extensions/browser/api/cast_channel/cast_auth_util.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_
   6 #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_
   7
   8 #include <string>
   9
  10 namespace extensions {
  11 namespace api {
  12 namespace cast_channel {
  13
  14 class AuthResponse;
  15 class CastMessage;
  16 class DeviceAuthMessage;
  17
  18 struct AuthResult {
  19  public:
  20   enum ErrorType {
  21     ERROR_NONE,
  22     ERROR_PEER_CERT_EMPTY,
  23     ERROR_WRONG_PAYLOAD_TYPE,
  24     ERROR_NO_PAYLOAD,
  25     ERROR_PAYLOAD_PARSING_FAILED,
  26     ERROR_MESSAGE_ERROR,
  27     ERROR_NO_RESPONSE,
  28     ERROR_FINGERPRINT_NOT_FOUND,
  29     ERROR_CERT_PARSING_FAILED,
  30     ERROR_CERT_NOT_SIGNED_BY_TRUSTED_CA,
  31     ERROR_CANNOT_EXTRACT_PUBLIC_KEY,
  32     ERROR_SIGNED_BLOBS_MISMATCH,
  33     ERROR_UNEXPECTED_AUTH_LIBRARY_RESULT
  34   };
  35
  36   enum PolicyType { POLICY_NONE = 0, POLICY_AUDIO_ONLY = 1 << 0 };
  37
  38   // Constructs a AuthResult that corresponds to success.
  39   AuthResult();
  40   ~AuthResult();
  41
  42   static AuthResult CreateWithParseError(const std::string& error_message,
  43                                          ErrorType error_type);
  44   static AuthResult CreateWithNSSError(const std::string& error_message,
  45                                        ErrorType error_type,
  46                                        int nss_error_code);
  47
  48   bool success() const { return error_type == ERROR_NONE; }
  49
  50   std::string error_message;
  51   ErrorType error_type;
  52   int nss_error_code;
  53   unsigned int channel_policies;
  54
  55  private:
  56   AuthResult(const std::string& error_message,
  57              ErrorType error_type,
  58              int nss_error_code);
  59 };
  60
  61 // Authenticates the given |challenge_reply|:
  62 // 1. Signature contained in the reply is valid.
  63 // 2. Certficate used to sign is rooted to a trusted CA.
  64 AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,
  65                                       const std::string& peer_cert);
  66
  67 // Auth-library specific implementation of cryptographic signature
  68 // verification routines. Verifies that |response| contains a
  69 // valid signed form of |peer_cert|.
  70 AuthResult VerifyCredentials(const AuthResponse& response,
  71                              const std::string& peer_cert);
  72
  73 }  // namespace cast_channel
  74 }  // namespace api
  75 }  // namespace extensions
  76
  77 #endif  // EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_