Refactoring of Cast-related crypto code

extensions/common/cast/cast_cert_validator.h

Index: extensions/common/cast/cast_cert_validator.h
diff --git a/extensions/common/cast/cast_cert_validator.h b/extensions/common/cast/cast_cert_validator.h
new file mode 100644
index 0000000000000000000000000000000000000000..43baa4c000268520d7d7ceaea7f0beba7688aa32
--- /dev/null
+++ b/extensions/common/cast/cast_cert_validator.h
@@ -0,0 +1,68 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef EXTENSIONS_COMMON_CAST_CAST_CERT_VALIDATOR_H_
+#define EXTENSIONS_COMMON_CAST_CAST_CERT_VALIDATOR_H_
+
+#include <string>
+#include <vector>
+
+#include "base/strings/string_piece.h"
+
+namespace extensions {
+namespace core_api {
+namespace cast_crypto {
+
+struct VerificationResult {

[Ryan Sleevi, 2014/12/15 21:43:00]

Document

[sheretov, 2014/12/16 08:44:21]

Done.  And consolidated error types into more sensible buckets.

+  enum ErrorType {
+    ERROR_NONE = 0,
+    ERROR_CERT_PARSING_FAILED,
+    ERROR_CERT_NOT_SIGNED_BY_TRUSTED_CA,
+    ERROR_CANNOT_EXTRACT_PUBLIC_KEY,
+    ERROR_SIGNATURE_INVALID,
+    ERROR_CRYPTO_LIBRARY,
+    // Always update ERROR_TYPE_MAX to the last error code in the enum.
+    ERROR_TYPE_MAX = ERROR_CRYPTO_LIBRARY
+  };
+
+  // Constructs a VerificationResult that corresponds to success.
+  VerificationResult();
+
+  // Construct error-related objects
+  VerificationResult(const std::string& error_message, ErrorType error_type);
+  VerificationResult(const std::string& error_message,
+                     ErrorType error_type,
+                     int error_code);
+
+  bool Success() const { return error_type == ERROR_NONE; }
+  bool Failure() const { return error_type != ERROR_NONE; }
+
+  ErrorType error_type;
+  std::string error_message;
+  int library_error_code;
+};
+
+class CertVerificationContext {

[Ryan Sleevi, 2014/12/15 21:43:00]

Document

[sheretov, 2014/12/16 08:44:21]

Done.

+ public:
+  CertVerificationContext() {}
+  virtual ~CertVerificationContext() {}
+
+  virtual VerificationResult VerifySignatureOverData(

[Ryan Sleevi, 2014/12/15 21:43:00]

Document

[sheretov, 2014/12/16 08:44:21]

Done.

+      const base::StringPiece& signature,
+      const base::StringPiece& data) const = 0;
+  virtual std::string getCommonName() const = 0;

[Ryan Sleevi, 2014/12/15 21:43:00]

Document

[Ryan Sleevi, 2014/12/15 21:43:00]

NAMING: This does not conform to the C++ style guide -
http://google-styleguide.googlecode.com/svn/trunk/cppguide.html#Function_Names

s/getCommonName/GetCommonName()/

[sheretov, 2014/12/16 08:44:21]

Done.

[sheretov, 2014/12/16 08:44:21]

Done.

+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(CertVerificationContext);
+};
+
+VerificationResult VerifyCert(const base::StringPiece& device_cert,

[Ryan Sleevi, 2014/12/15 21:42:59]

Document

[Ryan Sleevi, 2014/12/15 21:43:00]

naming: VerifyDeviceCert? VerifyDevice?

[sheretov, 2014/12/16 08:44:21]

Done.

[sheretov, 2014/12/16 08:44:21]

VerifyDeviceCert

+                              const std::vector<std::string>& ica_certs,
+                              CertVerificationContext** out_context);

[Ryan Sleevi, 2014/12/15 21:42:59]

API DESIGN: Don't return pointers to pointers, especially when the caller must
clear.

Instead, take a pointer to a scoped_ptr.

scoped_ptr<CastVerificationContext>* out_context

NAMING: s/out_context/context/ :)

[sheretov, 2014/12/16 08:44:21]

Done.

+
+}  // namespace cast_crypto
+}  // namespace core_api
+}  // namespace extensions
+
+#endif  // EXTENSIONS_COMMON_CAST_CAST_CERT_VALIDATOR_H_