| Index: extensions/browser/api/cast_channel/cast_auth_util.h
|
| diff --git a/extensions/browser/api/cast_channel/cast_auth_util.h b/extensions/browser/api/cast_channel/cast_auth_util.h
|
| index fa00d8173e297fcca78d0466e65c75735506241e..c3b9d20ddbefbdbf7bffd0137b101decaa2fda04 100644
|
| --- a/extensions/browser/api/cast_channel/cast_auth_util.h
|
| +++ b/extensions/browser/api/cast_channel/cast_auth_util.h
|
| @@ -6,14 +6,21 @@
|
| #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_
|
|
|
| #include <string>
|
| +#include <vector>
|
|
|
| namespace extensions {
|
| namespace core_api {
|
| namespace cast_channel {
|
|
|
| +class AuthResponse;
|
| class CastMessage;
|
| class DeviceAuthMessage;
|
|
|
| +struct OpenSslErrorEntry {
|
| + std::string filename;
|
| + int line_number;
|
| +};
|
| +
|
| struct AuthResult {
|
| public:
|
| enum ErrorType {
|
| @@ -25,18 +32,25 @@ struct AuthResult {
|
| ERROR_MESSAGE_ERROR,
|
| ERROR_NO_RESPONSE,
|
| ERROR_FINGERPRINT_NOT_FOUND,
|
| - ERROR_NSS_CERT_PARSING_FAILED,
|
| - ERROR_NSS_CERT_NOT_SIGNED_BY_TRUSTED_CA,
|
| - ERROR_NSS_CANNOT_EXTRACT_PUBLIC_KEY,
|
| - ERROR_NSS_SIGNED_BLOBS_MISMATCH
|
| + ERROR_CERT_PARSING_FAILED,
|
| + ERROR_CERT_NOT_SIGNED_BY_TRUSTED_CA,
|
| + ERROR_CANNOT_EXTRACT_PUBLIC_KEY,
|
| + ERROR_SIGNED_BLOBS_MISMATCH,
|
| + ERROR_UNEXPECTED_AUTH_LIBRARY_RESULT,
|
| };
|
|
|
| // Constructs a AuthResult that corresponds to success.
|
| AuthResult();
|
| ~AuthResult();
|
|
|
| + AuthResult(const AuthResult& rvalue);
|
| +
|
| static AuthResult CreateWithParseError(const std::string& error_message,
|
| ErrorType error_type);
|
| + static AuthResult CreateWithOpenSSLErrors(
|
| + const std::string& error_message,
|
| + ErrorType error_type,
|
| + const std::vector<OpenSslErrorEntry>& openssl_errors);
|
| static AuthResult CreateWithNSSError(const std::string& error_message,
|
| ErrorType error_type,
|
| int nss_error_code);
|
| @@ -46,23 +60,27 @@ struct AuthResult {
|
| std::string error_message;
|
| ErrorType error_type;
|
| int nss_error_code;
|
| + std::vector<OpenSslErrorEntry> openssl_error_stack;
|
|
|
| private:
|
| AuthResult(const std::string& error_message,
|
| ErrorType error_type,
|
| - int nss_error_code);
|
| + int nss_error_code,
|
| + const std::vector<OpenSslErrorEntry>& openssl_errors);
|
| };
|
|
|
| // Authenticates the given |challenge_reply|:
|
| // 1. Signature contained in the reply is valid.
|
| // 2. Certficate used to sign is rooted to a trusted CA.
|
| -AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,
|
| - const std::string& peer_cert);
|
| +AuthResult AuthenticateChallengeReply(
|
| + const CastMessage& challenge_reply,
|
| + const std::string& peer_cert);
|
|
|
| -// Parses a DeviceAuthMessage payload from a challenge reply.
|
| -// Returns an AuthResult to indicate success or failure.
|
| -AuthResult ParseAuthMessage(const CastMessage& challenge_reply,
|
| - DeviceAuthMessage* auth_message);
|
| +// Auth-library specific implementation of cryptographic signature
|
| +// verification routines. Verifies that |response| contains a
|
| +// valid signed form of |peer_cert|.
|
| +AuthResult VerifyCredentials(const AuthResponse& response,
|
| + const std::string& peer_cert);
|
|
|
| } // namespace cast_channel
|
| } // namespace core_api
|
|
|
Chromium Code Reviews
Issue 687733004:
Implement crypto signature verification routines using OpenSSL. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master