1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_ICA_H_
6 #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_ICA_H_
13 #include "base/memory/scoped_ptr.h"
14 #include "base/strings/string_piece.h"
15 #include "net/base/hash_value.h"
17 namespace extensions
{
19 namespace cast_channel
{
21 typedef std::map
<net::SHA256HashValue
,
23 net::SHA256HashValueLessThan
> AuthorityKeysMap
;
27 // Forward declaration to avoid including generated protobuf header.
32 // AuthorityKeyStore is a helper class that is used to store and manipulate
33 // intermediate CAs (ICAs) information used to authenticate cast devices.
34 // A static list of ICAs is hardcoded and may optionally be replaced during
35 // runtime by an extension supplying a protobuf of ICAs information signed with
37 class AuthorityKeyStore
{
42 // Returns the public key of the ICA whose fingerprint matches |fingerprint|.
43 // Returns an empty StringPiece if no such ICA is found.
44 // Note: the returned StringPiece is invalidated if Load() is called.
45 base::StringPiece
GetICAPublicKeyFromFingerprint(
46 const net::SHA256HashValue
& fingerprint
);
48 // Returns the public key of the default / original cast ICA.
49 // Returns an empty StringPiece if the default cast ICA is not found.
50 // Note: the returned StringPiece is invalidated if Load() is called.
51 base::StringPiece
GetDefaultICAPublicKey();
53 // Replaces stored authority keys with the keys loaded from a serialized
55 bool Load(const std::string
& keys
);
58 // The map of trusted certificate authorities - fingerprints to public keys.
59 AuthorityKeysMap certificate_authorities_
;
61 // Trusted certificate authorities data passed from the extension.
62 scoped_ptr
<proto::AuthorityKeys
> authority_keys_
;
64 DISALLOW_COPY_AND_ASSIGN(AuthorityKeyStore
);
67 // Sets trusted certificate authorities.
68 bool SetTrustedCertificateAuthorities(const std::string
& keys
,
69 const std::string
& signature
);
71 // Gets the trusted ICA entry for the cert represented by |data|.
72 // Returns the serialized certificate as bytes if the ICA was found.
73 // Returns an empty-length StringPiece if the ICA was not found.
74 base::StringPiece
GetTrustedICAPublicKey(const base::StringPiece
& data
);
76 // Gets the default trusted ICA for legacy compatibility.
77 base::StringPiece
GetDefaultTrustedICAPublicKey();
79 } // namespace cast_channel
80 } // namespace core_api
81 } // namespace extensions
83 #endif // EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_ICA_H_