Re-subimission of https://codereview.chromium.org/1041213003/
[chromium-blink-merge.git] / extensions / browser / api / cast_channel / cast_auth_ica.h
blob64591504f059c89b4b20c4e93c996b8e760ef069
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_ICA_H_
6 #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_ICA_H_
8 #include <stddef.h>
10 #include <map>
11 #include <string>
13 #include "base/memory/scoped_ptr.h"
14 #include "base/strings/string_piece.h"
15 #include "net/base/hash_value.h"
17 namespace extensions {
18 namespace core_api {
19 namespace cast_channel {
21 typedef std::map<net::SHA256HashValue,
22 base::StringPiece,
23 net::SHA256HashValueLessThan> AuthorityKeysMap;
25 namespace proto {
27 // Forward declaration to avoid including generated protobuf header.
28 class AuthorityKeys;
30 } // namespace proto
32 // AuthorityKeyStore is a helper class that is used to store and manipulate
33 // intermediate CAs (ICAs) information used to authenticate cast devices.
34 // A static list of ICAs is hardcoded and may optionally be replaced during
35 // runtime by an extension supplying a protobuf of ICAs information signed with
36 // known key.
37 class AuthorityKeyStore {
38 public:
39 AuthorityKeyStore();
40 ~AuthorityKeyStore();
42 // Returns the public key of the ICA whose fingerprint matches |fingerprint|.
43 // Returns an empty StringPiece if no such ICA is found.
44 // Note: the returned StringPiece is invalidated if Load() is called.
45 base::StringPiece GetICAPublicKeyFromFingerprint(
46 const net::SHA256HashValue& fingerprint);
48 // Returns the public key of the default / original cast ICA.
49 // Returns an empty StringPiece if the default cast ICA is not found.
50 // Note: the returned StringPiece is invalidated if Load() is called.
51 base::StringPiece GetDefaultICAPublicKey();
53 // Replaces stored authority keys with the keys loaded from a serialized
54 // protobuf.
55 bool Load(const std::string& keys);
57 private:
58 // The map of trusted certificate authorities - fingerprints to public keys.
59 AuthorityKeysMap certificate_authorities_;
61 // Trusted certificate authorities data passed from the extension.
62 scoped_ptr<proto::AuthorityKeys> authority_keys_;
64 DISALLOW_COPY_AND_ASSIGN(AuthorityKeyStore);
67 // Sets trusted certificate authorities.
68 bool SetTrustedCertificateAuthorities(const std::string& keys,
69 const std::string& signature);
71 // Gets the trusted ICA entry for the cert represented by |data|.
72 // Returns the serialized certificate as bytes if the ICA was found.
73 // Returns an empty-length StringPiece if the ICA was not found.
74 base::StringPiece GetTrustedICAPublicKey(const base::StringPiece& data);
76 // Gets the default trusted ICA for legacy compatibility.
77 base::StringPiece GetDefaultTrustedICAPublicKey();
79 } // namespace cast_channel
80 } // namespace core_api
81 } // namespace extensions
83 #endif // EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_ICA_H_