diff options
author | btolsch <btolsch@chromium.org> | 2019-12-17 18:23:10 -0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-12-18 02:36:32 +0000 |
commit | 3fb84816856bd15c694fb275b40e609472064c4f (patch) | |
tree | 81c786d9a305a4ec72366b51ba3be57a7a4ae2f9 /cast/sender/channel/cast_auth_util.h | |
parent | c310e1bbcb8df5802ea9ea7598a16ea82e122cf9 (diff) | |
download | openscreen-3fb84816856bd15c694fb275b40e609472064c4f.tar.gz |
Add receiver authentication steps
This change adds the necessary crypto + messaging steps for a Cast
receiver to authenticate itself as such. It also adds an integration
test that checks our sender authentication code against this receiver
authentication code.
Bug: openscreen:91
Change-Id: If298b8781bc95116714eb36fa68ef96ba82742a3
Reviewed-on: https://chromium-review.googlesource.com/c/openscreen/+/1954745
Commit-Queue: Brandon Tolsch <btolsch@chromium.org>
Reviewed-by: mark a. foltz <mfoltz@chromium.org>
Diffstat (limited to 'cast/sender/channel/cast_auth_util.h')
-rw-r--r-- | cast/sender/channel/cast_auth_util.h | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/cast/sender/channel/cast_auth_util.h b/cast/sender/channel/cast_auth_util.h index 35f1d028..b3ea452f 100644 --- a/cast/sender/channel/cast_auth_util.h +++ b/cast/sender/channel/cast_auth_util.h @@ -7,10 +7,10 @@ #include <openssl/x509.h> +#include <chrono> #include <string> #include "cast/common/certificate/cast_cert_validator.h" -#include "cast/common/channel/proto/cast_channel.pb.h" #include "platform/base/error.h" namespace cast { @@ -61,6 +61,19 @@ ErrorOr<CastDeviceCertPolicy> AuthenticateChallengeReply( X509* peer_cert, const AuthContext& auth_context); +// Exposed for testing only. +// +// Overloaded version of AuthenticateChallengeReply that allows modifying the +// crl policy, trust stores, and verification times. +ErrorOr<CastDeviceCertPolicy> AuthenticateChallengeReplyForTest( + const CastMessage& challenge_reply, + X509* peer_cert, + const AuthContext& auth_context, + certificate::CRLPolicy crl_policy, + certificate::TrustStore* cast_trust_store, + certificate::TrustStore* crl_trust_store, + const certificate::DateTime& verification_time); + // Performs a quick check of the TLS certificate for time validity requirements. openscreen::Error VerifyTLSCertificateValidity( X509* peer_cert, @@ -77,8 +90,8 @@ ErrorOr<CastDeviceCertPolicy> VerifyCredentials( // Exposed for testing only. // -// Overloaded version of VerifyCredentials that allows modifying -// the crl policy, trust stores, and verification times. +// Overloaded version of VerifyCredentials that allows modifying the crl policy, +// trust stores, and verification times. ErrorOr<CastDeviceCertPolicy> VerifyCredentialsForTest( const AuthResponse& response, const std::string& signature_input, |