extensions/browser/api/cast_channel/cast_auth_util.h - Issue 627573002: Enable passing cast channel certificate authority keys.

Side by Side Diff: extensions/browser/api/cast_channel/cast_auth_util.h

Issue 627573002: Enable passing cast channel certificate authority keys. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Added static to consts. Created 6 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_	5 #ifndef EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_

6 #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_	6 #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_

7	7

8 #include <string>	8 #include <string>

	9 #include "crypto/scoped_nss_types.h"

	10 #include "extensions/common/api/cast_channel/authority_keys.pb.h"

	11 #include "net/base/hash_value.h"

9	12

10 namespace extensions {	13 namespace extensions {

11 namespace core_api {	14 namespace core_api {

12 namespace cast_channel {	15 namespace cast_channel {

13	16

14 class CastMessage;	17 class CastMessage;

15	18

16 struct AuthResult {	19 struct AuthResult {

17 public:	20 public:

18 enum ErrorType {	21 enum ErrorType {

(...skipping 26 matching lines...) Expand all Loading...
45 std::string error_message;	48 std::string error_message;

46 ErrorType error_type;	49 ErrorType error_type;

47 int nss_error_code;	50 int nss_error_code;

48	51

49 private:	52 private:

50 AuthResult(const std::string& error_message,	53 AuthResult(const std::string& error_message,

51 ErrorType error_type,	54 ErrorType error_type,

52 int nss_error_code);	55 int nss_error_code);

53 };	56 };

54	57

	58 // Helper class for intermediate certificate authority validation.

	59 class AuthorityKeysStore {

	60 public:

	61 AuthorityKeysStore();

	62 ~AuthorityKeysStore();

	63

	64 const SECItem* GetICAPublicKeyFromFingerprint(
	mark a. foltz 2014/10/14 06:15:04 Please document these method declarations. Please document these method declarations. vadimgo 2014/10/14 19:51:24 Done. Show quoted text On 2014/10/14 06:15:04, mark a. foltz wrote: > Please document these method declarations. Done.
	65 const net::SHA256HashValue& fingerprint);

	66

	67 const SECItem* GetDefaultICAPublicKey();

	68

	69 bool Load(std::string& keys);

	70

	71 private:

	72 // Info for trusted ICA certs.

	73 struct ICACertInfo {

	74 const net::SHA256HashValue* fingerprint;

	75 SECItem public_key;

	76 };

	77

	78 static const ICACertInfo kAllowedICAs[];
	mark a. foltz 2014/10/14 06:15:04 This holds the existing hard coded values, right? This holds the existing hard coded values, right? Please document this to distinguish it from certificate_authorities_. vadimgo 2014/10/14 19:51:24 Done. Show quoted text On 2014/10/14 06:15:04, mark a. foltz wrote: > This holds the existing hard coded values, right? Please document this to > distinguish it from certificate_authorities_. Done.
	79

	80 // The list of trusted certificate authorities.

	81 std::vector<ICACertInfo> certificate_authorities_;

	82

	83 // Trusted certificate authorities data passed from the extension.

	84 proto::AuthorityKeys authority_keys_;
	mark a. foltz 2014/10/14 06:15:04 Why does the proto::AuthorityKeys have to be retai Why does the proto::AuthorityKeys have to be retained beyond the call to Load()? vadimgo 2014/10/14 19:51:24 certificate_authorities_ points to either hard-cod Show quoted text On 2014/10/14 06:15:04, mark a. foltz wrote: > Why does the proto::AuthorityKeys have to be retained beyond the call to Load()? certificate_authorities_ points to either hard-coded const or protobuf data - that's why protobuf data is retained. I added a comment on this.
	85 };

	86

55 // Authenticates the given \|challenge_reply\|:	87 // Authenticates the given \|challenge_reply\|:

56 // 1. Signature contained in the reply is valid.	88 // 1. Signature contained in the reply is valid.

57 // 2. Certficate used to sign is rooted to a trusted CA.	89 // 2. Certficate used to sign is rooted to a trusted CA.

58 AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,	90 AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,

59 const std::string& peer_cert);	91 const std::string& peer_cert);

60	92

	93 // Sets trusted certificate authorities.

	94 bool SetTrustedCertificateAuthorities(const std::string& keys,

	95 const std::string& signature);

	96

61 } // namespace cast_channel	97 } // namespace cast_channel

62 } // namespace core_api	98 } // namespace core_api

63 } // namespace extensions	99 } // namespace extensions

64	100

65 #endif // EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_	101 #endif // EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_

OLD	NEW

« no previous file with comments | « no previous file | extensions/browser/api/cast_channel/cast_auth_util.cc » ('j') | extensions/browser/api/cast_channel/cast_auth_util.cc » ('J')