Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(53)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/browser/api/cast_channel/cast_auth_util.h

Issue 627573002: Enable passing cast channel certificate authority keys. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Browser and unit tests. Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | extensions/browser/api/cast_channel/cast_auth_util.cc » ('j') | extensions/browser/api/cast_channel/cast_auth_util_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/browser/api/cast_channel/cast_auth_util.h
diff --git a/extensions/browser/api/cast_channel/cast_auth_util.h b/extensions/browser/api/cast_channel/cast_auth_util.h
index 560f698d2b57430d7071dcae8d5b218426a094d9..639aa7ad1cab8f73d10dc654cff976d814a08c51 100644
--- a/extensions/browser/api/cast_channel/cast_auth_util.h
+++ b/extensions/browser/api/cast_channel/cast_auth_util.h
@@ -6,6 +6,9 @@
#define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_
#include <string>
+#include "crypto/scoped_nss_types.h"
+#include "extensions/common/api/cast_channel/authority_keys.pb.h"
+#include "net/base/hash_value.h"
namespace extensions {
namespace core_api {
@@ -52,12 +55,52 @@ struct AuthResult {
int nss_error_code);
};
+// Helper class for intermediate certificate authority validation.
+class AuthorityKeysStore {
+ public:
+ AuthorityKeysStore();
+ ~AuthorityKeysStore();
+
+ // Returns the public key of the ICA whose fingerprint matches |fingerprint|.
+ // Returns NULL, if no such ICA is found.
+ const SECItem* GetICAPublicKeyFromFingerprint(
+ const net::SHA256HashValue& fingerprint);
+
+ // Returns the public key of the first ICA in the list.
+ // Returns NULL if the authority keys store is empty.
+ const SECItem* GetDefaultICAPublicKey();
+
+ // Loads authority keys from a serialized protobuf.
+ bool Load(std::string& keys);
+
+ private:
+ // Info for trusted ICA certs.
+ struct ICACertInfo {
+ const net::SHA256HashValue* fingerprint;
+ SECItem public_key;
+ };
+
+ // The list of trusted certificate authorities, this points to either
+ // hard-coded constant data or to the data in the de-serialized protobuf.
+ std::vector<ICACertInfo> certificate_authorities_;
+
+ // Holds hard-coded constant ICA data.
+ static const ICACertInfo kAllowedICAs[];
+
+ // Trusted certificate authorities data passed from the extension.
+ proto::AuthorityKeys authority_keys_;
+};
+
// Authenticates the given |challenge_reply|:
// 1. Signature contained in the reply is valid.
// 2. Certficate used to sign is rooted to a trusted CA.
AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,
const std::string& peer_cert);
+// Sets trusted certificate authorities.
+bool SetTrustedCertificateAuthorities(const std::string& keys,
+ const std::string& signature);
+
} // namespace cast_channel
} // namespace core_api
} // namespace extensions
« no previous file with comments | « no previous file | extensions/browser/api/cast_channel/cast_auth_util.cc » ('j') | extensions/browser/api/cast_channel/cast_auth_util_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698