Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(377)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/browser/api/cast_channel/cast_auth_util.h

Issue 627573002: Enable passing cast channel certificate authority keys. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Added static to consts. Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | extensions/browser/api/cast_channel/cast_auth_util.cc » ('j') | extensions/browser/api/cast_channel/cast_auth_util.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/browser/api/cast_channel/cast_auth_util.h
diff --git a/extensions/browser/api/cast_channel/cast_auth_util.h b/extensions/browser/api/cast_channel/cast_auth_util.h
index 560f698d2b57430d7071dcae8d5b218426a094d9..ab008f3b59b2d0c7ad22d1aed27fdd71793064a6 100644
--- a/extensions/browser/api/cast_channel/cast_auth_util.h
+++ b/extensions/browser/api/cast_channel/cast_auth_util.h
@@ -6,6 +6,9 @@
#define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_
#include <string>
+#include "crypto/scoped_nss_types.h"
+#include "extensions/common/api/cast_channel/authority_keys.pb.h"
+#include "net/base/hash_value.h"
namespace extensions {
namespace core_api {
@@ -52,12 +55,45 @@ struct AuthResult {
int nss_error_code);
};
+// Helper class for intermediate certificate authority validation.
+class AuthorityKeysStore {
+ public:
+ AuthorityKeysStore();
+ ~AuthorityKeysStore();
+
+ const SECItem* GetICAPublicKeyFromFingerprint(
mark a. foltz 2014/10/14 06:15:04 Please document these method declarations.
vadimgo 2014/10/14 19:51:24 Done.
+ const net::SHA256HashValue& fingerprint);
+
+ const SECItem* GetDefaultICAPublicKey();
+
+ bool Load(std::string& keys);
+
+ private:
+ // Info for trusted ICA certs.
+ struct ICACertInfo {
+ const net::SHA256HashValue* fingerprint;
+ SECItem public_key;
+ };
+
+ static const ICACertInfo kAllowedICAs[];
mark a. foltz 2014/10/14 06:15:04 This holds the existing hard coded values, right?
vadimgo 2014/10/14 19:51:24 Done.
+
+ // The list of trusted certificate authorities.
+ std::vector<ICACertInfo> certificate_authorities_;
+
+ // Trusted certificate authorities data passed from the extension.
+ proto::AuthorityKeys authority_keys_;
mark a. foltz 2014/10/14 06:15:04 Why does the proto::AuthorityKeys have to be retai
vadimgo 2014/10/14 19:51:24 certificate_authorities_ points to either hard-cod
+};
+
// Authenticates the given |challenge_reply|:
// 1. Signature contained in the reply is valid.
// 2. Certficate used to sign is rooted to a trusted CA.
AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,
const std::string& peer_cert);
+// Sets trusted certificate authorities.
+bool SetTrustedCertificateAuthorities(const std::string& keys,
+ const std::string& signature);
+
} // namespace cast_channel
} // namespace core_api
} // namespace extensions
« no previous file with comments | « no previous file | extensions/browser/api/cast_channel/cast_auth_util.cc » ('j') | extensions/browser/api/cast_channel/cast_auth_util.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698