Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_ | 5 #ifndef EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_ |
| 6 #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_ | 6 #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include "crypto/scoped_nss_types.h" | |
| 10 #include "extensions/common/api/cast_channel/authority_keys.pb.h" | |
| 11 #include "net/base/hash_value.h" | |
| 9 | 12 |
| 10 namespace extensions { | 13 namespace extensions { |
| 11 namespace core_api { | 14 namespace core_api { |
| 12 namespace cast_channel { | 15 namespace cast_channel { |
| 13 | 16 |
| 14 class CastMessage; | 17 class CastMessage; |
| 15 | 18 |
| 16 struct AuthResult { | 19 struct AuthResult { |
| 17 public: | 20 public: |
| 18 enum ErrorType { | 21 enum ErrorType { |
| (...skipping 26 matching lines...) Expand all Loading... | |
| 45 std::string error_message; | 48 std::string error_message; |
| 46 ErrorType error_type; | 49 ErrorType error_type; |
| 47 int nss_error_code; | 50 int nss_error_code; |
| 48 | 51 |
| 49 private: | 52 private: |
| 50 AuthResult(const std::string& error_message, | 53 AuthResult(const std::string& error_message, |
| 51 ErrorType error_type, | 54 ErrorType error_type, |
| 52 int nss_error_code); | 55 int nss_error_code); |
| 53 }; | 56 }; |
| 54 | 57 |
| 58 // Helper class for intermediate certificate authority validation. | |
| 59 class AuthorityKeysStore { | |
| 60 public: | |
| 61 AuthorityKeysStore(); | |
| 62 ~AuthorityKeysStore(); | |
| 63 | |
| 64 const SECItem* GetICAPublicKeyFromFingerprint( | |
|
mark a. foltz
2014/10/14 06:15:04
Please document these method declarations.
vadimgo
2014/10/14 19:51:24
Done.
| |
| 65 const net::SHA256HashValue& fingerprint); | |
| 66 | |
| 67 const SECItem* GetDefaultICAPublicKey(); | |
| 68 | |
| 69 bool Load(std::string& keys); | |
| 70 | |
| 71 private: | |
| 72 // Info for trusted ICA certs. | |
| 73 struct ICACertInfo { | |
| 74 const net::SHA256HashValue* fingerprint; | |
| 75 SECItem public_key; | |
| 76 }; | |
| 77 | |
| 78 static const ICACertInfo kAllowedICAs[]; | |
|
mark a. foltz
2014/10/14 06:15:04
This holds the existing hard coded values, right?
vadimgo
2014/10/14 19:51:24
Done.
| |
| 79 | |
| 80 // The list of trusted certificate authorities. | |
| 81 std::vector<ICACertInfo> certificate_authorities_; | |
| 82 | |
| 83 // Trusted certificate authorities data passed from the extension. | |
| 84 proto::AuthorityKeys authority_keys_; | |
|
mark a. foltz
2014/10/14 06:15:04
Why does the proto::AuthorityKeys have to be retai
vadimgo
2014/10/14 19:51:24
certificate_authorities_ points to either hard-cod
| |
| 85 }; | |
| 86 | |
| 55 // Authenticates the given |challenge_reply|: | 87 // Authenticates the given |challenge_reply|: |
| 56 // 1. Signature contained in the reply is valid. | 88 // 1. Signature contained in the reply is valid. |
| 57 // 2. Certficate used to sign is rooted to a trusted CA. | 89 // 2. Certficate used to sign is rooted to a trusted CA. |
| 58 AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply, | 90 AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply, |
| 59 const std::string& peer_cert); | 91 const std::string& peer_cert); |
| 60 | 92 |
| 93 // Sets trusted certificate authorities. | |
| 94 bool SetTrustedCertificateAuthorities(const std::string& keys, | |
| 95 const std::string& signature); | |
| 96 | |
| 61 } // namespace cast_channel | 97 } // namespace cast_channel |
| 62 } // namespace core_api | 98 } // namespace core_api |
| 63 } // namespace extensions | 99 } // namespace extensions |
| 64 | 100 |
| 65 #endif // EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_ | 101 #endif // EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_ |
| OLD | NEW |