[Cast Channel] Add support for nonce challenge to Cast channel authentication.

extensions/browser/api/cast_channel/cast_auth_util.h

Index: extensions/browser/api/cast_channel/cast_auth_util.h
diff --git a/extensions/browser/api/cast_channel/cast_auth_util.h b/extensions/browser/api/cast_channel/cast_auth_util.h
index 1f66395413963a1ea21c95dc40503927dcaf36da..c72be2633fbf0e6a550f0d0fd649203ab0b6ea02 100644
--- a/extensions/browser/api/cast_channel/cast_auth_util.h
+++ b/extensions/browser/api/cast_channel/cast_auth_util.h
@@ -46,6 +46,7 @@ struct AuthResult {
     ERROR_TLS_CERT_EXPIRED,
     ERROR_CRL_INVALID,
     ERROR_CERT_REVOKED,
+    ERROR_SENDER_NONCE_MISMATCH,
   };
 
   enum PolicyType { POLICY_NONE = 0, POLICY_AUDIO_ONLY = 1 << 0 };
@@ -71,7 +72,18 @@ struct AuthResult {
 // 1. Signature contained in the reply is valid.
 // 2. Certficate used to sign is rooted to a trusted CA.
 AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,
-                                      const net::X509Certificate& peer_cert);
+                                      const net::X509Certificate& peer_cert,
+                                      const std::string& nonce);
+
+// Performs a quick check of the TLS certificate for time validity requirements.
+AuthResult VerifyTLSCertificate(const net::X509Certificate& peer_cert,
+                                std::string* peer_cert_der,
+                                const base::Time& verification_time);
+
+// Performs a check of the nonce challenge. Returns success if |nonce_response|
+// matches |nonce|.
+AuthResult VerifySenderNonce(const std::string& nonce,
+                             const std::string& nonce_response);
 
 // Auth-library specific implementation of cryptographic signature
 // verification routines. Verifies that |response| contains a