| Index: chrome/browser/extensions/api/cast_channel/cast_socket.h
|
| ===================================================================
|
| --- chrome/browser/extensions/api/cast_channel/cast_socket.h (revision 230132)
|
| +++ chrome/browser/extensions/api/cast_channel/cast_socket.h (working copy)
|
| @@ -116,6 +116,12 @@
|
| // is in cert error state.
|
| // Returns whether certificate is successfully extracted.
|
| virtual bool ExtractPeerCert(std::string* cert);
|
| + // Sends a challenge request to the receiver.
|
| + virtual void SendAuthChallenge();
|
| + // Verifies whether the challenge reply received from the peer is valid:
|
| + // 1. Signature in the reply is valid.
|
| + // 2. Certificate is rooted to a trusted CA.
|
| + virtual bool VerifyChallengeReply();
|
|
|
| private:
|
| friend class ApiResourceManager<CastSocket>;
|
| @@ -130,6 +136,9 @@
|
| CONN_STATE_TCP_CONNECT_COMPLETE,
|
| CONN_STATE_SSL_CONNECT,
|
| CONN_STATE_SSL_CONNECT_COMPLETE,
|
| + CONN_STATE_AUTH_CHALLENGE_SEND,
|
| + CONN_STATE_AUTH_CHALLENGE_SEND_COMPLETE,
|
| + CONN_STATE_AUTH_CHALLENGE_REPLY_COMPLETE,
|
| };
|
|
|
| /////////////////////////////////////////////////////////////////////////////
|
| @@ -139,6 +148,9 @@
|
| // 3. If connection fails due to invalid cert authority, then extract the
|
| // peer certificate from the error.
|
| // 4. Whitelist the peer certificate and try #1 and #2 again.
|
| + // 5. If SSL socket is connected successfully, and if protocol is casts://
|
| + // then issue an auth challenge request.
|
| + // 6. Validate the auth challenge response.
|
|
|
| // Main method that performs connection state transitions.
|
| int DoConnectLoop(int result);
|
| @@ -149,12 +161,17 @@
|
| int DoTcpConnectComplete(int result);
|
| int DoSslConnect();
|
| int DoSslConnectComplete(int result);
|
| - int DoSslConnectRetry();
|
| + int DoAuthChallengeSend();
|
| + int DoAuthChallengeSendComplete(int result);
|
| + int DoAuthChallengeReplyComplete(int result);
|
| /////////////////////////////////////////////////////////////////////////////
|
|
|
| // Callback method for callbacks from underlying sockets.
|
| void OnConnectComplete(int result);
|
|
|
| + // Callback method when a challenge request is sent or a reply is received.
|
| + void OnChallengeEvent(int result);
|
| +
|
| // Runs the external connection callback and resets it.
|
| void DoConnectCallback(int result);
|
|
|
| @@ -162,6 +179,16 @@
|
| // the result.
|
| bool ParseChannelUrl(const GURL& url);
|
|
|
| + // Verify that |certificate| is rooted to a trusted CA and that |signature|
|
| + // matches |data|.
|
| + bool VerifyCredentials(const std::string& certificate,
|
| + const std::string& signature,
|
| + const std::string& data);
|
| +
|
| + // Sends the given |message| and invokes the given callback when done.
|
| + void SendMessageInternal(const CastMessage& message,
|
| + const net::CompletionCallback& callback);
|
| +
|
| // Writes data to the socket from the WriteRequest at the head of the queue.
|
| // Calls OnWriteData() on completion.
|
| void WriteData();
|
| @@ -234,6 +261,8 @@
|
| std::string peer_cert_;
|
| scoped_ptr<net::CertVerifier> cert_verifier_;
|
| scoped_ptr<net::TransportSecurityState> transport_security_state_;
|
| + // Reply received from the receiver to a challenge request.
|
| + scoped_ptr<CastMessage> challenge_reply_;
|
|
|
| // Callback invoked when the socket is connected.
|
| net::CompletionCallback connect_callback_;
|
|
|
Chromium Code Reviews
Issue 35443002:
Update CastSocket connection flow to check for receiver credentials. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/