extensions/browser/api/cast_channel/cast_auth_util.h - Issue 627573002: Enable passing cast channel certificate authority keys.

Side by Side Diff: extensions/browser/api/cast_channel/cast_auth_util.h

Issue 627573002: Enable passing cast channel certificate authority keys. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Code review changes. Created 6 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_	5 #ifndef EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_

6 #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_	6 #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_

7	7

	8 #include <map>

8 #include <string>	9 #include <string>

9	10

	11 #include "base/memory/scoped_ptr.h"

	12 #include "base/strings/string_piece.h"

	13 #include "net/base/hash_value.h"

	14

10 namespace extensions {	15 namespace extensions {

11 namespace core_api {	16 namespace core_api {

12 namespace cast_channel {	17 namespace cast_channel {

13	18

14 class CastMessage;	19 class CastMessage;

15	20

16 struct AuthResult {	21 struct AuthResult {

17 public:	22 public:

18 enum ErrorType {	23 enum ErrorType {

19 ERROR_NONE,	24 ERROR_NONE,

(...skipping 25 matching lines...) Expand all Loading...
45 std::string error_message;	50 std::string error_message;

46 ErrorType error_type;	51 ErrorType error_type;

47 int nss_error_code;	52 int nss_error_code;

48	53

49 private:	54 private:

50 AuthResult(const std::string& error_message,	55 AuthResult(const std::string& error_message,

51 ErrorType error_type,	56 ErrorType error_type,

52 int nss_error_code);	57 int nss_error_code);

53 };	58 };

54	59

	60 typedef std::map<net::SHA256HashValue,

	61 base::StringPiece,

	62 net::SHA256HashValueLessThan> AuthorityKeysMap;

	63

	64 namespace proto {

	65

	66 // Forward declaration to avoid including generated protobuf header.

	67 class AuthorityKeys;

	68

	69 } // namespace proto
	Ryan Sleevi 2014/10/22 22:07:10 Realized this isn't right anymore. This should mo Realized this isn't right anymore. This should move to line 14/15 (eg: outside of extensions::core_api::cast_channel) vadimgo 2014/10/23 18:03:25 This is right, because the protobuf is also namesp Show quoted text On 2014/10/22 22:07:10, Ryan Sleevi wrote: > Realized this isn't right anymore. > > This should move to line 14/15 (eg: outside of > extensions::core_api::cast_channel) This is right, because the protobuf is also namespaced to extensions::core_api::cast_channel.
	70

	71 // AuthorityKeysStore is a helper class that is used to store and manipulate

	72 // intermediate CAs (ICAs) information used to authenticate cast devices.

	73 // A static list of ICAs is hardcoded and may optionally be replaced during

	74 // runtime by an extension supplying a protobuf of ICAs information signed with

	75 // known key.

	76 class AuthorityKeysStore {
	Ryan Sleevi 2014/10/22 22:07:10 naming wise, does this make sense singular? Author naming wise, does this make sense singular? AuthorityKeyStore? vadimgo 2014/10/23 18:03:25 Done. Show quoted text On 2014/10/22 22:07:10, Ryan Sleevi wrote: > naming wise, does this make sense singular? AuthorityKeyStore? Done.
	77 public:

	78 AuthorityKeysStore();

	79 ~AuthorityKeysStore();

	80

	81 // Returns the public key of the ICA whose fingerprint matches \|fingerprint\|.

	82 // Returns an empty StringPiece if no such ICA is found.

	83 base::StringPiece GetICAPublicKeyFromFingerprint(

	84 const net::SHA256HashValue& fingerprint);

	85

	86 // Returns the public key of the default / original cast ICA.

	87 // Returns an empty StringPiece if the default cast ICA is not found.

	88 base::StringPiece GetDefaultICAPublicKey();

	89

	90 // Loads authority keys from a serialized protobuf.
	Ryan Sleevi 2014/10/22 22:07:10 Documentation: This invalidates all previously ret Documentation: This invalidates all previously returned Public Keys, right? Worth documenting. vadimgo 2014/10/23 18:03:25 Done. Show quoted text On 2014/10/22 22:07:10, Ryan Sleevi wrote: > Documentation: This invalidates all previously returned Public Keys, right? > Worth documenting. Done. Ryan Sleevi 2014/10/24 19:42:14 Not really. It doesn't document the 'surprising' p Show quoted text On 2014/10/23 18:03:25, vadimgo wrote: > On 2014/10/22 22:07:10, Ryan Sleevi wrote: > > Documentation: This invalidates all previously returned Public Keys, right? > > Worth documenting. > > Done. Not really. It doesn't document the 'surprising' part of the API that I mentioned. // Loads authority keys from a serialized protobuf, returning true if the keys were successfully loaded. // Regardless of success or failure, this will invalidate // any keys previously returned (e.g. via GetICAPublicKeyFromFingerprint() // or GetDefaultICAPublicKey()) Alternatively, you would document for the Get functions (e.g. GetDefaultICAPublicKey()) // Returns the public key of the default / original // Cast ICA. Returns an empty StringPiece if the default // Cast ICA is not found. // Note: The returned StringPiece is invalidated if // Load() is called.
	91 bool Load(const std::string& keys);

	92

	93 private:

	94 // The map of trusted certificate authorities - fingerprints to public keys.

	95 AuthorityKeysMap certificate_authorities_;

	96

	97 // Trusted certificate authorities data passed from the extension.

	98 scoped_ptr<proto::AuthorityKeys> authority_keys_;

	99

	100 DISALLOW_COPY_AND_ASSIGN(AuthorityKeysStore);

	101 };

	102

55 // Authenticates the given \|challenge_reply\|:	103 // Authenticates the given \|challenge_reply\|:

56 // 1. Signature contained in the reply is valid.	104 // 1. Signature contained in the reply is valid.

57 // 2. Certficate used to sign is rooted to a trusted CA.	105 // 2. Certficate used to sign is rooted to a trusted CA.

58 AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,	106 AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,

59 const std::string& peer_cert);	107 const std::string& peer_cert);

60	108

	109 // Sets trusted certificate authorities.

	110 bool SetTrustedCertificateAuthorities(const std::string& keys,

	111 const std::string& signature);

	112

61 } // namespace cast_channel	113 } // namespace cast_channel

62 } // namespace core_api	114 } // namespace core_api

63 } // namespace extensions	115 } // namespace extensions

64	116

65 #endif // EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_	117 #endif // EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_

OLD	NEW

« no previous file with comments | « no previous file | extensions/browser/api/cast_channel/cast_auth_util.cc » ('j') | extensions/browser/api/cast_channel/cast_auth_util.cc » ('J')