diff options
| author | mark a. foltz <mfoltz@chromium.org> | 2019-12-23 20:30:41 +0000 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2019-12-23 20:42:15 +0000 |
| commit | f6c90903dd65e65e997b1fa39638ff8bb72af15a (patch) | |
| tree | bda7b93ecc9a29dd8de0bdb39d22b239a1394459 /cast/sender | |
| parent | 80ed3d779e3e38de94656bf59ff4b62534c797fe (diff) | |
| download | openscreen-f6c90903dd65e65e997b1fa39638ff8bb72af15a.tar.gz | |
Revert "Replace namespace cast::something with openscreen::cast."
This reverts commit 80ed3d779e3e38de94656bf59ff4b62534c797fe.
Reason for revert: Broke chromium bots
Original change's description:
> Replace namespace cast::something with openscreen::cast.
>
> ...and fixed a few C++ style issues around use of rvals in files
> touched.
>
> Bug: openscreen:90
> Change-Id: Ib14fb1c47dfafec1fefe0cad31bce764aae0272e
> Reviewed-on: https://chromium-review.googlesource.com/c/openscreen/+/1959204
> Commit-Queue: Yuri Wiitala <miu@chromium.org>
> Reviewed-by: Jordan Bayles <jophba@chromium.org>
TBR=miu@chromium.org,jophba@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: openscreen:90
Change-Id: Ia67dd400b6ffcf98ec64d460855ebd8c3b8dc3de
Reviewed-on: https://chromium-review.googlesource.com/c/openscreen/+/1980852
Reviewed-by: mark a. foltz <mfoltz@chromium.org>
Commit-Queue: mark a. foltz <mfoltz@chromium.org>
Diffstat (limited to 'cast/sender')
| -rw-r--r-- | cast/sender/channel/cast_auth_util.cc | 281 | ||||
| -rw-r--r-- | cast/sender/channel/cast_auth_util.h | 57 | ||||
| -rw-r--r-- | cast/sender/channel/cast_auth_util_unittest.cc | 210 | ||||
| -rw-r--r-- | cast/sender/channel/message_util.cc | 12 | ||||
| -rw-r--r-- | cast/sender/channel/message_util.h | 7 | ||||
| -rw-r--r-- | cast/sender/channel/sender_socket_factory.cc | 17 | ||||
| -rw-r--r-- | cast/sender/channel/sender_socket_factory.h | 57 |
7 files changed, 332 insertions, 309 deletions
diff --git a/cast/sender/channel/cast_auth_util.cc b/cast/sender/channel/cast_auth_util.cc index 6954980a..5201aa11 100644 --- a/cast/sender/channel/cast_auth_util.cc +++ b/cast/sender/channel/cast_auth_util.cc @@ -16,14 +16,8 @@ #include "platform/base/error.h" #include "util/logging.h" -namespace openscreen { namespace cast { - -using ::cast::channel::AuthResponse; -using ::cast::channel::CastMessage; -using ::cast::channel::DeviceAuthMessage; -using ::cast::channel::HashAlgorithm; - +namespace channel { namespace { #define PARSE_ERROR_PREFIX "Failed to parse auth message: " @@ -37,35 +31,40 @@ const int kNonceSizeInBytes = 16; // The number of hours after which a nonce is regenerated. long kNonceExpirationTimeInHours = 24; +using CastCertError = openscreen::Error::Code; + // Extracts an embedded DeviceAuthMessage payload from an auth challenge reply // message. -Error ParseAuthMessage(const CastMessage& challenge_reply, - DeviceAuthMessage* auth_message) { - if (challenge_reply.payload_type() != - ::cast::channel::CastMessage_PayloadType_BINARY) { - return Error(Error::Code::kCastV2WrongPayloadType, - PARSE_ERROR_PREFIX "Wrong payload type in challenge reply"); +openscreen::Error ParseAuthMessage(const CastMessage& challenge_reply, + DeviceAuthMessage* auth_message) { + if (challenge_reply.payload_type() != CastMessage_PayloadType_BINARY) { + return openscreen::Error(CastCertError::kCastV2WrongPayloadType, + PARSE_ERROR_PREFIX + "Wrong payload type in challenge reply"); } if (!challenge_reply.has_payload_binary()) { - return Error(Error::Code::kCastV2NoPayload, PARSE_ERROR_PREFIX - "Payload type is binary but payload_binary field not set"); + return openscreen::Error( + CastCertError::kCastV2NoPayload, PARSE_ERROR_PREFIX + "Payload type is binary but payload_binary field not set"); } if (!auth_message->ParseFromString(challenge_reply.payload_binary())) { - return Error(Error::Code::kCastV2PayloadParsingFailed, PARSE_ERROR_PREFIX - "Cannot parse binary payload into DeviceAuthMessage"); + return openscreen::Error( + CastCertError::kCastV2PayloadParsingFailed, PARSE_ERROR_PREFIX + "Cannot parse binary payload into DeviceAuthMessage"); } if (auth_message->has_error()) { std::stringstream ss; ss << PARSE_ERROR_PREFIX "Auth message error: " << auth_message->error().error_type(); - return Error(Error::Code::kCastV2MessageError, ss.str()); + return openscreen::Error(CastCertError::kCastV2MessageError, ss.str()); } if (!auth_message->has_response()) { - return Error(Error::Code::kCastV2NoResponse, - PARSE_ERROR_PREFIX "Auth message has no response field"); + return openscreen::Error(CastCertError::kCastV2NoResponse, + PARSE_ERROR_PREFIX + "Auth message has no response field"); } - return Error::None(); + return openscreen::Error::None(); } class CastNonce { @@ -86,11 +85,11 @@ class CastNonce { OSP_CHECK_EQ( RAND_bytes(reinterpret_cast<uint8_t*>(&nonce_[0]), kNonceSizeInBytes), 1); - nonce_generation_time_ = GetWallTimeSinceUnixEpoch(); + nonce_generation_time_ = openscreen::GetWallTimeSinceUnixEpoch(); } void EnsureNonceTimely() { - if (GetWallTimeSinceUnixEpoch() > + if (openscreen::GetWallTimeSinceUnixEpoch() > (nonce_generation_time_ + std::chrono::hours(kNonceExpirationTimeInHours))) { GenerateNonce(); @@ -103,60 +102,62 @@ class CastNonce { std::chrono::seconds nonce_generation_time_; }; -// Maps Error::Code from certificate verification to Error. +// Maps CastCertError from certificate verification to openscreen::Error. // If crl_required is set to false, all revocation related errors are ignored. -Error MapToOpenscreenError(Error::Code error, bool crl_required) { +openscreen::Error MapToOpenscreenError(CastCertError error, bool crl_required) { switch (error) { - case Error::Code::kErrCertsMissing: - return Error(Error::Code::kCastV2PeerCertEmpty, - "Failed to locate certificates."); - case Error::Code::kErrCertsParse: - return Error(Error::Code::kErrCertsParse, - "Failed to parse certificates."); - case Error::Code::kErrCertsDateInvalid: - return Error(Error::Code::kCastV2CertNotSignedByTrustedCa, - "Failed date validity check."); - case Error::Code::kErrCertsVerifyGeneric: - return Error(Error::Code::kCastV2CertNotSignedByTrustedCa, - "Failed with a generic certificate verification error."); - case Error::Code::kErrCertsRestrictions: - return Error(Error::Code::kCastV2CertNotSignedByTrustedCa, - "Failed certificate restrictions."); - case Error::Code::kErrCrlInvalid: + case CastCertError::kErrCertsMissing: + return openscreen::Error(CastCertError::kCastV2PeerCertEmpty, + "Failed to locate certificates."); + case CastCertError::kErrCertsParse: + return openscreen::Error(CastCertError::kErrCertsParse, + "Failed to parse certificates."); + case CastCertError::kErrCertsDateInvalid: + return openscreen::Error(CastCertError::kCastV2CertNotSignedByTrustedCa, + "Failed date validity check."); + case CastCertError::kErrCertsVerifyGeneric: + return openscreen::Error( + CastCertError::kCastV2CertNotSignedByTrustedCa, + "Failed with a generic certificate verification error."); + case CastCertError::kErrCertsRestrictions: + return openscreen::Error(CastCertError::kCastV2CertNotSignedByTrustedCa, + "Failed certificate restrictions."); + case CastCertError::kErrCrlInvalid: // This error is only encountered if |crl_required| is true. OSP_DCHECK(crl_required); - return Error(Error::Code::kErrCrlInvalid, - "Failed to provide a valid CRL."); - case Error::Code::kErrCertsRevoked: - return Error(Error::Code::kErrCertsRevoked, - "Failed certificate revocation check."); - case Error::Code::kNone: - return Error::None(); + return openscreen::Error(CastCertError::kErrCrlInvalid, + "Failed to provide a valid CRL."); + case CastCertError::kErrCertsRevoked: + return openscreen::Error(CastCertError::kErrCertsRevoked, + "Failed certificate revocation check."); + case CastCertError::kNone: + return openscreen::Error::None(); default: - return Error(Error::Code::kCastV2CertNotSignedByTrustedCa, - "Failed verifying cast device certificate."); + return openscreen::Error(CastCertError::kCastV2CertNotSignedByTrustedCa, + "Failed verifying cast device certificate."); } - return Error::None(); + return openscreen::Error::None(); } -Error VerifyAndMapDigestAlgorithm(HashAlgorithm response_digest_algorithm, - DigestAlgorithm* digest_algorithm, - bool enforce_sha256_checking) { +openscreen::Error VerifyAndMapDigestAlgorithm( + HashAlgorithm response_digest_algorithm, + certificate::DigestAlgorithm* digest_algorithm, + bool enforce_sha256_checking) { switch (response_digest_algorithm) { - case ::cast::channel::SHA1: + case SHA1: if (enforce_sha256_checking) { - return Error(Error::Code::kCastV2DigestUnsupported, - "Unsupported digest algorithm."); + return openscreen::Error(CastCertError::kCastV2DigestUnsupported, + "Unsupported digest algorithm."); } - *digest_algorithm = DigestAlgorithm::kSha1; + *digest_algorithm = certificate::DigestAlgorithm::kSha1; break; - case ::cast::channel::SHA256: - *digest_algorithm = DigestAlgorithm::kSha256; + case SHA256: + *digest_algorithm = certificate::DigestAlgorithm::kSha256; break; default: - return Error::Code::kCastV2DigestUnsupported; + return CastCertError::kCastV2DigestUnsupported; } - return Error::None(); + return openscreen::Error::None(); } } // namespace @@ -170,74 +171,77 @@ AuthContext::AuthContext(const std::string& nonce) : nonce_(nonce) {} AuthContext::~AuthContext() {} -Error AuthContext::VerifySenderNonce(const std::string& nonce_response, - bool enforce_nonce_checking) const { +openscreen::Error AuthContext::VerifySenderNonce( + const std::string& nonce_response, + bool enforce_nonce_checking) const { if (nonce_ != nonce_response) { if (enforce_nonce_checking) { - return Error(Error::Code::kCastV2SenderNonceMismatch, - "Sender nonce mismatched."); + return openscreen::Error(CastCertError::kCastV2SenderNonceMismatch, + "Sender nonce mismatched."); } } - return Error::None(); + return openscreen::Error::None(); } -Error VerifyTLSCertificateValidity(X509* peer_cert, - std::chrono::seconds verification_time) { +openscreen::Error VerifyTLSCertificateValidity( + X509* peer_cert, + std::chrono::seconds verification_time) { // Ensure the peer cert is valid and doesn't have an excessive remaining // lifetime. Although it is not verified as an X.509 certificate, the entire // structure is signed by the AuthResponse, so the validity field from X.509 // is repurposed as this signature's expiration. - DateTime not_before; - DateTime not_after; - if (!GetCertValidTimeRange(peer_cert, ¬_before, ¬_after)) { - return Error(Error::Code::kErrCertsParse, - PARSE_ERROR_PREFIX "Parsing validity fields failed."); + certificate::DateTime not_before; + certificate::DateTime not_after; + if (!certificate::GetCertValidTimeRange(peer_cert, ¬_before, ¬_after)) { + return openscreen::Error(CastCertError::kErrCertsParse, PARSE_ERROR_PREFIX + "Parsing validity fields failed."); } std::chrono::seconds lifetime_limit = verification_time + std::chrono::hours(24 * kMaxSelfSignedCertLifetimeInDays); - DateTime verification_time_exploded = {}; - DateTime lifetime_limit_exploded = {}; - OSP_CHECK(DateTimeFromSeconds(verification_time.count(), - &verification_time_exploded)); - OSP_CHECK( - DateTimeFromSeconds(lifetime_limit.count(), &lifetime_limit_exploded)); + certificate::DateTime verification_time_exploded = {}; + certificate::DateTime lifetime_limit_exploded = {}; + OSP_CHECK(certificate::DateTimeFromSeconds(verification_time.count(), + &verification_time_exploded)); + OSP_CHECK(certificate::DateTimeFromSeconds(lifetime_limit.count(), + &lifetime_limit_exploded)); if (verification_time_exploded < not_before) { - return Error(Error::Code::kCastV2TlsCertValidStartDateInFuture, - PARSE_ERROR_PREFIX - "Certificate's valid start date is in the future."); + return openscreen::Error( + CastCertError::kCastV2TlsCertValidStartDateInFuture, + PARSE_ERROR_PREFIX "Certificate's valid start date is in the future."); } if (not_after < verification_time_exploded) { - return Error(Error::Code::kCastV2TlsCertExpired, - PARSE_ERROR_PREFIX "Certificate has expired."); + return openscreen::Error(CastCertError::kCastV2TlsCertExpired, + PARSE_ERROR_PREFIX "Certificate has expired."); } if (lifetime_limit_exploded < not_after) { - return Error(Error::Code::kCastV2TlsCertValidityPeriodTooLong, - PARSE_ERROR_PREFIX "Peer cert lifetime is too long."); + return openscreen::Error(CastCertError::kCastV2TlsCertValidityPeriodTooLong, + PARSE_ERROR_PREFIX + "Peer cert lifetime is too long."); } - return Error::None(); + return openscreen::Error::None(); } ErrorOr<CastDeviceCertPolicy> VerifyCredentialsImpl( const AuthResponse& response, const std::string& signature_input, - const CRLPolicy& crl_policy, - TrustStore* cast_trust_store, - TrustStore* crl_trust_store, - const DateTime& verification_time, + const certificate::CRLPolicy& crl_policy, + certificate::TrustStore* cast_trust_store, + certificate::TrustStore* crl_trust_store, + const certificate::DateTime& verification_time, bool enforce_sha256_checking); ErrorOr<CastDeviceCertPolicy> AuthenticateChallengeReplyImpl( const CastMessage& challenge_reply, X509* peer_cert, const AuthContext& auth_context, - const CRLPolicy& crl_policy, - TrustStore* cast_trust_store, - TrustStore* crl_trust_store, - const DateTime& verification_time) { + const certificate::CRLPolicy& crl_policy, + certificate::TrustStore* cast_trust_store, + certificate::TrustStore* crl_trust_store, + const certificate::DateTime& verification_time) { DeviceAuthMessage auth_message; - Error result = ParseAuthMessage(challenge_reply, &auth_message); + openscreen::Error result = ParseAuthMessage(challenge_reply, &auth_message); if (!result.ok()) { return result; } @@ -258,12 +262,14 @@ ErrorOr<CastDeviceCertPolicy> AuthenticateChallengeReplyImpl( int len = i2d_X509(peer_cert, nullptr); if (len <= 0) { - return Error(Error::Code::kErrCertsParse, "Serializing cert failed."); + return openscreen::Error(CastCertError::kErrCertsParse, + "Serializing cert failed."); } std::string peer_cert_der(len, 0); uint8_t* data = reinterpret_cast<uint8_t*>(&peer_cert_der[0]); if (!i2d_X509(peer_cert, &data)) { - return Error(Error::Code::kErrCertsParse, "Serializing cert failed."); + return openscreen::Error(CastCertError::kErrCertsParse, + "Serializing cert failed."); } size_t actual_size = data - reinterpret_cast<uint8_t*>(&peer_cert_der[0]); OSP_DCHECK_EQ(actual_size, peer_cert_der.size()); @@ -278,9 +284,10 @@ ErrorOr<CastDeviceCertPolicy> AuthenticateChallengeReply( const CastMessage& challenge_reply, X509* peer_cert, const AuthContext& auth_context) { - DateTime now = {}; - OSP_CHECK(DateTimeFromSeconds(GetWallTimeSinceUnixEpoch().count(), &now)); - CRLPolicy policy = CRLPolicy::kCrlOptional; + certificate::DateTime now = {}; + OSP_CHECK(certificate::DateTimeFromSeconds( + openscreen::GetWallTimeSinceUnixEpoch().count(), &now)); + certificate::CRLPolicy policy = certificate::CRLPolicy::kCrlOptional; return AuthenticateChallengeReplyImpl( challenge_reply, peer_cert, auth_context, policy, /* cast_trust_store */ nullptr, /* crl_trust_store */ nullptr, now); @@ -290,10 +297,10 @@ ErrorOr<CastDeviceCertPolicy> AuthenticateChallengeReplyForTest( const CastMessage& challenge_reply, X509* peer_cert, const AuthContext& auth_context, - CRLPolicy crl_policy, - TrustStore* cast_trust_store, - TrustStore* crl_trust_store, - const DateTime& verification_time) { + certificate::CRLPolicy crl_policy, + certificate::TrustStore* cast_trust_store, + certificate::TrustStore* crl_trust_store, + const certificate::DateTime& verification_time) { return AuthenticateChallengeReplyImpl( challenge_reply, peer_cert, auth_context, crl_policy, cast_trust_store, crl_trust_store, verification_time); @@ -319,17 +326,18 @@ ErrorOr<CastDeviceCertPolicy> AuthenticateChallengeReplyForTest( ErrorOr<CastDeviceCertPolicy> VerifyCredentialsImpl( const AuthResponse& response, const std::string& signature_input, - const CRLPolicy& crl_policy, - TrustStore* cast_trust_store, - TrustStore* crl_trust_store, - const DateTime& verification_time, + const certificate::CRLPolicy& crl_policy, + certificate::TrustStore* cast_trust_store, + certificate::TrustStore* crl_trust_store, + const certificate::DateTime& verification_time, bool enforce_sha256_checking) { if (response.signature().empty() && !signature_input.empty()) { - return Error(Error::Code::kCastV2SignatureEmpty, "Signature is empty."); + return openscreen::Error(CastCertError::kCastV2SignatureEmpty, + "Signature is empty."); } // Verify the certificate - std::unique_ptr<CertVerificationContext> verification_context; + std::unique_ptr<certificate::CertVerificationContext> verification_context; // Build a single vector containing the certificate chain. std::vector<std::string> cert_chain; @@ -339,42 +347,43 @@ ErrorOr<CastDeviceCertPolicy> VerifyCredentialsImpl( response.intermediate_certificate().end()); // Parse the CRL. - std::unique_ptr<CastCRL> crl; + std::unique_ptr<certificate::CastCRL> crl; if (!response.crl().empty()) { - crl = ParseAndVerifyCRL(response.crl(), verification_time, crl_trust_store); + crl = certificate::ParseAndVerifyCRL(response.crl(), verification_time, + crl_trust_store); } // Perform certificate verification. - CastDeviceCertPolicy device_policy; - Error verify_result = - VerifyDeviceCert(cert_chain, verification_time, &verification_context, - &device_policy, crl.get(), crl_policy, cast_trust_store); + certificate::CastDeviceCertPolicy device_policy; + openscreen::Error verify_result = certificate::VerifyDeviceCert( + cert_chain, verification_time, &verification_context, &device_policy, + crl.get(), crl_policy, cast_trust_store); // Handle and report errors. - Error result = MapToOpenscreenError(verify_result.code(), - crl_policy == CRLPolicy::kCrlRequired); + openscreen::Error result = MapToOpenscreenError( + verify_result.code(), crl_policy == certificate::CRLPolicy::kCrlRequired); if (!result.ok()) { return result; } // The certificate is verified at this point. - DigestAlgorithm digest_algorithm; - Error digest_result = VerifyAndMapDigestAlgorithm( + certificate::DigestAlgorithm digest_algorithm; + openscreen::Error digest_result = VerifyAndMapDigestAlgorithm( response.hash_algorithm(), &digest_algorithm, enforce_sha256_checking); if (!digest_result.ok()) { return digest_result; } - ConstDataSpan signature = { + certificate::ConstDataSpan signature = { reinterpret_cast<const uint8_t*>(response.signature().data()), static_cast<uint32_t>(response.signature().size())}; - ConstDataSpan siginput = { + certificate::ConstDataSpan siginput = { reinterpret_cast<const uint8_t*>(signature_input.data()), static_cast<uint32_t>(signature_input.size())}; if (!verification_context->VerifySignatureOverData(signature, siginput, digest_algorithm)) { - return Error(Error::Code::kCastV2SignedBlobsMismatch, - "Failed verifying signature over data."); + return openscreen::Error(CastCertError::kCastV2SignedBlobsMismatch, + "Failed verifying signature over data."); } return device_policy; @@ -385,10 +394,12 @@ ErrorOr<CastDeviceCertPolicy> VerifyCredentials( const std::string& signature_input, bool enforce_revocation_checking, bool enforce_sha256_checking) { - DateTime now = {}; - OSP_CHECK(DateTimeFromSeconds(GetWallTimeSinceUnixEpoch().count(), &now)); - CRLPolicy policy = (enforce_revocation_checking) ? CRLPolicy::kCrlRequired - : CRLPolicy::kCrlOptional; + certificate::DateTime now = {}; + OSP_CHECK(certificate::DateTimeFromSeconds( + openscreen::GetWallTimeSinceUnixEpoch().count(), &now)); + certificate::CRLPolicy policy = (enforce_revocation_checking) + ? certificate::CRLPolicy::kCrlRequired + : certificate::CRLPolicy::kCrlOptional; return VerifyCredentialsImpl(response, signature_input, policy, nullptr, nullptr, now, enforce_sha256_checking); } @@ -396,15 +407,15 @@ ErrorOr<CastDeviceCertPolicy> VerifyCredentials( ErrorOr<CastDeviceCertPolicy> VerifyCredentialsForTest( const AuthResponse& response, const std::string& signature_input, - CRLPolicy crl_policy, - TrustStore* cast_trust_store, - TrustStore* crl_trust_store, - const DateTime& verification_time, + certificate::CRLPolicy crl_policy, + certificate::TrustStore* cast_trust_store, + certificate::TrustStore* crl_trust_store, + const certificate::DateTime& verification_time, bool enforce_sha256_checking) { return VerifyCredentialsImpl(response, signature_input, crl_policy, cast_trust_store, crl_trust_store, verification_time, enforce_sha256_checking); } +} // namespace channel } // namespace cast -} // namespace openscreen diff --git a/cast/sender/channel/cast_auth_util.h b/cast/sender/channel/cast_auth_util.h index 467dfb82..df6299d3 100644 --- a/cast/sender/channel/cast_auth_util.h +++ b/cast/sender/channel/cast_auth_util.h @@ -7,25 +7,28 @@ #include <openssl/x509.h> -#include <chrono> // NOLINT +#include <chrono> #include <string> #include "cast/common/certificate/cast_cert_validator.h" #include "platform/base/error.h" namespace cast { -namespace channel { -class AuthResponse; -class CastMessage; -} // namespace channel +namespace certificate { +enum class CRLPolicy; +struct DateTime; +struct TrustStore; +} // namespace certificate } // namespace cast -namespace openscreen { namespace cast { +namespace channel { -enum class CRLPolicy; -struct DateTime; -struct TrustStore; +class AuthResponse; +class CastMessage; + +using openscreen::ErrorOr; +using CastDeviceCertPolicy = certificate::CastDeviceCertPolicy; class AuthContext { public: @@ -37,8 +40,9 @@ class AuthContext { // Verifies the nonce received in the response is equivalent to the one sent. // Returns success if |nonce_response| matches nonce_ - Error VerifySenderNonce(const std::string& nonce_response, - bool enforce_nonce_checking = false) const; + openscreen::Error VerifySenderNonce( + const std::string& nonce_response, + bool enforce_nonce_checking = false) const; // The nonce challenge. const std::string& nonce() const { return nonce_; } @@ -53,7 +57,7 @@ class AuthContext { // 1. Signature contained in the reply is valid. // 2. certificate used to sign is rooted to a trusted CA. ErrorOr<CastDeviceCertPolicy> AuthenticateChallengeReply( - const ::cast::channel::CastMessage& challenge_reply, + const CastMessage& challenge_reply, X509* peer_cert, const AuthContext& auth_context); @@ -62,23 +66,24 @@ ErrorOr<CastDeviceCertPolicy> AuthenticateChallengeReply( // Overloaded version of AuthenticateChallengeReply that allows modifying the // crl policy, trust stores, and verification times. ErrorOr<CastDeviceCertPolicy> AuthenticateChallengeReplyForTest( - const ::cast::channel::CastMessage& challenge_reply, + const CastMessage& challenge_reply, X509* peer_cert, const AuthContext& auth_context, - CRLPolicy crl_policy, - TrustStore* cast_trust_store, - TrustStore* crl_trust_store, - const DateTime& verification_time); + certificate::CRLPolicy crl_policy, + certificate::TrustStore* cast_trust_store, + certificate::TrustStore* crl_trust_store, + const certificate::DateTime& verification_time); // Performs a quick check of the TLS certificate for time validity requirements. -Error VerifyTLSCertificateValidity(X509* peer_cert, - std::chrono::seconds verification_time); +openscreen::Error VerifyTLSCertificateValidity( + X509* peer_cert, + std::chrono::seconds verification_time); // Auth-library specific implementation of cryptographic signature verification // routines. Verifies that |response| contains a valid signature of // |signature_input|. ErrorOr<CastDeviceCertPolicy> VerifyCredentials( - const ::cast::channel::AuthResponse& response, + const AuthResponse& response, const std::string& signature_input, bool enforce_revocation_checking = false, bool enforce_sha256_checking = false); @@ -88,15 +93,15 @@ ErrorOr<CastDeviceCertPolicy> VerifyCredentials( // Overloaded version of VerifyCredentials that allows modifying the crl policy, // trust stores, and verification times. ErrorOr<CastDeviceCertPolicy> VerifyCredentialsForTest( - const ::cast::channel::AuthResponse& response, + const AuthResponse& response, const std::string& signature_input, - CRLPolicy crl_policy, - TrustStore* cast_trust_store, - TrustStore* crl_trust_store, - const DateTime& verification_time, + certificate::CRLPolicy crl_policy, + certificate::TrustStore* cast_trust_store, + certificate::TrustStore* crl_trust_store, + const certificate::DateTime& verification_time, bool enforce_sha256_checking = false); +} // namespace channel } // namespace cast -} // namespace openscreen #endif // CAST_SENDER_CHANNEL_CAST_AUTH_UTIL_H_ diff --git a/cast/sender/channel/cast_auth_util_unittest.cc b/cast/sender/channel/cast_auth_util_unittest.cc index 93fb913e..5dec424d 100644 --- a/cast/sender/channel/cast_auth_util_unittest.cc +++ b/cast/sender/channel/cast_auth_util_unittest.cc @@ -16,13 +16,13 @@ #include "testing/util/read_file.h" #include "util/logging.h" -namespace openscreen { namespace cast { +namespace channel { namespace { -using ::cast::channel::AuthResponse; +using ErrorCode = openscreen::Error::Code; -bool ConvertTimeSeconds(const DateTime& time, uint64_t* seconds) { +bool ConvertTimeSeconds(const certificate::DateTime& time, uint64_t* seconds) { static constexpr uint64_t kDaysPerYear = 365; static constexpr uint64_t kHoursPerDay = 24; static constexpr uint64_t kMinutesPerHour = 60; @@ -102,7 +102,7 @@ bool ConvertTimeSeconds(const DateTime& time, uint64_t* seconds) { #define TEST_DATA_PREFIX OPENSCREEN_TEST_DATA_DIR "cast/common/certificate/" -class CastAuthUtilTest : public ::testing::Test { +class CastAuthUtilTest : public testing::Test { public: CastAuthUtilTest() {} ~CastAuthUtilTest() override {} @@ -110,15 +110,16 @@ class CastAuthUtilTest : public ::testing::Test { void SetUp() override {} protected: - static AuthResponse CreateAuthResponse( - std::string* signed_data, - ::cast::channel::HashAlgorithm digest_algorithm) { - std::vector<std::string> chain = testing::ReadCertificatesFromPemFile( - TEST_DATA_PREFIX "certificates/chromecast_gen1.pem"); + static AuthResponse CreateAuthResponse(std::string* signed_data, + HashAlgorithm digest_algorithm) { + std::vector<std::string> chain = + certificate::testing::ReadCertificatesFromPemFile( + TEST_DATA_PREFIX "certificates/chromecast_gen1.pem"); OSP_CHECK(!chain.empty()); - testing::SignatureTestData signatures = testing::ReadSignatureTestData( - TEST_DATA_PREFIX "signeddata/2ZZBG9_FA8FCA3EF91A.pem"); + certificate::testing::SignatureTestData signatures = + certificate::testing::ReadSignatureTestData( + TEST_DATA_PREFIX "signeddata/2ZZBG9_FA8FCA3EF91A.pem"); AuthResponse response; @@ -129,12 +130,12 @@ class CastAuthUtilTest : public ::testing::Test { response.set_hash_algorithm(digest_algorithm); switch (digest_algorithm) { - case ::cast::channel::SHA1: + case SHA1: response.set_signature( std::string(reinterpret_cast<const char*>(signatures.sha1.data), signatures.sha1.length)); break; - case ::cast::channel::SHA256: + case SHA256: response.set_signature( std::string(reinterpret_cast<const char*>(signatures.sha256.data), signatures.sha256.length)); @@ -155,100 +156,96 @@ class CastAuthUtilTest : public ::testing::Test { // being verified doesn't expire until 2032. TEST_F(CastAuthUtilTest, VerifySuccess) { std::string signed_data; - AuthResponse auth_response = - CreateAuthResponse(&signed_data, ::cast::channel::SHA256); - DateTime now = {}; - ASSERT_TRUE(DateTimeFromSeconds(GetWallTimeSinceUnixEpoch().count(), &now)); - ErrorOr<CastDeviceCertPolicy> result = - VerifyCredentialsForTest(auth_response, signed_data, - CRLPolicy::kCrlOptional, nullptr, nullptr, now); + AuthResponse auth_response = CreateAuthResponse(&signed_data, SHA256); + certificate::DateTime now = {}; + ASSERT_TRUE(certificate::DateTimeFromSeconds( + openscreen::GetWallTimeSinceUnixEpoch().count(), &now)); + ErrorOr<CastDeviceCertPolicy> result = VerifyCredentialsForTest( + auth_response, signed_data, certificate::CRLPolicy::kCrlOptional, nullptr, + nullptr, now); EXPECT_TRUE(result); - EXPECT_EQ(CastDeviceCertPolicy::kUnrestricted, result.value()); + EXPECT_EQ(certificate::CastDeviceCertPolicy::kUnrestricted, result.value()); } TEST_F(CastAuthUtilTest, VerifyBadCA) { std::string signed_data; - AuthResponse auth_response = - CreateAuthResponse(&signed_data, ::cast::channel::SHA256); + AuthResponse auth_response = CreateAuthResponse(&signed_data, SHA256); MangleString(auth_response.mutable_intermediate_certificate(0)); ErrorOr<CastDeviceCertPolicy> result = VerifyCredentials(auth_response, signed_data); EXPECT_FALSE(result); - EXPECT_EQ(Error::Code::kErrCertsParse, result.error().code()); + EXPECT_EQ(ErrorCode::kErrCertsParse, result.error().code()); } TEST_F(CastAuthUtilTest, VerifyBadClientAuthCert) { std::string signed_data; - AuthResponse auth_response = - CreateAuthResponse(&signed_data, ::cast::channel::SHA256); + AuthResponse auth_response = CreateAuthResponse(&signed_data, SHA256); MangleString(auth_response.mutable_client_auth_certificate()); ErrorOr<CastDeviceCertPolicy> result = VerifyCredentials(auth_response, signed_data); EXPECT_FALSE(result); - EXPECT_EQ(Error::Code::kErrCertsParse, result.error().code()); + EXPECT_EQ(ErrorCode::kErrCertsParse, result.error().code()); } TEST_F(CastAuthUtilTest, VerifyBadSignature) { std::string signed_data; - AuthResponse auth_response = - CreateAuthResponse(&signed_data, ::cast::channel::SHA256); + AuthResponse auth_response = CreateAuthResponse(&signed_data, SHA256); MangleString(auth_response.mutable_signature()); ErrorOr<CastDeviceCertPolicy> result = VerifyCredentials(auth_response, signed_data); EXPECT_FALSE(result); - EXPECT_EQ(Error::Code::kCastV2SignedBlobsMismatch, result.error().code()); + EXPECT_EQ(ErrorCode::kCastV2SignedBlobsMismatch, result.error().code()); } TEST_F(CastAuthUtilTest, VerifyEmptySignature) { std::string signed_data; - AuthResponse auth_response = - CreateAuthResponse(&signed_data, ::cast::channel::SHA256); + AuthResponse auth_response = CreateAuthResponse(&signed_data, SHA256); auth_response.mutable_signature()->clear(); ErrorOr<CastDeviceCertPolicy> result = VerifyCredentials(auth_response, signed_data); EXPECT_FALSE(result); - EXPECT_EQ(Error::Code::kCastV2SignatureEmpty, result.error().code()); + EXPECT_EQ(ErrorCode::kCastV2SignatureEmpty, result.error().code()); } TEST_F(CastAuthUtilTest, VerifyUnsupportedDigest) { std::string signed_data; - AuthResponse auth_response = - CreateAuthResponse(&signed_data, ::cast::channel::SHA1); - DateTime now = {}; - ASSERT_TRUE(DateTimeFromSeconds(GetWallTimeSinceUnixEpoch().count(), &now)); + AuthResponse auth_response = CreateAuthResponse(&signed_data, SHA1); + certificate::DateTime now = {}; + ASSERT_TRUE(certificate::DateTimeFromSeconds( + openscreen::GetWallTimeSinceUnixEpoch().count(), &now)); ErrorOr<CastDeviceCertPolicy> result = VerifyCredentialsForTest( - auth_response, signed_data, CRLPolicy::kCrlOptional, nullptr, nullptr, - now, true); + auth_response, signed_data, certificate::CRLPolicy::kCrlOptional, nullptr, + nullptr, now, true); EXPECT_FALSE(result); - EXPECT_EQ(Error::Code::kCastV2DigestUnsupported, result.error().code()); + EXPECT_EQ(ErrorCode::kCastV2DigestUnsupported, result.error().code()); } TEST_F(CastAuthUtilTest, VerifyBackwardsCompatibleDigest) { std::string signed_data; - AuthResponse auth_response = - CreateAuthResponse(&signed_data, ::cast::channel::SHA1); - DateTime now = {}; - ASSERT_TRUE(DateTimeFromSeconds(GetWallTimeSinceUnixEpoch().count(), &now)); - ErrorOr<CastDeviceCertPolicy> result = - VerifyCredentialsForTest(auth_response, signed_data, - CRLPolicy::kCrlOptional, nullptr, nullptr, now); + AuthResponse auth_response = CreateAuthResponse(&signed_data, SHA1); + certificate::DateTime now = {}; + ASSERT_TRUE(certificate::DateTimeFromSeconds( + openscreen::GetWallTimeSinceUnixEpoch().count(), &now)); + ErrorOr<CastDeviceCertPolicy> result = VerifyCredentialsForTest( + auth_response, signed_data, certificate::CRLPolicy::kCrlOptional, nullptr, + nullptr, now); EXPECT_TRUE(result); } TEST_F(CastAuthUtilTest, VerifyBadPeerCert) { std::string signed_data; - AuthResponse auth_response = - CreateAuthResponse(&signed_data, ::cast::channel::SHA256); + AuthResponse auth_response = CreateAuthResponse(&signed_data, SHA256); MangleString(&signed_data); ErrorOr<CastDeviceCertPolicy> result = VerifyCredentials(auth_response, signed_data); EXPECT_FALSE(result); - EXPECT_EQ(Error::Code::kCastV2SignedBlobsMismatch, result.error().code()); + EXPECT_EQ(ErrorCode::kCastV2SignedBlobsMismatch, result.error().code()); } TEST_F(CastAuthUtilTest, VerifySenderNonceMatch) { AuthContext context = AuthContext::Create(); - const Error result = context.VerifySenderNonce(context.nonce(), true); + const openscreen::Error result = + context.VerifySenderNonce(context.nonce(), true); EXPECT_TRUE(result.ok()); } @@ -259,7 +256,7 @@ TEST_F(CastAuthUtilTest, VerifySenderNonceMismatch) { ErrorOr<CastDeviceCertPolicy> result = context.VerifySenderNonce(received_nonce, true); EXPECT_FALSE(result); - EXPECT_EQ(Error::Code::kCastV2SenderNonceMismatch, result.error().code()); + EXPECT_EQ(ErrorCode::kCastV2SenderNonceMismatch, result.error().code()); } TEST_F(CastAuthUtilTest, VerifySenderNonceMissing) { @@ -269,36 +266,40 @@ TEST_F(CastAuthUtilTest, VerifySenderNonceMissing) { ErrorOr<CastDeviceCertPolicy> result = context.VerifySenderNonce(received_nonce, true); EXPECT_FALSE(result); - EXPECT_EQ(Error::Code::kCastV2SenderNonceMismatch, result.error().code()); + EXPECT_EQ(ErrorCode::kCastV2SenderNonceMismatch, result.error().code()); } TEST_F(CastAuthUtilTest, VerifyTLSCertificateSuccess) { - std::vector<std::string> tls_cert_der = testing::ReadCertificatesFromPemFile( - TEST_DATA_PREFIX "certificates/test_tls_cert.pem"); + std::vector<std::string> tls_cert_der = + certificate::testing::ReadCertificatesFromPemFile( + TEST_DATA_PREFIX "certificates/test_tls_cert.pem"); std::string& der_cert = tls_cert_der[0]; const uint8_t* data = (const uint8_t*)der_cert.data(); X509* tls_cert = d2i_X509(nullptr, &data, der_cert.size()); - DateTime not_before; - DateTime not_after; - ASSERT_TRUE(GetCertValidTimeRange(tls_cert, ¬_before, ¬_after)); + certificate::DateTime not_before; + certificate::DateTime not_after; + ASSERT_TRUE( + certificate::GetCertValidTimeRange(tls_cert, ¬_before, ¬_after)); uint64_t x; ASSERT_TRUE(ConvertTimeSeconds(not_before, &x)); std::chrono::seconds s(x); - const Error result = VerifyTLSCertificateValidity(tls_cert, s); + const openscreen::Error result = VerifyTLSCertificateValidity(tls_cert, s); EXPECT_TRUE(result.ok()); X509_free(tls_cert); } TEST_F(CastAuthUtilTest, VerifyTLSCertificateTooEarly) { - std::vector<std::string> tls_cert_der = testing::ReadCertificatesFromPemFile( - TEST_DATA_PREFIX "certificates/test_tls_cert.pem"); + std::vector<std::string> tls_cert_der = + certificate::testing::ReadCertificatesFromPemFile( + TEST_DATA_PREFIX "certificates/test_tls_cert.pem"); std::string& der_cert = tls_cert_der[0]; const uint8_t* data = (const uint8_t*)der_cert.data(); X509* tls_cert = d2i_X509(nullptr, &data, der_cert.size()); - DateTime not_before; - DateTime not_after; - ASSERT_TRUE(GetCertValidTimeRange(tls_cert, ¬_before, ¬_after)); + certificate::DateTime not_before; + certificate::DateTime not_after; + ASSERT_TRUE( + certificate::GetCertValidTimeRange(tls_cert, ¬_before, ¬_after)); uint64_t x; ASSERT_TRUE(ConvertTimeSeconds(not_before, &x)); std::chrono::seconds s(x - 1); @@ -306,20 +307,22 @@ TEST_F(CastAuthUtilTest, VerifyTLSCertificateTooEarly) { ErrorOr<CastDeviceCertPolicy> result = VerifyTLSCertificateValidity(tls_cert, s); EXPECT_FALSE(result); - EXPECT_EQ(Error::Code::kCastV2TlsCertValidStartDateInFuture, + EXPECT_EQ(ErrorCode::kCastV2TlsCertValidStartDateInFuture, result.error().code()); X509_free(tls_cert); } TEST_F(CastAuthUtilTest, VerifyTLSCertificateTooLate) { - std::vector<std::string> tls_cert_der = testing::ReadCertificatesFromPemFile( - TEST_DATA_PREFIX "certificates/test_tls_cert.pem"); + std::vector<std::string> tls_cert_der = + certificate::testing::ReadCertificatesFromPemFile( + TEST_DATA_PREFIX "certificates/test_tls_cert.pem"); std::string& der_cert = tls_cert_der[0]; const uint8_t* data = (const uint8_t*)der_cert.data(); X509* tls_cert = d2i_X509(nullptr, &data, der_cert.size()); - DateTime not_before; - DateTime not_after; - ASSERT_TRUE(GetCertValidTimeRange(tls_cert, ¬_before, ¬_after)); + certificate::DateTime not_before; + certificate::DateTime not_after; + ASSERT_TRUE( + certificate::GetCertValidTimeRange(tls_cert, ¬_before, ¬_after)); uint64_t x; ASSERT_TRUE(ConvertTimeSeconds(not_after, &x)); std::chrono::seconds s(x + 2); @@ -327,7 +330,7 @@ TEST_F(CastAuthUtilTest, VerifyTLSCertificateTooLate) { ErrorOr<CastDeviceCertPolicy> result = VerifyTLSCertificateValidity(tls_cert, s); EXPECT_FALSE(result); - EXPECT_EQ(Error::Code::kCastV2TlsCertExpired, result.error().code()); + EXPECT_EQ(ErrorCode::kCastV2TlsCertExpired, result.error().code()); X509_free(tls_cert); } @@ -345,10 +348,10 @@ enum TestStepResult { ErrorOr<CastDeviceCertPolicy> TestVerifyRevocation( const std::vector<std::string>& certificate_chain, const std::string& crl_bundle, - const DateTime& verification_time, + const certificate::DateTime& verification_time, bool crl_required, - TrustStore* cast_trust_store, - TrustStore* crl_trust_store) { + certificate::TrustStore* cast_trust_store, + certificate::TrustStore* crl_trust_store) { AuthResponse response; if (certificate_chain.size() > 0) { @@ -360,9 +363,9 @@ ErrorOr<CastDeviceCertPolicy> TestVerifyRevocation( response.set_crl(crl_bundle); - CRLPolicy crl_policy = CRLPolicy::kCrlRequired; + certificate::CRLPolicy crl_policy = certificate::CRLPolicy::kCrlRequired; if (!crl_required && crl_bundle.empty()) - crl_policy = CRLPolicy::kCrlOptional; + crl_policy = certificate::CRLPolicy::kCrlOptional; ErrorOr<CastDeviceCertPolicy> result = VerifyCredentialsForTest(response, "", crl_policy, cast_trust_store, crl_trust_store, verification_time); @@ -372,13 +375,13 @@ ErrorOr<CastDeviceCertPolicy> TestVerifyRevocation( } // Runs a single test case. -bool RunTest(const DeviceCertTest& test_case) { - std::unique_ptr<TrustStore> crl_trust_store; - std::unique_ptr<TrustStore> cast_trust_store; +bool RunTest(const certificate::DeviceCertTest& test_case) { + std::unique_ptr<certificate::TrustStore> crl_trust_store; + std::unique_ptr<certificate::TrustStore> cast_trust_store; if (test_case.use_test_trust_anchors()) { - crl_trust_store = testing::CreateTrustStoreFromPemFile( + crl_trust_store = certificate::testing::CreateTrustStoreFromPemFile( TEST_DATA_PREFIX "certificates/cast_crl_test_root_ca.pem"); - cast_trust_store = testing::CreateTrustStoreFromPemFile( + cast_trust_store = certificate::testing::CreateTrustStoreFromPemFile( TEST_DATA_PREFIX "certificates/cast_test_root_ca.pem"); EXPECT_FALSE(crl_trust_store->certs.empty()); @@ -391,49 +394,51 @@ bool RunTest(const DeviceCertTest& test_case) { } // CastAuthUtil verifies the CRL at the same time as the certificate. - DateTime verification_time; + certificate::DateTime verification_time; uint64_t cert_verify_time = test_case.cert_verification_time_seconds(); if (!cert_verify_time) { cert_verify_time = test_case.crl_verification_time_seconds(); } - OSP_DCHECK(DateTimeFromSeconds(cert_verify_time, &verification_time)); + OSP_DCHECK( + certificate::DateTimeFromSeconds(cert_verify_time, &verification_time)); std::string crl_bundle = test_case.crl_bundle(); - ErrorOr<CastDeviceCertPolicy> result(CastDeviceCertPolicy::kUnrestricted); + ErrorOr<CastDeviceCertPolicy> result( + certificate::CastDeviceCertPolicy::kUnrestricted); switch (test_case.expected_result()) { - case PATH_VERIFICATION_FAILED: + case certificate::PATH_VERIFICATION_FAILED: result = TestVerifyRevocation( certificate_chain, crl_bundle, verification_time, false, cast_trust_store.get(), crl_trust_store.get()); EXPECT_EQ(result.error().code(), - Error::Code::kCastV2CertNotSignedByTrustedCa); + ErrorCode::kCastV2CertNotSignedByTrustedCa); return result.error().code() == - Error::Code::kCastV2CertNotSignedByTrustedCa; - case CRL_VERIFICATION_FAILED: + ErrorCode::kCastV2CertNotSignedByTrustedCa; + case certificate::CRL_VERIFICATION_FAILED: // Fall-through intended. - case REVOCATION_CHECK_FAILED_WITHOUT_CRL: + case certificate::REVOCATION_CHECK_FAILED_WITHOUT_CRL: result = TestVerifyRevocation( certificate_chain, crl_bundle, verification_time, true, cast_trust_store.get(), crl_trust_store.get()); - EXPECT_EQ(result.error().code(), Error::Code::kErrCrlInvalid); - return result.error().code() == Error::Code::kErrCrlInvalid; - case CRL_EXPIRED_AFTER_INITIAL_VERIFICATION: + EXPECT_EQ(result.error().code(), ErrorCode::kErrCrlInvalid); + return result.error().code() == ErrorCode::kErrCrlInvalid; + case certificate::CRL_EXPIRED_AFTER_INITIAL_VERIFICATION: // By-pass this test because CRL is always verified at the time the // certificate is verified. return true; - case REVOCATION_CHECK_FAILED: + case certificate::REVOCATION_CHECK_FAILED: result = TestVerifyRevocation( certificate_chain, crl_bundle, verification_time, true, cast_trust_store.get(), crl_trust_store.get()); - EXPECT_EQ(result.error().code(), Error::Code::kErrCertsRevoked); - return result.error().code() == Error::Code::kErrCertsRevoked; - case SUCCESS: + EXPECT_EQ(result.error().code(), ErrorCode::kErrCertsRevoked); + return result.error().code() == ErrorCode::kErrCertsRevoked; + case certificate::SUCCESS: result = TestVerifyRevocation( certificate_chain, crl_bundle, verification_time, false, cast_trust_store.get(), crl_trust_store.get()); - EXPECT_EQ(result.error().code(), Error::Code::kCastV2SignedBlobsMismatch); - return result.error().code() == Error::Code::kCastV2SignedBlobsMismatch; - case UNSPECIFIED: + EXPECT_EQ(result.error().code(), ErrorCode::kCastV2SignedBlobsMismatch); + return result.error().code() == ErrorCode::kCastV2SignedBlobsMismatch; + case certificate::UNSPECIFIED: return false; } return false; @@ -444,8 +449,9 @@ bool RunTest(const DeviceCertTest& test_case) { // To see the description of the test, execute the test. // These tests are generated by a test generator in google3. void RunTestSuite(const std::string& test_suite_file_name) { - std::string testsuite_raw = ReadEntireFileToString(test_suite_file_name); - DeviceCertTestSuite test_suite; + std::string testsuite_raw = + openscreen::ReadEntireFileToString(test_suite_file_name); + certificate::DeviceCertTestSuite test_suite; EXPECT_TRUE(test_suite.ParseFromString(testsuite_raw)); uint16_t successes = 0; @@ -464,5 +470,5 @@ TEST_F(CastAuthUtilTest, CRLTestSuite) { } } // namespace +} // namespace channel } // namespace cast -} // namespace openscreen diff --git a/cast/sender/channel/message_util.cc b/cast/sender/channel/message_util.cc index 48623cee..ab3ed5d8 100644 --- a/cast/sender/channel/message_util.cc +++ b/cast/sender/channel/message_util.cc @@ -6,12 +6,8 @@ #include "cast/sender/channel/cast_auth_util.h" -namespace openscreen { namespace cast { - -using ::cast::channel::AuthChallenge; -using ::cast::channel::CastMessage; -using ::cast::channel::DeviceAuthMessage; +namespace channel { CastMessage CreateAuthChallengeMessage(const AuthContext& auth_context) { CastMessage message; @@ -19,7 +15,7 @@ CastMessage CreateAuthChallengeMessage(const AuthContext& auth_context) { AuthChallenge* challenge = auth_message.mutable_challenge(); challenge->set_sender_nonce(auth_context.nonce()); - challenge->set_hash_algorithm(::cast::channel::SHA256); + challenge->set_hash_algorithm(SHA256); std::string auth_message_string; auth_message.SerializeToString(&auth_message_string); @@ -28,11 +24,11 @@ CastMessage CreateAuthChallengeMessage(const AuthContext& auth_context) { message.set_source_id(kPlatformSenderId); message.set_destination_id(kPlatformReceiverId); message.set_namespace_(kAuthNamespace); - message.set_payload_type(::cast::channel::CastMessage_PayloadType_BINARY); + message.set_payload_type(CastMessage_PayloadType_BINARY); message.set_payload_binary(auth_message_string); return message; } +} // namespace channel } // namespace cast -} // namespace openscreen diff --git a/cast/sender/channel/message_util.h b/cast/sender/channel/message_util.h index 944165bc..e2da0cd8 100644 --- a/cast/sender/channel/message_util.h +++ b/cast/sender/channel/message_util.h @@ -8,15 +8,14 @@ #include "cast/common/channel/message_util.h" #include "cast/common/channel/proto/cast_channel.pb.h" -namespace openscreen { namespace cast { +namespace channel { class AuthContext; -::cast::channel::CastMessage CreateAuthChallengeMessage( - const AuthContext& auth_context); +CastMessage CreateAuthChallengeMessage(const AuthContext& auth_context); +} // namespace channel } // namespace cast -} // namespace openscreen #endif // CAST_SENDER_CHANNEL_MESSAGE_UTIL_H_ diff --git a/cast/sender/channel/sender_socket_factory.cc b/cast/sender/channel/sender_socket_factory.cc index 8dff73c4..b185113d 100644 --- a/cast/sender/channel/sender_socket_factory.cc +++ b/cast/sender/channel/sender_socket_factory.cc @@ -5,15 +5,18 @@ #include "cast/sender/channel/sender_socket_factory.h" #include "cast/common/channel/cast_socket.h" -#include "cast/common/channel/proto/cast_channel.pb.h" #include "cast/sender/channel/message_util.h" #include "platform/base/tls_connect_options.h" #include "util/crypto/certificate_utils.h" -using ::cast::channel::CastMessage; - -namespace openscreen { namespace cast { +namespace channel { + +using openscreen::Error; +using openscreen::IPEndpoint; +using openscreen::TlsConnection; +using openscreen::TlsConnectionFactory; +using openscreen::TlsConnectOptions; bool operator<(const std::unique_ptr<SenderSocketFactory::PendingAuth>& a, uint32_t b) { @@ -65,8 +68,8 @@ void SenderSocketFactory::OnConnected( CastSocket::Client* client = it->client; pending_connections_.erase(it); - ErrorOr<bssl::UniquePtr<X509>> peer_cert = - ImportCertificate(der_x509_peer_cert.data(), der_x509_peer_cert.size()); + ErrorOr<bssl::UniquePtr<X509>> peer_cert = openscreen::ImportCertificate( + der_x509_peer_cert.data(), der_x509_peer_cert.size()); if (!peer_cert) { client_->OnError(this, endpoint, peer_cert.error()); return; @@ -167,5 +170,5 @@ void SenderSocketFactory::OnMessage(CastSocket* socket, CastMessage message) { client_->OnConnected(this, pending->endpoint, std::move(pending->socket)); } +} // namespace channel } // namespace cast -} // namespace openscreen diff --git a/cast/sender/channel/sender_socket_factory.h b/cast/sender/channel/sender_socket_factory.h index 9cb31066..c58b369a 100644 --- a/cast/sender/channel/sender_socket_factory.h +++ b/cast/sender/channel/sender_socket_factory.h @@ -12,26 +12,26 @@ #include <vector> #include "cast/common/channel/cast_socket.h" -#include "cast/common/channel/proto/cast_channel.pb.h" #include "cast/sender/channel/cast_auth_util.h" #include "platform/api/tls_connection_factory.h" #include "platform/base/ip_address.h" #include "util/logging.h" -namespace openscreen { namespace cast { +namespace channel { -class SenderSocketFactory final : public TlsConnectionFactory::Client, - public CastSocket::Client { +class SenderSocketFactory final + : public openscreen::TlsConnectionFactory::Client, + public CastSocket::Client { public: class Client { public: virtual void OnConnected(SenderSocketFactory* factory, - const IPEndpoint& endpoint, + const openscreen::IPEndpoint& endpoint, std::unique_ptr<CastSocket> socket) = 0; virtual void OnError(SenderSocketFactory* factory, - const IPEndpoint& endpoint, - Error error) = 0; + const openscreen::IPEndpoint& endpoint, + openscreen::Error error) = 0; }; enum class DeviceMediaPolicy { @@ -43,35 +43,39 @@ class SenderSocketFactory final : public TlsConnectionFactory::Client, explicit SenderSocketFactory(Client* client); ~SenderSocketFactory(); - void set_factory(TlsConnectionFactory* factory) { + void set_factory(openscreen::TlsConnectionFactory* factory) { OSP_DCHECK(factory); factory_ = factory; } - void Connect(const IPEndpoint& endpoint, + void Connect(const openscreen::IPEndpoint& endpoint, DeviceMediaPolicy media_policy, CastSocket::Client* client); - // TlsConnectionFactory::Client overrides. - void OnAccepted(TlsConnectionFactory* factory, - std::vector<uint8_t> der_x509_peer_cert, - std::unique_ptr<TlsConnection> connection) override; - void OnConnected(TlsConnectionFactory* factory, - std::vector<uint8_t> der_x509_peer_cert, - std::unique_ptr<TlsConnection> connection) override; - void OnConnectionFailed(TlsConnectionFactory* factory, - const IPEndpoint& remote_address) override; - void OnError(TlsConnectionFactory* factory, Error error) override; + // openscreen::TlsConnectionFactory::Client overrides. + void OnAccepted( + openscreen::TlsConnectionFactory* factory, + std::vector<uint8_t> der_x509_peer_cert, + std::unique_ptr<openscreen::TlsConnection> connection) override; + void OnConnected( + openscreen::TlsConnectionFactory* factory, + std::vector<uint8_t> der_x509_peer_cert, + std::unique_ptr<openscreen::TlsConnection> connection) override; + void OnConnectionFailed( + openscreen::TlsConnectionFactory* factory, + const openscreen::IPEndpoint& remote_address) override; + void OnError(openscreen::TlsConnectionFactory* factory, + openscreen::Error error) override; private: struct PendingConnection { - IPEndpoint endpoint; + openscreen::IPEndpoint endpoint; DeviceMediaPolicy media_policy; CastSocket::Client* client; }; struct PendingAuth { - IPEndpoint endpoint; + openscreen::IPEndpoint endpoint; DeviceMediaPolicy media_policy; std::unique_ptr<CastSocket> socket; CastSocket::Client* client; @@ -83,20 +87,19 @@ class SenderSocketFactory final : public TlsConnectionFactory::Client, friend bool operator<(uint32_t a, const std::unique_ptr<PendingAuth>& b); std::vector<PendingConnection>::iterator FindPendingConnection( - const IPEndpoint& endpoint); + const openscreen::IPEndpoint& endpoint); // CastSocket::Client overrides. - void OnError(CastSocket* socket, Error error) override; - void OnMessage(CastSocket* socket, - ::cast::channel::CastMessage message) override; + void OnError(CastSocket* socket, openscreen::Error error) override; + void OnMessage(CastSocket* socket, CastMessage message) override; Client* const client_; - TlsConnectionFactory* factory_ = nullptr; + openscreen::TlsConnectionFactory* factory_ = nullptr; std::vector<PendingConnection> pending_connections_; std::vector<std::unique_ptr<PendingAuth>> pending_auth_; }; +} // namespace channel } // namespace cast -} // namespace openscreen #endif // CAST_SENDER_CHANNEL_SENDER_SOCKET_FACTORY_H_ |