extensions/browser/api/cast_channel/cast_auth_ica.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_ICA_H_
   6 #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_ICA_H_
   7
   8 #include <stddef.h>
   9
  10 #include <map>
  11 #include <string>
  12
  13 #include "base/memory/scoped_ptr.h"
  14 #include "base/strings/string_piece.h"
  15 #include "net/base/hash_value.h"
  16
  17 namespace extensions {
  18 namespace api {
  19 namespace cast_channel {
  20
  21 typedef std::map<net::SHA256HashValue,
  22                  base::StringPiece,
  23                  net::SHA256HashValueLessThan> AuthorityKeysMap;
  24
  25 namespace proto {
  26
  27 // Forward declaration to avoid including generated protobuf header.
  28 class AuthorityKeys;
  29
  30 }  // namespace proto
  31
  32 // AuthorityKeyStore is a helper class that is used to store and manipulate
  33 // intermediate CAs (ICAs) information used to authenticate cast devices.
  34 // A static list of ICAs is hardcoded and may optionally be replaced during
  35 // runtime by an extension supplying a protobuf of ICAs information signed with
  36 // known key.
  37 class AuthorityKeyStore {
  38  public:
  39   AuthorityKeyStore();
  40   ~AuthorityKeyStore();
  41
  42   // Returns the public key of the ICA whose fingerprint matches |fingerprint|.
  43   // Returns an empty StringPiece if no such ICA is found.
  44   // Note: the returned StringPiece is invalidated if Load() is called.
  45   base::StringPiece GetICAPublicKeyFromFingerprint(
  46       const net::SHA256HashValue& fingerprint);
  47
  48   // Returns the public key of the default / original cast ICA.
  49   // Returns an empty StringPiece if the default cast ICA is not found.
  50   // Note: the returned StringPiece is invalidated if Load() is called.
  51   base::StringPiece GetDefaultICAPublicKey();
  52
  53   // Replaces stored authority keys with the keys loaded from a serialized
  54   // protobuf.
  55   bool Load(const std::string& keys);
  56
  57  private:
  58   // The map of trusted certificate authorities - fingerprints to public keys.
  59   AuthorityKeysMap certificate_authorities_;
  60
  61   // Trusted certificate authorities data passed from the extension.
  62   scoped_ptr<proto::AuthorityKeys> authority_keys_;
  63
  64   DISALLOW_COPY_AND_ASSIGN(AuthorityKeyStore);
  65 };
  66
  67 // Sets trusted certificate authorities.
  68 bool SetTrustedCertificateAuthorities(const std::string& keys,
  69                                       const std::string& signature);
  70
  71 // Gets the trusted ICA entry for the cert represented by |data|.
  72 // Returns the serialized certificate as bytes if the ICA was found.
  73 // Returns an empty-length StringPiece if the ICA was not found.
  74 base::StringPiece GetTrustedICAPublicKey(const base::StringPiece& data);
  75
  76 // Gets the default trusted ICA for legacy compatibility.
  77 base::StringPiece GetDefaultTrustedICAPublicKey();
  78
  79 }  // namespace cast_channel
  80 }  // namespace api
  81 }  // namespace extensions
  82
  83 #endif  // EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_ICA_H_