extensions/browser/api/cast_channel/cast_auth_util.h - Issue 627573002: Enable passing cast channel certificate authority keys.

Side by Side Diff: extensions/browser/api/cast_channel/cast_auth_util.h

Issue 627573002: Enable passing cast channel certificate authority keys. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Code review changes. Created 6 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_	5 #ifndef EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_

6 #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_	6 #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_

7	7

	8 #include <map>

8 #include <string>	9 #include <string>

9	10

	11 #include "base/memory/scoped_ptr.h"

	12 #include "base/strings/string_piece.h"

	13 #include "net/base/hash_value.h"

	14

10 namespace extensions {	15 namespace extensions {

11 namespace core_api {	16 namespace core_api {

12 namespace cast_channel {	17 namespace cast_channel {

13	18

14 class CastMessage;	19 class CastMessage;

15	20

16 struct AuthResult {	21 struct AuthResult {

17 public:	22 public:

18 enum ErrorType {	23 enum ErrorType {

19 ERROR_NONE,	24 ERROR_NONE,

(...skipping 25 matching lines...) Expand all Loading...
45 std::string error_message;	50 std::string error_message;

46 ErrorType error_type;	51 ErrorType error_type;

47 int nss_error_code;	52 int nss_error_code;

48	53

49 private:	54 private:

50 AuthResult(const std::string& error_message,	55 AuthResult(const std::string& error_message,

51 ErrorType error_type,	56 ErrorType error_type,

52 int nss_error_code);	57 int nss_error_code);

53 };	58 };

54	59

	60 typedef std::map<net::SHA256HashValue,

	61 base::StringPiece,

	62 net::SHA256HashValueLessThan> AuthorityKeysMap;

	63

	64 namespace proto {

	65

	66 // Forward declaration to avoid including generated protobuf header.

	67 class AuthorityKeys;

	68 }
	Ryan Sleevi 2014/10/21 22:38:03 } // namespace proto (with newline between 67/68 } // namespace proto (with newline between 67/68 vadimgo 2014/10/21 23:35:58 Done. Show quoted text On 2014/10/21 22:38:03, Ryan Sleevi wrote: > } // namespace proto (with newline between 67/68 Done.
	69

	70 // AuthorityKeysStore is a helper class that is used to store and manipulate

	71 // intermediate CAs (ICAs) information used to authenticate cast devices.

	72 // A static list of ICAs is hardcoded and may optionally be replaced during

	73 // runtime by an extension supplying a protobuf of ICAs information signed with

	74 // known key.

	75 class AuthorityKeysStore {

	76 public:

	77 AuthorityKeysStore();

	78 ~AuthorityKeysStore();

	79

	80 // Returns the public key of the ICA whose fingerprint matches \|fingerprint\|.

	81 // Returns NULL if no such ICA is found.

	82 const base::StringPiece* GetICAPublicKeyFromFingerprint(
	Ryan Sleevi 2014/10/21 22:38:03 Why are you returning a pointer to this? This crea Why are you returning a pointer to this? This creates danger if someone does Load() while such a pointer is still hanging out there. You can instead just return a base::StringPiece - no pointer. vadimgo 2014/10/21 23:35:57 Done. Show quoted text On 2014/10/21 22:38:03, Ryan Sleevi wrote: > Why are you returning a pointer to this? This creates danger if someone does > Load() while such a pointer is still hanging out there. You can instead just > return a base::StringPiece - no pointer. Done.
	83 const net::SHA256HashValue& fingerprint);

	84

	85 // Returns the public key of the default / original cast ICA.

	86 // Returns NULL if the default cast ICA is not found.

	87 const base::StringPiece* GetDefaultICAPublicKey();

	88

	89 // Loads authority keys from a serialized protobuf.

	90 bool Load(const std::string& keys);

	91

	92 private:

	93 // The map of trusted certificate authorities - fingerprints to public keys.

	94 AuthorityKeysMap certificate_authorities_;

	95

	96 // Trusted certificate authorities data passed from the extension.

	97 scoped_ptr<proto::AuthorityKeys> authority_keys_;

	98

	99 DISALLOW_COPY_AND_ASSIGN(AuthorityKeysStore);

	100 };

	101

55 // Authenticates the given \|challenge_reply\|:	102 // Authenticates the given \|challenge_reply\|:

56 // 1. Signature contained in the reply is valid.	103 // 1. Signature contained in the reply is valid.

57 // 2. Certficate used to sign is rooted to a trusted CA.	104 // 2. Certficate used to sign is rooted to a trusted CA.

58 AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,	105 AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,

59 const std::string& peer_cert);	106 const std::string& peer_cert);

60	107

	108 // Sets trusted certificate authorities.

	109 bool SetTrustedCertificateAuthorities(const std::string& keys,

	110 const std::string& signature);

	111

61 } // namespace cast_channel	112 } // namespace cast_channel

62 } // namespace core_api	113 } // namespace core_api

63 } // namespace extensions	114 } // namespace extensions

64	115

65 #endif // EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_	116 #endif // EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_

OLD	NEW

« no previous file with comments | « no previous file | extensions/browser/api/cast_channel/cast_auth_util.cc » ('j') | extensions/browser/api/cast_channel/cast_auth_util.cc » ('J')