1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
// Copyright 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CAST_COMMON_CERTIFICATE_CAST_CERT_VALIDATOR_INTERNAL_H_
#define CAST_COMMON_CERTIFICATE_CAST_CERT_VALIDATOR_INTERNAL_H_
#include <openssl/x509.h>
#include <vector>
#include "platform/base/error.h"
namespace openscreen {
namespace cast {
struct TrustStore {
std::vector<bssl::UniquePtr<X509>> certs;
};
// Adds a trust anchor given a DER-encoded certificate from static
// storage.
template <size_t N>
bssl::UniquePtr<X509> MakeTrustAnchor(const uint8_t (&data)[N]) {
const uint8_t* dptr = data;
return bssl::UniquePtr<X509>{d2i_X509(nullptr, &dptr, N)};
}
inline bssl::UniquePtr<X509> MakeTrustAnchor(const std::vector<uint8_t>& data) {
const uint8_t* dptr = data.data();
return bssl::UniquePtr<X509>{d2i_X509(nullptr, &dptr, data.size())};
}
struct ConstDataSpan;
struct DateTime;
bool VerifySignedData(const EVP_MD* digest,
EVP_PKEY* public_key,
const ConstDataSpan& data,
const ConstDataSpan& signature);
// Parses DateTime with additional restrictions laid out by RFC 5280
// 4.1.2.5.2.
bool ParseAsn1GeneralizedTime(ASN1_GENERALIZEDTIME* time, DateTime* out);
bool GetCertValidTimeRange(X509* cert,
DateTime* not_before,
DateTime* not_after);
struct CertificatePathResult {
bssl::UniquePtr<X509> target_cert;
std::vector<bssl::UniquePtr<X509>> intermediate_certs;
std::vector<X509*> path;
};
Error FindCertificatePath(const std::vector<std::string>& der_certs,
const DateTime& time,
CertificatePathResult* result_path,
TrustStore* trust_store);
} // namespace cast
} // namespace openscreen
#endif // CAST_COMMON_CERTIFICATE_CAST_CERT_VALIDATOR_INTERNAL_H_
|