Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(257)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/browser/api/cast_channel/cast_auth_ica.h

Issue 627573002: Enable passing cast channel certificate authority keys. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Synced with nss/ssl common code changes. Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | extensions/browser/api/cast_channel/cast_auth_ica.cc » ('j') | extensions/browser/extension_function_histogram_value.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/browser/api/cast_channel/cast_auth_ica.h
diff --git a/extensions/browser/api/cast_channel/cast_auth_ica.h b/extensions/browser/api/cast_channel/cast_auth_ica.h
index ff205d510d1e0242f6cfc2f0bedc283396258513..64591504f059c89b4b20c4e93c996b8e760ef069 100644
--- a/extensions/browser/api/cast_channel/cast_auth_ica.h
+++ b/extensions/browser/api/cast_channel/cast_auth_ica.h
@@ -7,12 +7,67 @@
#include <stddef.h>
+#include <map>
+#include <string>
+
+#include "base/memory/scoped_ptr.h"
#include "base/strings/string_piece.h"
+#include "net/base/hash_value.h"
namespace extensions {
namespace core_api {
namespace cast_channel {
+typedef std::map<net::SHA256HashValue,
+ base::StringPiece,
+ net::SHA256HashValueLessThan> AuthorityKeysMap;
+
+namespace proto {
+
+// Forward declaration to avoid including generated protobuf header.
+class AuthorityKeys;
+
+} // namespace proto
+
+// AuthorityKeyStore is a helper class that is used to store and manipulate
+// intermediate CAs (ICAs) information used to authenticate cast devices.
+// A static list of ICAs is hardcoded and may optionally be replaced during
+// runtime by an extension supplying a protobuf of ICAs information signed with
+// known key.
+class AuthorityKeyStore {
+ public:
+ AuthorityKeyStore();
+ ~AuthorityKeyStore();
+
+ // Returns the public key of the ICA whose fingerprint matches |fingerprint|.
+ // Returns an empty StringPiece if no such ICA is found.
+ // Note: the returned StringPiece is invalidated if Load() is called.
+ base::StringPiece GetICAPublicKeyFromFingerprint(
+ const net::SHA256HashValue& fingerprint);
+
+ // Returns the public key of the default / original cast ICA.
+ // Returns an empty StringPiece if the default cast ICA is not found.
+ // Note: the returned StringPiece is invalidated if Load() is called.
+ base::StringPiece GetDefaultICAPublicKey();
+
+ // Replaces stored authority keys with the keys loaded from a serialized
+ // protobuf.
+ bool Load(const std::string& keys);
+
+ private:
+ // The map of trusted certificate authorities - fingerprints to public keys.
+ AuthorityKeysMap certificate_authorities_;
+
+ // Trusted certificate authorities data passed from the extension.
+ scoped_ptr<proto::AuthorityKeys> authority_keys_;
+
+ DISALLOW_COPY_AND_ASSIGN(AuthorityKeyStore);
+};
+
+// Sets trusted certificate authorities.
+bool SetTrustedCertificateAuthorities(const std::string& keys,
+ const std::string& signature);
+
// Gets the trusted ICA entry for the cert represented by |data|.
// Returns the serialized certificate as bytes if the ICA was found.
// Returns an empty-length StringPiece if the ICA was not found.
« no previous file with comments | « no previous file | extensions/browser/api/cast_channel/cast_auth_ica.cc » ('j') | extensions/browser/extension_function_histogram_value.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698