aboutsummaryrefslogtreecommitdiff
path: root/cast/sender
diff options
context:
space:
mode:
authorYuri Wiitala <miu@chromium.org>2019-12-20 20:26:40 -0800
committerCommit Bot <commit-bot@chromium.org>2019-12-21 08:46:52 +0000
commit80ed3d779e3e38de94656bf59ff4b62534c797fe (patch)
tree7e5272420823e8f7a6bca54df9f259179d3fe126 /cast/sender
parent14e7402b939822d20a2cf72e84cb72136301c4aa (diff)
downloadopenscreen-80ed3d779e3e38de94656bf59ff4b62534c797fe.tar.gz
Replace namespace cast::something with openscreen::cast.
...and fixed a few C++ style issues around use of rvals in files touched. Bug: openscreen:90 Change-Id: Ib14fb1c47dfafec1fefe0cad31bce764aae0272e Reviewed-on: https://chromium-review.googlesource.com/c/openscreen/+/1959204 Commit-Queue: Yuri Wiitala <miu@chromium.org> Reviewed-by: Jordan Bayles <jophba@chromium.org>
Diffstat (limited to 'cast/sender')
-rw-r--r--cast/sender/channel/cast_auth_util.cc281
-rw-r--r--cast/sender/channel/cast_auth_util.h57
-rw-r--r--cast/sender/channel/cast_auth_util_unittest.cc210
-rw-r--r--cast/sender/channel/message_util.cc12
-rw-r--r--cast/sender/channel/message_util.h7
-rw-r--r--cast/sender/channel/sender_socket_factory.cc17
-rw-r--r--cast/sender/channel/sender_socket_factory.h57
7 files changed, 309 insertions, 332 deletions
diff --git a/cast/sender/channel/cast_auth_util.cc b/cast/sender/channel/cast_auth_util.cc
index 5201aa11..6954980a 100644
--- a/cast/sender/channel/cast_auth_util.cc
+++ b/cast/sender/channel/cast_auth_util.cc
@@ -16,8 +16,14 @@
#include "platform/base/error.h"
#include "util/logging.h"
+namespace openscreen {
namespace cast {
-namespace channel {
+
+using ::cast::channel::AuthResponse;
+using ::cast::channel::CastMessage;
+using ::cast::channel::DeviceAuthMessage;
+using ::cast::channel::HashAlgorithm;
+
namespace {
#define PARSE_ERROR_PREFIX "Failed to parse auth message: "
@@ -31,40 +37,35 @@ const int kNonceSizeInBytes = 16;
// The number of hours after which a nonce is regenerated.
long kNonceExpirationTimeInHours = 24;
-using CastCertError = openscreen::Error::Code;
-
// Extracts an embedded DeviceAuthMessage payload from an auth challenge reply
// message.
-openscreen::Error ParseAuthMessage(const CastMessage& challenge_reply,
- DeviceAuthMessage* auth_message) {
- if (challenge_reply.payload_type() != CastMessage_PayloadType_BINARY) {
- return openscreen::Error(CastCertError::kCastV2WrongPayloadType,
- PARSE_ERROR_PREFIX
- "Wrong payload type in challenge reply");
+Error ParseAuthMessage(const CastMessage& challenge_reply,
+ DeviceAuthMessage* auth_message) {
+ if (challenge_reply.payload_type() !=
+ ::cast::channel::CastMessage_PayloadType_BINARY) {
+ return Error(Error::Code::kCastV2WrongPayloadType,
+ PARSE_ERROR_PREFIX "Wrong payload type in challenge reply");
}
if (!challenge_reply.has_payload_binary()) {
- return openscreen::Error(
- CastCertError::kCastV2NoPayload, PARSE_ERROR_PREFIX
- "Payload type is binary but payload_binary field not set");
+ return Error(Error::Code::kCastV2NoPayload, PARSE_ERROR_PREFIX
+ "Payload type is binary but payload_binary field not set");
}
if (!auth_message->ParseFromString(challenge_reply.payload_binary())) {
- return openscreen::Error(
- CastCertError::kCastV2PayloadParsingFailed, PARSE_ERROR_PREFIX
- "Cannot parse binary payload into DeviceAuthMessage");
+ return Error(Error::Code::kCastV2PayloadParsingFailed, PARSE_ERROR_PREFIX
+ "Cannot parse binary payload into DeviceAuthMessage");
}
if (auth_message->has_error()) {
std::stringstream ss;
ss << PARSE_ERROR_PREFIX "Auth message error: "
<< auth_message->error().error_type();
- return openscreen::Error(CastCertError::kCastV2MessageError, ss.str());
+ return Error(Error::Code::kCastV2MessageError, ss.str());
}
if (!auth_message->has_response()) {
- return openscreen::Error(CastCertError::kCastV2NoResponse,
- PARSE_ERROR_PREFIX
- "Auth message has no response field");
+ return Error(Error::Code::kCastV2NoResponse,
+ PARSE_ERROR_PREFIX "Auth message has no response field");
}
- return openscreen::Error::None();
+ return Error::None();
}
class CastNonce {
@@ -85,11 +86,11 @@ class CastNonce {
OSP_CHECK_EQ(
RAND_bytes(reinterpret_cast<uint8_t*>(&nonce_[0]), kNonceSizeInBytes),
1);
- nonce_generation_time_ = openscreen::GetWallTimeSinceUnixEpoch();
+ nonce_generation_time_ = GetWallTimeSinceUnixEpoch();
}
void EnsureNonceTimely() {
- if (openscreen::GetWallTimeSinceUnixEpoch() >
+ if (GetWallTimeSinceUnixEpoch() >
(nonce_generation_time_ +
std::chrono::hours(kNonceExpirationTimeInHours))) {
GenerateNonce();
@@ -102,62 +103,60 @@ class CastNonce {
std::chrono::seconds nonce_generation_time_;
};
-// Maps CastCertError from certificate verification to openscreen::Error.
+// Maps Error::Code from certificate verification to Error.
// If crl_required is set to false, all revocation related errors are ignored.
-openscreen::Error MapToOpenscreenError(CastCertError error, bool crl_required) {
+Error MapToOpenscreenError(Error::Code error, bool crl_required) {
switch (error) {
- case CastCertError::kErrCertsMissing:
- return openscreen::Error(CastCertError::kCastV2PeerCertEmpty,
- "Failed to locate certificates.");
- case CastCertError::kErrCertsParse:
- return openscreen::Error(CastCertError::kErrCertsParse,
- "Failed to parse certificates.");
- case CastCertError::kErrCertsDateInvalid:
- return openscreen::Error(CastCertError::kCastV2CertNotSignedByTrustedCa,
- "Failed date validity check.");
- case CastCertError::kErrCertsVerifyGeneric:
- return openscreen::Error(
- CastCertError::kCastV2CertNotSignedByTrustedCa,
- "Failed with a generic certificate verification error.");
- case CastCertError::kErrCertsRestrictions:
- return openscreen::Error(CastCertError::kCastV2CertNotSignedByTrustedCa,
- "Failed certificate restrictions.");
- case CastCertError::kErrCrlInvalid:
+ case Error::Code::kErrCertsMissing:
+ return Error(Error::Code::kCastV2PeerCertEmpty,
+ "Failed to locate certificates.");
+ case Error::Code::kErrCertsParse:
+ return Error(Error::Code::kErrCertsParse,
+ "Failed to parse certificates.");
+ case Error::Code::kErrCertsDateInvalid:
+ return Error(Error::Code::kCastV2CertNotSignedByTrustedCa,
+ "Failed date validity check.");
+ case Error::Code::kErrCertsVerifyGeneric:
+ return Error(Error::Code::kCastV2CertNotSignedByTrustedCa,
+ "Failed with a generic certificate verification error.");
+ case Error::Code::kErrCertsRestrictions:
+ return Error(Error::Code::kCastV2CertNotSignedByTrustedCa,
+ "Failed certificate restrictions.");
+ case Error::Code::kErrCrlInvalid:
// This error is only encountered if |crl_required| is true.
OSP_DCHECK(crl_required);
- return openscreen::Error(CastCertError::kErrCrlInvalid,
- "Failed to provide a valid CRL.");
- case CastCertError::kErrCertsRevoked:
- return openscreen::Error(CastCertError::kErrCertsRevoked,
- "Failed certificate revocation check.");
- case CastCertError::kNone:
- return openscreen::Error::None();
+ return Error(Error::Code::kErrCrlInvalid,
+ "Failed to provide a valid CRL.");
+ case Error::Code::kErrCertsRevoked:
+ return Error(Error::Code::kErrCertsRevoked,
+ "Failed certificate revocation check.");
+ case Error::Code::kNone:
+ return Error::None();
default:
- return openscreen::Error(CastCertError::kCastV2CertNotSignedByTrustedCa,
- "Failed verifying cast device certificate.");
+ return Error(Error::Code::kCastV2CertNotSignedByTrustedCa,
+ "Failed verifying cast device certificate.");
}
- return openscreen::Error::None();
+ return Error::None();
}
-openscreen::Error VerifyAndMapDigestAlgorithm(
- HashAlgorithm response_digest_algorithm,
- certificate::DigestAlgorithm* digest_algorithm,
- bool enforce_sha256_checking) {
+Error VerifyAndMapDigestAlgorithm(HashAlgorithm response_digest_algorithm,
+ DigestAlgorithm* digest_algorithm,
+ bool enforce_sha256_checking) {
switch (response_digest_algorithm) {
- case SHA1:
+ case ::cast::channel::SHA1:
if (enforce_sha256_checking) {
- return openscreen::Error(CastCertError::kCastV2DigestUnsupported,
- "Unsupported digest algorithm.");
+ return Error(Error::Code::kCastV2DigestUnsupported,
+ "Unsupported digest algorithm.");
}
- *digest_algorithm = certificate::DigestAlgorithm::kSha1;
+ *digest_algorithm = DigestAlgorithm::kSha1;
break;
- case SHA256:
- *digest_algorithm = certificate::DigestAlgorithm::kSha256;
+ case ::cast::channel::SHA256:
+ *digest_algorithm = DigestAlgorithm::kSha256;
break;
default:
- return CastCertError::kCastV2DigestUnsupported;
+ return Error::Code::kCastV2DigestUnsupported;
}
- return openscreen::Error::None();
+ return Error::None();
}
} // namespace
@@ -171,77 +170,74 @@ AuthContext::AuthContext(const std::string& nonce) : nonce_(nonce) {}
AuthContext::~AuthContext() {}
-openscreen::Error AuthContext::VerifySenderNonce(
- const std::string& nonce_response,
- bool enforce_nonce_checking) const {
+Error AuthContext::VerifySenderNonce(const std::string& nonce_response,
+ bool enforce_nonce_checking) const {
if (nonce_ != nonce_response) {
if (enforce_nonce_checking) {
- return openscreen::Error(CastCertError::kCastV2SenderNonceMismatch,
- "Sender nonce mismatched.");
+ return Error(Error::Code::kCastV2SenderNonceMismatch,
+ "Sender nonce mismatched.");
}
}
- return openscreen::Error::None();
+ return Error::None();
}
-openscreen::Error VerifyTLSCertificateValidity(
- X509* peer_cert,
- std::chrono::seconds verification_time) {
+Error VerifyTLSCertificateValidity(X509* peer_cert,
+ std::chrono::seconds verification_time) {
// Ensure the peer cert is valid and doesn't have an excessive remaining
// lifetime. Although it is not verified as an X.509 certificate, the entire
// structure is signed by the AuthResponse, so the validity field from X.509
// is repurposed as this signature's expiration.
- certificate::DateTime not_before;
- certificate::DateTime not_after;
- if (!certificate::GetCertValidTimeRange(peer_cert, &not_before, &not_after)) {
- return openscreen::Error(CastCertError::kErrCertsParse, PARSE_ERROR_PREFIX
- "Parsing validity fields failed.");
+ DateTime not_before;
+ DateTime not_after;
+ if (!GetCertValidTimeRange(peer_cert, &not_before, &not_after)) {
+ return Error(Error::Code::kErrCertsParse,
+ PARSE_ERROR_PREFIX "Parsing validity fields failed.");
}
std::chrono::seconds lifetime_limit =
verification_time +
std::chrono::hours(24 * kMaxSelfSignedCertLifetimeInDays);
- certificate::DateTime verification_time_exploded = {};
- certificate::DateTime lifetime_limit_exploded = {};
- OSP_CHECK(certificate::DateTimeFromSeconds(verification_time.count(),
- &verification_time_exploded));
- OSP_CHECK(certificate::DateTimeFromSeconds(lifetime_limit.count(),
- &lifetime_limit_exploded));
+ DateTime verification_time_exploded = {};
+ DateTime lifetime_limit_exploded = {};
+ OSP_CHECK(DateTimeFromSeconds(verification_time.count(),
+ &verification_time_exploded));
+ OSP_CHECK(
+ DateTimeFromSeconds(lifetime_limit.count(), &lifetime_limit_exploded));
if (verification_time_exploded < not_before) {
- return openscreen::Error(
- CastCertError::kCastV2TlsCertValidStartDateInFuture,
- PARSE_ERROR_PREFIX "Certificate's valid start date is in the future.");
+ return Error(Error::Code::kCastV2TlsCertValidStartDateInFuture,
+ PARSE_ERROR_PREFIX
+ "Certificate's valid start date is in the future.");
}
if (not_after < verification_time_exploded) {
- return openscreen::Error(CastCertError::kCastV2TlsCertExpired,
- PARSE_ERROR_PREFIX "Certificate has expired.");
+ return Error(Error::Code::kCastV2TlsCertExpired,
+ PARSE_ERROR_PREFIX "Certificate has expired.");
}
if (lifetime_limit_exploded < not_after) {
- return openscreen::Error(CastCertError::kCastV2TlsCertValidityPeriodTooLong,
- PARSE_ERROR_PREFIX
- "Peer cert lifetime is too long.");
+ return Error(Error::Code::kCastV2TlsCertValidityPeriodTooLong,
+ PARSE_ERROR_PREFIX "Peer cert lifetime is too long.");
}
- return openscreen::Error::None();
+ return Error::None();
}
ErrorOr<CastDeviceCertPolicy> VerifyCredentialsImpl(
const AuthResponse& response,
const std::string& signature_input,
- const certificate::CRLPolicy& crl_policy,
- certificate::TrustStore* cast_trust_store,
- certificate::TrustStore* crl_trust_store,
- const certificate::DateTime& verification_time,
+ const CRLPolicy& crl_policy,
+ TrustStore* cast_trust_store,
+ TrustStore* crl_trust_store,
+ const DateTime& verification_time,
bool enforce_sha256_checking);
ErrorOr<CastDeviceCertPolicy> AuthenticateChallengeReplyImpl(
const CastMessage& challenge_reply,
X509* peer_cert,
const AuthContext& auth_context,
- const certificate::CRLPolicy& crl_policy,
- certificate::TrustStore* cast_trust_store,
- certificate::TrustStore* crl_trust_store,
- const certificate::DateTime& verification_time) {
+ const CRLPolicy& crl_policy,
+ TrustStore* cast_trust_store,
+ TrustStore* crl_trust_store,
+ const DateTime& verification_time) {
DeviceAuthMessage auth_message;
- openscreen::Error result = ParseAuthMessage(challenge_reply, &auth_message);
+ Error result = ParseAuthMessage(challenge_reply, &auth_message);
if (!result.ok()) {
return result;
}
@@ -262,14 +258,12 @@ ErrorOr<CastDeviceCertPolicy> AuthenticateChallengeReplyImpl(
int len = i2d_X509(peer_cert, nullptr);
if (len <= 0) {
- return openscreen::Error(CastCertError::kErrCertsParse,
- "Serializing cert failed.");
+ return Error(Error::Code::kErrCertsParse, "Serializing cert failed.");
}
std::string peer_cert_der(len, 0);
uint8_t* data = reinterpret_cast<uint8_t*>(&peer_cert_der[0]);
if (!i2d_X509(peer_cert, &data)) {
- return openscreen::Error(CastCertError::kErrCertsParse,
- "Serializing cert failed.");
+ return Error(Error::Code::kErrCertsParse, "Serializing cert failed.");
}
size_t actual_size = data - reinterpret_cast<uint8_t*>(&peer_cert_der[0]);
OSP_DCHECK_EQ(actual_size, peer_cert_der.size());
@@ -284,10 +278,9 @@ ErrorOr<CastDeviceCertPolicy> AuthenticateChallengeReply(
const CastMessage& challenge_reply,
X509* peer_cert,
const AuthContext& auth_context) {
- certificate::DateTime now = {};
- OSP_CHECK(certificate::DateTimeFromSeconds(
- openscreen::GetWallTimeSinceUnixEpoch().count(), &now));
- certificate::CRLPolicy policy = certificate::CRLPolicy::kCrlOptional;
+ DateTime now = {};
+ OSP_CHECK(DateTimeFromSeconds(GetWallTimeSinceUnixEpoch().count(), &now));
+ CRLPolicy policy = CRLPolicy::kCrlOptional;
return AuthenticateChallengeReplyImpl(
challenge_reply, peer_cert, auth_context, policy,
/* cast_trust_store */ nullptr, /* crl_trust_store */ nullptr, now);
@@ -297,10 +290,10 @@ ErrorOr<CastDeviceCertPolicy> AuthenticateChallengeReplyForTest(
const CastMessage& challenge_reply,
X509* peer_cert,
const AuthContext& auth_context,
- certificate::CRLPolicy crl_policy,
- certificate::TrustStore* cast_trust_store,
- certificate::TrustStore* crl_trust_store,
- const certificate::DateTime& verification_time) {
+ CRLPolicy crl_policy,
+ TrustStore* cast_trust_store,
+ TrustStore* crl_trust_store,
+ const DateTime& verification_time) {
return AuthenticateChallengeReplyImpl(
challenge_reply, peer_cert, auth_context, crl_policy, cast_trust_store,
crl_trust_store, verification_time);
@@ -326,18 +319,17 @@ ErrorOr<CastDeviceCertPolicy> AuthenticateChallengeReplyForTest(
ErrorOr<CastDeviceCertPolicy> VerifyCredentialsImpl(
const AuthResponse& response,
const std::string& signature_input,
- const certificate::CRLPolicy& crl_policy,
- certificate::TrustStore* cast_trust_store,
- certificate::TrustStore* crl_trust_store,
- const certificate::DateTime& verification_time,
+ const CRLPolicy& crl_policy,
+ TrustStore* cast_trust_store,
+ TrustStore* crl_trust_store,
+ const DateTime& verification_time,
bool enforce_sha256_checking) {
if (response.signature().empty() && !signature_input.empty()) {
- return openscreen::Error(CastCertError::kCastV2SignatureEmpty,
- "Signature is empty.");
+ return Error(Error::Code::kCastV2SignatureEmpty, "Signature is empty.");
}
// Verify the certificate
- std::unique_ptr<certificate::CertVerificationContext> verification_context;
+ std::unique_ptr<CertVerificationContext> verification_context;
// Build a single vector containing the certificate chain.
std::vector<std::string> cert_chain;
@@ -347,43 +339,42 @@ ErrorOr<CastDeviceCertPolicy> VerifyCredentialsImpl(
response.intermediate_certificate().end());
// Parse the CRL.
- std::unique_ptr<certificate::CastCRL> crl;
+ std::unique_ptr<CastCRL> crl;
if (!response.crl().empty()) {
- crl = certificate::ParseAndVerifyCRL(response.crl(), verification_time,
- crl_trust_store);
+ crl = ParseAndVerifyCRL(response.crl(), verification_time, crl_trust_store);
}
// Perform certificate verification.
- certificate::CastDeviceCertPolicy device_policy;
- openscreen::Error verify_result = certificate::VerifyDeviceCert(
- cert_chain, verification_time, &verification_context, &device_policy,
- crl.get(), crl_policy, cast_trust_store);
+ CastDeviceCertPolicy device_policy;
+ Error verify_result =
+ VerifyDeviceCert(cert_chain, verification_time, &verification_context,
+ &device_policy, crl.get(), crl_policy, cast_trust_store);
// Handle and report errors.
- openscreen::Error result = MapToOpenscreenError(
- verify_result.code(), crl_policy == certificate::CRLPolicy::kCrlRequired);
+ Error result = MapToOpenscreenError(verify_result.code(),
+ crl_policy == CRLPolicy::kCrlRequired);
if (!result.ok()) {
return result;
}
// The certificate is verified at this point.
- certificate::DigestAlgorithm digest_algorithm;
- openscreen::Error digest_result = VerifyAndMapDigestAlgorithm(
+ DigestAlgorithm digest_algorithm;
+ Error digest_result = VerifyAndMapDigestAlgorithm(
response.hash_algorithm(), &digest_algorithm, enforce_sha256_checking);
if (!digest_result.ok()) {
return digest_result;
}
- certificate::ConstDataSpan signature = {
+ ConstDataSpan signature = {
reinterpret_cast<const uint8_t*>(response.signature().data()),
static_cast<uint32_t>(response.signature().size())};
- certificate::ConstDataSpan siginput = {
+ ConstDataSpan siginput = {
reinterpret_cast<const uint8_t*>(signature_input.data()),
static_cast<uint32_t>(signature_input.size())};
if (!verification_context->VerifySignatureOverData(signature, siginput,
digest_algorithm)) {
- return openscreen::Error(CastCertError::kCastV2SignedBlobsMismatch,
- "Failed verifying signature over data.");
+ return Error(Error::Code::kCastV2SignedBlobsMismatch,
+ "Failed verifying signature over data.");
}
return device_policy;
@@ -394,12 +385,10 @@ ErrorOr<CastDeviceCertPolicy> VerifyCredentials(
const std::string& signature_input,
bool enforce_revocation_checking,
bool enforce_sha256_checking) {
- certificate::DateTime now = {};
- OSP_CHECK(certificate::DateTimeFromSeconds(
- openscreen::GetWallTimeSinceUnixEpoch().count(), &now));
- certificate::CRLPolicy policy = (enforce_revocation_checking)
- ? certificate::CRLPolicy::kCrlRequired
- : certificate::CRLPolicy::kCrlOptional;
+ DateTime now = {};
+ OSP_CHECK(DateTimeFromSeconds(GetWallTimeSinceUnixEpoch().count(), &now));
+ CRLPolicy policy = (enforce_revocation_checking) ? CRLPolicy::kCrlRequired
+ : CRLPolicy::kCrlOptional;
return VerifyCredentialsImpl(response, signature_input, policy, nullptr,
nullptr, now, enforce_sha256_checking);
}
@@ -407,15 +396,15 @@ ErrorOr<CastDeviceCertPolicy> VerifyCredentials(
ErrorOr<CastDeviceCertPolicy> VerifyCredentialsForTest(
const AuthResponse& response,
const std::string& signature_input,
- certificate::CRLPolicy crl_policy,
- certificate::TrustStore* cast_trust_store,
- certificate::TrustStore* crl_trust_store,
- const certificate::DateTime& verification_time,
+ CRLPolicy crl_policy,
+ TrustStore* cast_trust_store,
+ TrustStore* crl_trust_store,
+ const DateTime& verification_time,
bool enforce_sha256_checking) {
return VerifyCredentialsImpl(response, signature_input, crl_policy,
cast_trust_store, crl_trust_store,
verification_time, enforce_sha256_checking);
}
-} // namespace channel
} // namespace cast
+} // namespace openscreen
diff --git a/cast/sender/channel/cast_auth_util.h b/cast/sender/channel/cast_auth_util.h
index df6299d3..467dfb82 100644
--- a/cast/sender/channel/cast_auth_util.h
+++ b/cast/sender/channel/cast_auth_util.h
@@ -7,28 +7,25 @@
#include <openssl/x509.h>
-#include <chrono>
+#include <chrono> // NOLINT
#include <string>
#include "cast/common/certificate/cast_cert_validator.h"
#include "platform/base/error.h"
namespace cast {
-namespace certificate {
-enum class CRLPolicy;
-struct DateTime;
-struct TrustStore;
-} // namespace certificate
-} // namespace cast
-
-namespace cast {
namespace channel {
-
class AuthResponse;
class CastMessage;
+} // namespace channel
+} // namespace cast
+
+namespace openscreen {
+namespace cast {
-using openscreen::ErrorOr;
-using CastDeviceCertPolicy = certificate::CastDeviceCertPolicy;
+enum class CRLPolicy;
+struct DateTime;
+struct TrustStore;
class AuthContext {
public:
@@ -40,9 +37,8 @@ class AuthContext {
// Verifies the nonce received in the response is equivalent to the one sent.
// Returns success if |nonce_response| matches nonce_
- openscreen::Error VerifySenderNonce(
- const std::string& nonce_response,
- bool enforce_nonce_checking = false) const;
+ Error VerifySenderNonce(const std::string& nonce_response,
+ bool enforce_nonce_checking = false) const;
// The nonce challenge.
const std::string& nonce() const { return nonce_; }
@@ -57,7 +53,7 @@ class AuthContext {
// 1. Signature contained in the reply is valid.
// 2. certificate used to sign is rooted to a trusted CA.
ErrorOr<CastDeviceCertPolicy> AuthenticateChallengeReply(
- const CastMessage& challenge_reply,
+ const ::cast::channel::CastMessage& challenge_reply,
X509* peer_cert,
const AuthContext& auth_context);
@@ -66,24 +62,23 @@ ErrorOr<CastDeviceCertPolicy> AuthenticateChallengeReply(
// Overloaded version of AuthenticateChallengeReply that allows modifying the
// crl policy, trust stores, and verification times.
ErrorOr<CastDeviceCertPolicy> AuthenticateChallengeReplyForTest(
- const CastMessage& challenge_reply,
+ const ::cast::channel::CastMessage& challenge_reply,
X509* peer_cert,
const AuthContext& auth_context,
- certificate::CRLPolicy crl_policy,
- certificate::TrustStore* cast_trust_store,
- certificate::TrustStore* crl_trust_store,
- const certificate::DateTime& verification_time);
+ CRLPolicy crl_policy,
+ TrustStore* cast_trust_store,
+ TrustStore* crl_trust_store,
+ const DateTime& verification_time);
// Performs a quick check of the TLS certificate for time validity requirements.
-openscreen::Error VerifyTLSCertificateValidity(
- X509* peer_cert,
- std::chrono::seconds verification_time);
+Error VerifyTLSCertificateValidity(X509* peer_cert,
+ std::chrono::seconds verification_time);
// Auth-library specific implementation of cryptographic signature verification
// routines. Verifies that |response| contains a valid signature of
// |signature_input|.
ErrorOr<CastDeviceCertPolicy> VerifyCredentials(
- const AuthResponse& response,
+ const ::cast::channel::AuthResponse& response,
const std::string& signature_input,
bool enforce_revocation_checking = false,
bool enforce_sha256_checking = false);
@@ -93,15 +88,15 @@ ErrorOr<CastDeviceCertPolicy> VerifyCredentials(
// Overloaded version of VerifyCredentials that allows modifying the crl policy,
// trust stores, and verification times.
ErrorOr<CastDeviceCertPolicy> VerifyCredentialsForTest(
- const AuthResponse& response,
+ const ::cast::channel::AuthResponse& response,
const std::string& signature_input,
- certificate::CRLPolicy crl_policy,
- certificate::TrustStore* cast_trust_store,
- certificate::TrustStore* crl_trust_store,
- const certificate::DateTime& verification_time,
+ CRLPolicy crl_policy,
+ TrustStore* cast_trust_store,
+ TrustStore* crl_trust_store,
+ const DateTime& verification_time,
bool enforce_sha256_checking = false);
-} // namespace channel
} // namespace cast
+} // namespace openscreen
#endif // CAST_SENDER_CHANNEL_CAST_AUTH_UTIL_H_
diff --git a/cast/sender/channel/cast_auth_util_unittest.cc b/cast/sender/channel/cast_auth_util_unittest.cc
index 5dec424d..93fb913e 100644
--- a/cast/sender/channel/cast_auth_util_unittest.cc
+++ b/cast/sender/channel/cast_auth_util_unittest.cc
@@ -16,13 +16,13 @@
#include "testing/util/read_file.h"
#include "util/logging.h"
+namespace openscreen {
namespace cast {
-namespace channel {
namespace {
-using ErrorCode = openscreen::Error::Code;
+using ::cast::channel::AuthResponse;
-bool ConvertTimeSeconds(const certificate::DateTime& time, uint64_t* seconds) {
+bool ConvertTimeSeconds(const DateTime& time, uint64_t* seconds) {
static constexpr uint64_t kDaysPerYear = 365;
static constexpr uint64_t kHoursPerDay = 24;
static constexpr uint64_t kMinutesPerHour = 60;
@@ -102,7 +102,7 @@ bool ConvertTimeSeconds(const certificate::DateTime& time, uint64_t* seconds) {
#define TEST_DATA_PREFIX OPENSCREEN_TEST_DATA_DIR "cast/common/certificate/"
-class CastAuthUtilTest : public testing::Test {
+class CastAuthUtilTest : public ::testing::Test {
public:
CastAuthUtilTest() {}
~CastAuthUtilTest() override {}
@@ -110,16 +110,15 @@ class CastAuthUtilTest : public testing::Test {
void SetUp() override {}
protected:
- static AuthResponse CreateAuthResponse(std::string* signed_data,
- HashAlgorithm digest_algorithm) {
- std::vector<std::string> chain =
- certificate::testing::ReadCertificatesFromPemFile(
- TEST_DATA_PREFIX "certificates/chromecast_gen1.pem");
+ static AuthResponse CreateAuthResponse(
+ std::string* signed_data,
+ ::cast::channel::HashAlgorithm digest_algorithm) {
+ std::vector<std::string> chain = testing::ReadCertificatesFromPemFile(
+ TEST_DATA_PREFIX "certificates/chromecast_gen1.pem");
OSP_CHECK(!chain.empty());
- certificate::testing::SignatureTestData signatures =
- certificate::testing::ReadSignatureTestData(
- TEST_DATA_PREFIX "signeddata/2ZZBG9_FA8FCA3EF91A.pem");
+ testing::SignatureTestData signatures = testing::ReadSignatureTestData(
+ TEST_DATA_PREFIX "signeddata/2ZZBG9_FA8FCA3EF91A.pem");
AuthResponse response;
@@ -130,12 +129,12 @@ class CastAuthUtilTest : public testing::Test {
response.set_hash_algorithm(digest_algorithm);
switch (digest_algorithm) {
- case SHA1:
+ case ::cast::channel::SHA1:
response.set_signature(
std::string(reinterpret_cast<const char*>(signatures.sha1.data),
signatures.sha1.length));
break;
- case SHA256:
+ case ::cast::channel::SHA256:
response.set_signature(
std::string(reinterpret_cast<const char*>(signatures.sha256.data),
signatures.sha256.length));
@@ -156,96 +155,100 @@ class CastAuthUtilTest : public testing::Test {
// being verified doesn't expire until 2032.
TEST_F(CastAuthUtilTest, VerifySuccess) {
std::string signed_data;
- AuthResponse auth_response = CreateAuthResponse(&signed_data, SHA256);
- certificate::DateTime now = {};
- ASSERT_TRUE(certificate::DateTimeFromSeconds(
- openscreen::GetWallTimeSinceUnixEpoch().count(), &now));
- ErrorOr<CastDeviceCertPolicy> result = VerifyCredentialsForTest(
- auth_response, signed_data, certificate::CRLPolicy::kCrlOptional, nullptr,
- nullptr, now);
+ AuthResponse auth_response =
+ CreateAuthResponse(&signed_data, ::cast::channel::SHA256);
+ DateTime now = {};
+ ASSERT_TRUE(DateTimeFromSeconds(GetWallTimeSinceUnixEpoch().count(), &now));
+ ErrorOr<CastDeviceCertPolicy> result =
+ VerifyCredentialsForTest(auth_response, signed_data,
+ CRLPolicy::kCrlOptional, nullptr, nullptr, now);
EXPECT_TRUE(result);
- EXPECT_EQ(certificate::CastDeviceCertPolicy::kUnrestricted, result.value());
+ EXPECT_EQ(CastDeviceCertPolicy::kUnrestricted, result.value());
}
TEST_F(CastAuthUtilTest, VerifyBadCA) {
std::string signed_data;
- AuthResponse auth_response = CreateAuthResponse(&signed_data, SHA256);
+ AuthResponse auth_response =
+ CreateAuthResponse(&signed_data, ::cast::channel::SHA256);
MangleString(auth_response.mutable_intermediate_certificate(0));
ErrorOr<CastDeviceCertPolicy> result =
VerifyCredentials(auth_response, signed_data);
EXPECT_FALSE(result);
- EXPECT_EQ(ErrorCode::kErrCertsParse, result.error().code());
+ EXPECT_EQ(Error::Code::kErrCertsParse, result.error().code());
}
TEST_F(CastAuthUtilTest, VerifyBadClientAuthCert) {
std::string signed_data;
- AuthResponse auth_response = CreateAuthResponse(&signed_data, SHA256);
+ AuthResponse auth_response =
+ CreateAuthResponse(&signed_data, ::cast::channel::SHA256);
MangleString(auth_response.mutable_client_auth_certificate());
ErrorOr<CastDeviceCertPolicy> result =
VerifyCredentials(auth_response, signed_data);
EXPECT_FALSE(result);
- EXPECT_EQ(ErrorCode::kErrCertsParse, result.error().code());
+ EXPECT_EQ(Error::Code::kErrCertsParse, result.error().code());
}
TEST_F(CastAuthUtilTest, VerifyBadSignature) {
std::string signed_data;
- AuthResponse auth_response = CreateAuthResponse(&signed_data, SHA256);
+ AuthResponse auth_response =
+ CreateAuthResponse(&signed_data, ::cast::channel::SHA256);
MangleString(auth_response.mutable_signature());
ErrorOr<CastDeviceCertPolicy> result =
VerifyCredentials(auth_response, signed_data);
EXPECT_FALSE(result);
- EXPECT_EQ(ErrorCode::kCastV2SignedBlobsMismatch, result.error().code());
+ EXPECT_EQ(Error::Code::kCastV2SignedBlobsMismatch, result.error().code());
}
TEST_F(CastAuthUtilTest, VerifyEmptySignature) {
std::string signed_data;
- AuthResponse auth_response = CreateAuthResponse(&signed_data, SHA256);
+ AuthResponse auth_response =
+ CreateAuthResponse(&signed_data, ::cast::channel::SHA256);
auth_response.mutable_signature()->clear();
ErrorOr<CastDeviceCertPolicy> result =
VerifyCredentials(auth_response, signed_data);
EXPECT_FALSE(result);
- EXPECT_EQ(ErrorCode::kCastV2SignatureEmpty, result.error().code());
+ EXPECT_EQ(Error::Code::kCastV2SignatureEmpty, result.error().code());
}
TEST_F(CastAuthUtilTest, VerifyUnsupportedDigest) {
std::string signed_data;
- AuthResponse auth_response = CreateAuthResponse(&signed_data, SHA1);
- certificate::DateTime now = {};
- ASSERT_TRUE(certificate::DateTimeFromSeconds(
- openscreen::GetWallTimeSinceUnixEpoch().count(), &now));
+ AuthResponse auth_response =
+ CreateAuthResponse(&signed_data, ::cast::channel::SHA1);
+ DateTime now = {};
+ ASSERT_TRUE(DateTimeFromSeconds(GetWallTimeSinceUnixEpoch().count(), &now));
ErrorOr<CastDeviceCertPolicy> result = VerifyCredentialsForTest(
- auth_response, signed_data, certificate::CRLPolicy::kCrlOptional, nullptr,
- nullptr, now, true);
+ auth_response, signed_data, CRLPolicy::kCrlOptional, nullptr, nullptr,
+ now, true);
EXPECT_FALSE(result);
- EXPECT_EQ(ErrorCode::kCastV2DigestUnsupported, result.error().code());
+ EXPECT_EQ(Error::Code::kCastV2DigestUnsupported, result.error().code());
}
TEST_F(CastAuthUtilTest, VerifyBackwardsCompatibleDigest) {
std::string signed_data;
- AuthResponse auth_response = CreateAuthResponse(&signed_data, SHA1);
- certificate::DateTime now = {};
- ASSERT_TRUE(certificate::DateTimeFromSeconds(
- openscreen::GetWallTimeSinceUnixEpoch().count(), &now));
- ErrorOr<CastDeviceCertPolicy> result = VerifyCredentialsForTest(
- auth_response, signed_data, certificate::CRLPolicy::kCrlOptional, nullptr,
- nullptr, now);
+ AuthResponse auth_response =
+ CreateAuthResponse(&signed_data, ::cast::channel::SHA1);
+ DateTime now = {};
+ ASSERT_TRUE(DateTimeFromSeconds(GetWallTimeSinceUnixEpoch().count(), &now));
+ ErrorOr<CastDeviceCertPolicy> result =
+ VerifyCredentialsForTest(auth_response, signed_data,
+ CRLPolicy::kCrlOptional, nullptr, nullptr, now);
EXPECT_TRUE(result);
}
TEST_F(CastAuthUtilTest, VerifyBadPeerCert) {
std::string signed_data;
- AuthResponse auth_response = CreateAuthResponse(&signed_data, SHA256);
+ AuthResponse auth_response =
+ CreateAuthResponse(&signed_data, ::cast::channel::SHA256);
MangleString(&signed_data);
ErrorOr<CastDeviceCertPolicy> result =
VerifyCredentials(auth_response, signed_data);
EXPECT_FALSE(result);
- EXPECT_EQ(ErrorCode::kCastV2SignedBlobsMismatch, result.error().code());
+ EXPECT_EQ(Error::Code::kCastV2SignedBlobsMismatch, result.error().code());
}
TEST_F(CastAuthUtilTest, VerifySenderNonceMatch) {
AuthContext context = AuthContext::Create();
- const openscreen::Error result =
- context.VerifySenderNonce(context.nonce(), true);
+ const Error result = context.VerifySenderNonce(context.nonce(), true);
EXPECT_TRUE(result.ok());
}
@@ -256,7 +259,7 @@ TEST_F(CastAuthUtilTest, VerifySenderNonceMismatch) {
ErrorOr<CastDeviceCertPolicy> result =
context.VerifySenderNonce(received_nonce, true);
EXPECT_FALSE(result);
- EXPECT_EQ(ErrorCode::kCastV2SenderNonceMismatch, result.error().code());
+ EXPECT_EQ(Error::Code::kCastV2SenderNonceMismatch, result.error().code());
}
TEST_F(CastAuthUtilTest, VerifySenderNonceMissing) {
@@ -266,40 +269,36 @@ TEST_F(CastAuthUtilTest, VerifySenderNonceMissing) {
ErrorOr<CastDeviceCertPolicy> result =
context.VerifySenderNonce(received_nonce, true);
EXPECT_FALSE(result);
- EXPECT_EQ(ErrorCode::kCastV2SenderNonceMismatch, result.error().code());
+ EXPECT_EQ(Error::Code::kCastV2SenderNonceMismatch, result.error().code());
}
TEST_F(CastAuthUtilTest, VerifyTLSCertificateSuccess) {
- std::vector<std::string> tls_cert_der =
- certificate::testing::ReadCertificatesFromPemFile(
- TEST_DATA_PREFIX "certificates/test_tls_cert.pem");
+ std::vector<std::string> tls_cert_der = testing::ReadCertificatesFromPemFile(
+ TEST_DATA_PREFIX "certificates/test_tls_cert.pem");
std::string& der_cert = tls_cert_der[0];
const uint8_t* data = (const uint8_t*)der_cert.data();
X509* tls_cert = d2i_X509(nullptr, &data, der_cert.size());
- certificate::DateTime not_before;
- certificate::DateTime not_after;
- ASSERT_TRUE(
- certificate::GetCertValidTimeRange(tls_cert, &not_before, &not_after));
+ DateTime not_before;
+ DateTime not_after;
+ ASSERT_TRUE(GetCertValidTimeRange(tls_cert, &not_before, &not_after));
uint64_t x;
ASSERT_TRUE(ConvertTimeSeconds(not_before, &x));
std::chrono::seconds s(x);
- const openscreen::Error result = VerifyTLSCertificateValidity(tls_cert, s);
+ const Error result = VerifyTLSCertificateValidity(tls_cert, s);
EXPECT_TRUE(result.ok());
X509_free(tls_cert);
}
TEST_F(CastAuthUtilTest, VerifyTLSCertificateTooEarly) {
- std::vector<std::string> tls_cert_der =
- certificate::testing::ReadCertificatesFromPemFile(
- TEST_DATA_PREFIX "certificates/test_tls_cert.pem");
+ std::vector<std::string> tls_cert_der = testing::ReadCertificatesFromPemFile(
+ TEST_DATA_PREFIX "certificates/test_tls_cert.pem");
std::string& der_cert = tls_cert_der[0];
const uint8_t* data = (const uint8_t*)der_cert.data();
X509* tls_cert = d2i_X509(nullptr, &data, der_cert.size());
- certificate::DateTime not_before;
- certificate::DateTime not_after;
- ASSERT_TRUE(
- certificate::GetCertValidTimeRange(tls_cert, &not_before, &not_after));
+ DateTime not_before;
+ DateTime not_after;
+ ASSERT_TRUE(GetCertValidTimeRange(tls_cert, &not_before, &not_after));
uint64_t x;
ASSERT_TRUE(ConvertTimeSeconds(not_before, &x));
std::chrono::seconds s(x - 1);
@@ -307,22 +306,20 @@ TEST_F(CastAuthUtilTest, VerifyTLSCertificateTooEarly) {
ErrorOr<CastDeviceCertPolicy> result =
VerifyTLSCertificateValidity(tls_cert, s);
EXPECT_FALSE(result);
- EXPECT_EQ(ErrorCode::kCastV2TlsCertValidStartDateInFuture,
+ EXPECT_EQ(Error::Code::kCastV2TlsCertValidStartDateInFuture,
result.error().code());
X509_free(tls_cert);
}
TEST_F(CastAuthUtilTest, VerifyTLSCertificateTooLate) {
- std::vector<std::string> tls_cert_der =
- certificate::testing::ReadCertificatesFromPemFile(
- TEST_DATA_PREFIX "certificates/test_tls_cert.pem");
+ std::vector<std::string> tls_cert_der = testing::ReadCertificatesFromPemFile(
+ TEST_DATA_PREFIX "certificates/test_tls_cert.pem");
std::string& der_cert = tls_cert_der[0];
const uint8_t* data = (const uint8_t*)der_cert.data();
X509* tls_cert = d2i_X509(nullptr, &data, der_cert.size());
- certificate::DateTime not_before;
- certificate::DateTime not_after;
- ASSERT_TRUE(
- certificate::GetCertValidTimeRange(tls_cert, &not_before, &not_after));
+ DateTime not_before;
+ DateTime not_after;
+ ASSERT_TRUE(GetCertValidTimeRange(tls_cert, &not_before, &not_after));
uint64_t x;
ASSERT_TRUE(ConvertTimeSeconds(not_after, &x));
std::chrono::seconds s(x + 2);
@@ -330,7 +327,7 @@ TEST_F(CastAuthUtilTest, VerifyTLSCertificateTooLate) {
ErrorOr<CastDeviceCertPolicy> result =
VerifyTLSCertificateValidity(tls_cert, s);
EXPECT_FALSE(result);
- EXPECT_EQ(ErrorCode::kCastV2TlsCertExpired, result.error().code());
+ EXPECT_EQ(Error::Code::kCastV2TlsCertExpired, result.error().code());
X509_free(tls_cert);
}
@@ -348,10 +345,10 @@ enum TestStepResult {
ErrorOr<CastDeviceCertPolicy> TestVerifyRevocation(
const std::vector<std::string>& certificate_chain,
const std::string& crl_bundle,
- const certificate::DateTime& verification_time,
+ const DateTime& verification_time,
bool crl_required,
- certificate::TrustStore* cast_trust_store,
- certificate::TrustStore* crl_trust_store) {
+ TrustStore* cast_trust_store,
+ TrustStore* crl_trust_store) {
AuthResponse response;
if (certificate_chain.size() > 0) {
@@ -363,9 +360,9 @@ ErrorOr<CastDeviceCertPolicy> TestVerifyRevocation(
response.set_crl(crl_bundle);
- certificate::CRLPolicy crl_policy = certificate::CRLPolicy::kCrlRequired;
+ CRLPolicy crl_policy = CRLPolicy::kCrlRequired;
if (!crl_required && crl_bundle.empty())
- crl_policy = certificate::CRLPolicy::kCrlOptional;
+ crl_policy = CRLPolicy::kCrlOptional;
ErrorOr<CastDeviceCertPolicy> result =
VerifyCredentialsForTest(response, "", crl_policy, cast_trust_store,
crl_trust_store, verification_time);
@@ -375,13 +372,13 @@ ErrorOr<CastDeviceCertPolicy> TestVerifyRevocation(
}
// Runs a single test case.
-bool RunTest(const certificate::DeviceCertTest& test_case) {
- std::unique_ptr<certificate::TrustStore> crl_trust_store;
- std::unique_ptr<certificate::TrustStore> cast_trust_store;
+bool RunTest(const DeviceCertTest& test_case) {
+ std::unique_ptr<TrustStore> crl_trust_store;
+ std::unique_ptr<TrustStore> cast_trust_store;
if (test_case.use_test_trust_anchors()) {
- crl_trust_store = certificate::testing::CreateTrustStoreFromPemFile(
+ crl_trust_store = testing::CreateTrustStoreFromPemFile(
TEST_DATA_PREFIX "certificates/cast_crl_test_root_ca.pem");
- cast_trust_store = certificate::testing::CreateTrustStoreFromPemFile(
+ cast_trust_store = testing::CreateTrustStoreFromPemFile(
TEST_DATA_PREFIX "certificates/cast_test_root_ca.pem");
EXPECT_FALSE(crl_trust_store->certs.empty());
@@ -394,51 +391,49 @@ bool RunTest(const certificate::DeviceCertTest& test_case) {
}
// CastAuthUtil verifies the CRL at the same time as the certificate.
- certificate::DateTime verification_time;
+ DateTime verification_time;
uint64_t cert_verify_time = test_case.cert_verification_time_seconds();
if (!cert_verify_time) {
cert_verify_time = test_case.crl_verification_time_seconds();
}
- OSP_DCHECK(
- certificate::DateTimeFromSeconds(cert_verify_time, &verification_time));
+ OSP_DCHECK(DateTimeFromSeconds(cert_verify_time, &verification_time));
std::string crl_bundle = test_case.crl_bundle();
- ErrorOr<CastDeviceCertPolicy> result(
- certificate::CastDeviceCertPolicy::kUnrestricted);
+ ErrorOr<CastDeviceCertPolicy> result(CastDeviceCertPolicy::kUnrestricted);
switch (test_case.expected_result()) {
- case certificate::PATH_VERIFICATION_FAILED:
+ case PATH_VERIFICATION_FAILED:
result = TestVerifyRevocation(
certificate_chain, crl_bundle, verification_time, false,
cast_trust_store.get(), crl_trust_store.get());
EXPECT_EQ(result.error().code(),
- ErrorCode::kCastV2CertNotSignedByTrustedCa);
+ Error::Code::kCastV2CertNotSignedByTrustedCa);
return result.error().code() ==
- ErrorCode::kCastV2CertNotSignedByTrustedCa;
- case certificate::CRL_VERIFICATION_FAILED:
+ Error::Code::kCastV2CertNotSignedByTrustedCa;
+ case CRL_VERIFICATION_FAILED:
// Fall-through intended.
- case certificate::REVOCATION_CHECK_FAILED_WITHOUT_CRL:
+ case REVOCATION_CHECK_FAILED_WITHOUT_CRL:
result = TestVerifyRevocation(
certificate_chain, crl_bundle, verification_time, true,
cast_trust_store.get(), crl_trust_store.get());
- EXPECT_EQ(result.error().code(), ErrorCode::kErrCrlInvalid);
- return result.error().code() == ErrorCode::kErrCrlInvalid;
- case certificate::CRL_EXPIRED_AFTER_INITIAL_VERIFICATION:
+ EXPECT_EQ(result.error().code(), Error::Code::kErrCrlInvalid);
+ return result.error().code() == Error::Code::kErrCrlInvalid;
+ case CRL_EXPIRED_AFTER_INITIAL_VERIFICATION:
// By-pass this test because CRL is always verified at the time the
// certificate is verified.
return true;
- case certificate::REVOCATION_CHECK_FAILED:
+ case REVOCATION_CHECK_FAILED:
result = TestVerifyRevocation(
certificate_chain, crl_bundle, verification_time, true,
cast_trust_store.get(), crl_trust_store.get());
- EXPECT_EQ(result.error().code(), ErrorCode::kErrCertsRevoked);
- return result.error().code() == ErrorCode::kErrCertsRevoked;
- case certificate::SUCCESS:
+ EXPECT_EQ(result.error().code(), Error::Code::kErrCertsRevoked);
+ return result.error().code() == Error::Code::kErrCertsRevoked;
+ case SUCCESS:
result = TestVerifyRevocation(
certificate_chain, crl_bundle, verification_time, false,
cast_trust_store.get(), crl_trust_store.get());
- EXPECT_EQ(result.error().code(), ErrorCode::kCastV2SignedBlobsMismatch);
- return result.error().code() == ErrorCode::kCastV2SignedBlobsMismatch;
- case certificate::UNSPECIFIED:
+ EXPECT_EQ(result.error().code(), Error::Code::kCastV2SignedBlobsMismatch);
+ return result.error().code() == Error::Code::kCastV2SignedBlobsMismatch;
+ case UNSPECIFIED:
return false;
}
return false;
@@ -449,9 +444,8 @@ bool RunTest(const certificate::DeviceCertTest& test_case) {
// To see the description of the test, execute the test.
// These tests are generated by a test generator in google3.
void RunTestSuite(const std::string& test_suite_file_name) {
- std::string testsuite_raw =
- openscreen::ReadEntireFileToString(test_suite_file_name);
- certificate::DeviceCertTestSuite test_suite;
+ std::string testsuite_raw = ReadEntireFileToString(test_suite_file_name);
+ DeviceCertTestSuite test_suite;
EXPECT_TRUE(test_suite.ParseFromString(testsuite_raw));
uint16_t successes = 0;
@@ -470,5 +464,5 @@ TEST_F(CastAuthUtilTest, CRLTestSuite) {
}
} // namespace
-} // namespace channel
} // namespace cast
+} // namespace openscreen
diff --git a/cast/sender/channel/message_util.cc b/cast/sender/channel/message_util.cc
index ab3ed5d8..48623cee 100644
--- a/cast/sender/channel/message_util.cc
+++ b/cast/sender/channel/message_util.cc
@@ -6,8 +6,12 @@
#include "cast/sender/channel/cast_auth_util.h"
+namespace openscreen {
namespace cast {
-namespace channel {
+
+using ::cast::channel::AuthChallenge;
+using ::cast::channel::CastMessage;
+using ::cast::channel::DeviceAuthMessage;
CastMessage CreateAuthChallengeMessage(const AuthContext& auth_context) {
CastMessage message;
@@ -15,7 +19,7 @@ CastMessage CreateAuthChallengeMessage(const AuthContext& auth_context) {
AuthChallenge* challenge = auth_message.mutable_challenge();
challenge->set_sender_nonce(auth_context.nonce());
- challenge->set_hash_algorithm(SHA256);
+ challenge->set_hash_algorithm(::cast::channel::SHA256);
std::string auth_message_string;
auth_message.SerializeToString(&auth_message_string);
@@ -24,11 +28,11 @@ CastMessage CreateAuthChallengeMessage(const AuthContext& auth_context) {
message.set_source_id(kPlatformSenderId);
message.set_destination_id(kPlatformReceiverId);
message.set_namespace_(kAuthNamespace);
- message.set_payload_type(CastMessage_PayloadType_BINARY);
+ message.set_payload_type(::cast::channel::CastMessage_PayloadType_BINARY);
message.set_payload_binary(auth_message_string);
return message;
}
-} // namespace channel
} // namespace cast
+} // namespace openscreen
diff --git a/cast/sender/channel/message_util.h b/cast/sender/channel/message_util.h
index e2da0cd8..944165bc 100644
--- a/cast/sender/channel/message_util.h
+++ b/cast/sender/channel/message_util.h
@@ -8,14 +8,15 @@
#include "cast/common/channel/message_util.h"
#include "cast/common/channel/proto/cast_channel.pb.h"
+namespace openscreen {
namespace cast {
-namespace channel {
class AuthContext;
-CastMessage CreateAuthChallengeMessage(const AuthContext& auth_context);
+::cast::channel::CastMessage CreateAuthChallengeMessage(
+ const AuthContext& auth_context);
-} // namespace channel
} // namespace cast
+} // namespace openscreen
#endif // CAST_SENDER_CHANNEL_MESSAGE_UTIL_H_
diff --git a/cast/sender/channel/sender_socket_factory.cc b/cast/sender/channel/sender_socket_factory.cc
index b185113d..8dff73c4 100644
--- a/cast/sender/channel/sender_socket_factory.cc
+++ b/cast/sender/channel/sender_socket_factory.cc
@@ -5,18 +5,15 @@
#include "cast/sender/channel/sender_socket_factory.h"
#include "cast/common/channel/cast_socket.h"
+#include "cast/common/channel/proto/cast_channel.pb.h"
#include "cast/sender/channel/message_util.h"
#include "platform/base/tls_connect_options.h"
#include "util/crypto/certificate_utils.h"
-namespace cast {
-namespace channel {
+using ::cast::channel::CastMessage;
-using openscreen::Error;
-using openscreen::IPEndpoint;
-using openscreen::TlsConnection;
-using openscreen::TlsConnectionFactory;
-using openscreen::TlsConnectOptions;
+namespace openscreen {
+namespace cast {
bool operator<(const std::unique_ptr<SenderSocketFactory::PendingAuth>& a,
uint32_t b) {
@@ -68,8 +65,8 @@ void SenderSocketFactory::OnConnected(
CastSocket::Client* client = it->client;
pending_connections_.erase(it);
- ErrorOr<bssl::UniquePtr<X509>> peer_cert = openscreen::ImportCertificate(
- der_x509_peer_cert.data(), der_x509_peer_cert.size());
+ ErrorOr<bssl::UniquePtr<X509>> peer_cert =
+ ImportCertificate(der_x509_peer_cert.data(), der_x509_peer_cert.size());
if (!peer_cert) {
client_->OnError(this, endpoint, peer_cert.error());
return;
@@ -170,5 +167,5 @@ void SenderSocketFactory::OnMessage(CastSocket* socket, CastMessage message) {
client_->OnConnected(this, pending->endpoint, std::move(pending->socket));
}
-} // namespace channel
} // namespace cast
+} // namespace openscreen
diff --git a/cast/sender/channel/sender_socket_factory.h b/cast/sender/channel/sender_socket_factory.h
index c58b369a..9cb31066 100644
--- a/cast/sender/channel/sender_socket_factory.h
+++ b/cast/sender/channel/sender_socket_factory.h
@@ -12,26 +12,26 @@
#include <vector>
#include "cast/common/channel/cast_socket.h"
+#include "cast/common/channel/proto/cast_channel.pb.h"
#include "cast/sender/channel/cast_auth_util.h"
#include "platform/api/tls_connection_factory.h"
#include "platform/base/ip_address.h"
#include "util/logging.h"
+namespace openscreen {
namespace cast {
-namespace channel {
-class SenderSocketFactory final
- : public openscreen::TlsConnectionFactory::Client,
- public CastSocket::Client {
+class SenderSocketFactory final : public TlsConnectionFactory::Client,
+ public CastSocket::Client {
public:
class Client {
public:
virtual void OnConnected(SenderSocketFactory* factory,
- const openscreen::IPEndpoint& endpoint,
+ const IPEndpoint& endpoint,
std::unique_ptr<CastSocket> socket) = 0;
virtual void OnError(SenderSocketFactory* factory,
- const openscreen::IPEndpoint& endpoint,
- openscreen::Error error) = 0;
+ const IPEndpoint& endpoint,
+ Error error) = 0;
};
enum class DeviceMediaPolicy {
@@ -43,39 +43,35 @@ class SenderSocketFactory final
explicit SenderSocketFactory(Client* client);
~SenderSocketFactory();
- void set_factory(openscreen::TlsConnectionFactory* factory) {
+ void set_factory(TlsConnectionFactory* factory) {
OSP_DCHECK(factory);
factory_ = factory;
}
- void Connect(const openscreen::IPEndpoint& endpoint,
+ void Connect(const IPEndpoint& endpoint,
DeviceMediaPolicy media_policy,
CastSocket::Client* client);
- // openscreen::TlsConnectionFactory::Client overrides.
- void OnAccepted(
- openscreen::TlsConnectionFactory* factory,
- std::vector<uint8_t> der_x509_peer_cert,
- std::unique_ptr<openscreen::TlsConnection> connection) override;
- void OnConnected(
- openscreen::TlsConnectionFactory* factory,
- std::vector<uint8_t> der_x509_peer_cert,
- std::unique_ptr<openscreen::TlsConnection> connection) override;
- void OnConnectionFailed(
- openscreen::TlsConnectionFactory* factory,
- const openscreen::IPEndpoint& remote_address) override;
- void OnError(openscreen::TlsConnectionFactory* factory,
- openscreen::Error error) override;
+ // TlsConnectionFactory::Client overrides.
+ void OnAccepted(TlsConnectionFactory* factory,
+ std::vector<uint8_t> der_x509_peer_cert,
+ std::unique_ptr<TlsConnection> connection) override;
+ void OnConnected(TlsConnectionFactory* factory,
+ std::vector<uint8_t> der_x509_peer_cert,
+ std::unique_ptr<TlsConnection> connection) override;
+ void OnConnectionFailed(TlsConnectionFactory* factory,
+ const IPEndpoint& remote_address) override;
+ void OnError(TlsConnectionFactory* factory, Error error) override;
private:
struct PendingConnection {
- openscreen::IPEndpoint endpoint;
+ IPEndpoint endpoint;
DeviceMediaPolicy media_policy;
CastSocket::Client* client;
};
struct PendingAuth {
- openscreen::IPEndpoint endpoint;
+ IPEndpoint endpoint;
DeviceMediaPolicy media_policy;
std::unique_ptr<CastSocket> socket;
CastSocket::Client* client;
@@ -87,19 +83,20 @@ class SenderSocketFactory final
friend bool operator<(uint32_t a, const std::unique_ptr<PendingAuth>& b);
std::vector<PendingConnection>::iterator FindPendingConnection(
- const openscreen::IPEndpoint& endpoint);
+ const IPEndpoint& endpoint);
// CastSocket::Client overrides.
- void OnError(CastSocket* socket, openscreen::Error error) override;
- void OnMessage(CastSocket* socket, CastMessage message) override;
+ void OnError(CastSocket* socket, Error error) override;
+ void OnMessage(CastSocket* socket,
+ ::cast::channel::CastMessage message) override;
Client* const client_;
- openscreen::TlsConnectionFactory* factory_ = nullptr;
+ TlsConnectionFactory* factory_ = nullptr;
std::vector<PendingConnection> pending_connections_;
std::vector<std::unique_ptr<PendingAuth>> pending_auth_;
};
-} // namespace channel
} // namespace cast
+} // namespace openscreen
#endif // CAST_SENDER_CHANNEL_SENDER_SOCKET_FACTORY_H_
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 23:19:10 +0000