID, 47 ERROR_CRL_INVALID,
48 ERROR_CERT_REVOKED, 48 ERROR_CERT_REVOKED,
49 ERROR_SENDER_NONCE_MISMATCH,
49 }; 50 };
50 51
51 enum PolicyType { POLICY_NONE = 0, POLICY_AUDIO_ONLY = 1 << 0 }; 52 enum PolicyType { POLICY_NONE = 0, POLICY_AUDIO_ONLY = 1 << 0 };
52 53
53 // Constructs a AuthResult that corresponds to success. 54 // Constructs a AuthResult that corresponds to success.
54 AuthResult(); 55 AuthResult();
55 56
56 AuthResult(const std::string& error_message, ErrorType error_type); 57 AuthResult(const std::string& error_message, ErrorType error_type);
57 58
58 ~AuthResult(); 59 ~AuthResult();
59 60
60 static AuthResult CreateWithParseError(const std::string& error_message, 61 static AuthResult CreateWithParseError(const std::string& error_message,
61 ErrorType error_type); 62 ErrorType error_type);
62 63
63 bool success() const { return error_type == ERROR_NONE; } 64 bool success() const { return error_type == ERROR_NONE; }
64 65
65 std::string error_message; 66 std::string error_message;
66 ErrorType error_type; 67 ErrorType error_type;
67 unsigned int channel_policies; 68 unsigned int channel_policies;
68 }; 69 };
69 70
70 // Authenticates the given |challenge_reply|: 71 // Authenticates the given |challenge_reply|:
71 // 1. Signature contained in the reply is valid. 72 // 1. Signature contained in the reply is valid.
72 // 2. Certficate used to sign is rooted to a trusted CA. 73 // 2. Certficate used to sign is rooted to a trusted CA.
73 AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply, 74 AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,
74 const net::X509Certificate& peer_cert); 75 const net::X509Certificate& peer_cert,
76 const std::string& nonce);
75 77
76 // Auth-library specific implementation of cryptographic signature 78 // Auth-library specific implementation of cryptographic signature
77 // verification routines. Verifies that |response| contains a 79 // verification routines. Verifies that |response| contains a
78 // valid signature of |signature_input|. 80 // valid signature of |signature_input|.
79 AuthResult VerifyCredentials(const AuthResponse& response, 81 AuthResult VerifyCredentials(const AuthResponse& response,
80 const std::string& signature_input); 82 const std::string& signature_input);
81 83
82 // Exposed for testing only. 84 // Exposed for testing only.
83 // 85 //
84 // Overloaded version of VerifyCredentials that allows modifying 86 // Overloaded version of VerifyCredentials that allows modifying
85 // the crl policy, trust stores, and verification times. 87 // the crl policy, trust stores, and verification times.
86 AuthResult VerifyCredentialsForTest( 88 AuthResult VerifyCredentialsForTest(
87 const AuthResponse& response, 89 const AuthResponse& response,
88 const std::string& signature_input, 90 const std::string& signature_input,
89 const cast_certificate::CRLPolicy& crl_policy, 91 const cast_certificate::CRLPolicy& crl_policy,
90 net::TrustStore* cast_trust_store, 92 net::TrustStore* cast_trust_store,
91 net::TrustStore* crl_trust_store, 93 net::TrustStore* crl_trust_store,
92 const base::Time& verification_time); 94 const base::Time& verification_time);
93 95
94 } // namespace cast_channel 96 } // namespace cast_channel
95 } // namespace api 97 } // namespace api
96 } // namespace extensions 98 } // namespace extensions
97 99
98 #endif // EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_ 100 #endif // EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_
OLDNEW
« no previous file with comments | « no previous file | extensions/browser/api/cast_channel/cast_auth_util.cc » ('j') | extensions/browser/api/cast_channel/cast_auth_util.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698