chrome/app/signature_validator_win.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_APP_SIGNATURE_VALIDATOR_WIN_H_
   6 #define CHROME_APP_SIGNATURE_VALIDATOR_WIN_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 namespace base {
  12 class FilePath;
  13 }
  14
  15 // Verifies that |signed_file| has a valid signature from a trusted software
  16 // publisher. The signing certificate must be valid for code signing, and must
  17 // be issued by a trusted certificate authority (e.g., VeriSign, Inc).
  18 bool VerifyAuthenticodeSignature(const base::FilePath& signed_file);
  19
  20 // Tries to verify the signer by matching the subject name of the
  21 // certificate to |subject_name| and the hash of the public key to
  22 // |expected_hashes|. The cert must be current. If matched, returns true
  23 // otherwise returns false.
  24 bool VerifySignerIsGoogle(const base::FilePath& signed_file,
  25                           const std::string& subject_name,
  26                           const std::vector<std::string>& expected_hashes);
  27
  28 #endif  // CHROME_APP_SIGNATURE_VALIDATOR_WIN_H_