| // Copyright (c) 2016 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| syntax = "proto2"; |
| |
| package cast_certificate; |
| |
| option optimize_for = LITE_RUNTIME; |
| |
| // A suite of test data to exercise Cast device certificate verification and |
| // revocation logic. |
| message DeviceCertTestSuite { |
| repeated DeviceCertTest tests = 1; |
| } |
| |
| enum VerificationResult { |
| // This should never be encountered in a valid test. |
| UNSPECIFIED = 0; |
| // The device certificate is valid. |
| SUCCESS = 1; |
| // Problem with device certificate or its path. |
| PATH_VERIFICATION_FAILED = 2; |
| // Problem with the CRL. |
| CRL_VERIFICATION_FAILED = 3; |
| // Device certificate or one of the certificates in its path did not pass the |
| // revocation check. |
| REVOCATION_CHECK_FAILED = 4; |
| // No CRL was provided, but revocation check is required, and therefore fails. |
| REVOCATION_CHECK_FAILED_WITHOUT_CRL = 5; |
| // CRL is valid at the time of initial verification, but when device cert |
| // revocation is checked, the CRL signer cert has expired and the CRL is no |
| // longer valid. |
| CRL_EXPIRED_AFTER_INITIAL_VERIFICATION = 6; |
| } |
| |
| message DeviceCertTest { |
| // Human-readable description of the test. |
| optional string description = 1; |
| |
| // Expected result of the certificate verification. |
| optional VerificationResult expected_result = 4; |
| |
| // Device certiticate path up to a trusted root. Root is not included. |
| repeated bytes der_cert_path = 2; |
| |
| // Serialized cast.CrlBundle proto if revocation check is required. |
| optional bytes crl_bundle = 3; |
| |
| // Time at which to verify the device certificate. |
| optional uint64 cert_verification_time_seconds = 5; |
| |
| // Time at which to verify the CRL. It this field is omitted, the CRL is |
| // verified at cert_verification_time_seconds. |
| optional uint64 crl_verification_time_seconds = 6; |
| |
| // Chooses between test and production trust anchors for device certificates |
| // and CRLs. Defaults to using the test trust anchors. |
| optional bool use_test_trust_anchors = 7 [default = true]; |
| } |