blob: 77efd26c56510bf91c6e8cfcacc9ef0b6d1f580b [file] [log] [blame]
// Copyright 2016 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <memory>
#include <string>
#include <vector>
#include "base/compiler_specific.h"
#include "base/memory/ref_counted.h"
#include "base/time/time.h"
#include "net/cert/internal/parsed_certificate.h"
namespace net {
class TrustStore;
struct CertPath;
namespace cast_certificate {
// This class represents the CRL information parsed from the binary proto.
class CastCRL {
virtual ~CastCRL(){};
// Verifies the revocation status of a cast device certificate given a chain
// of X.509 certificates.
// Inputs:
// * |chain| the chain of verified certificates, including trust anchor.
// * |time| is the unix timestamp to use for determining if the certificate
// is revoked.
// Output:
// Returns true if no certificate in the chain was revoked.
virtual bool CheckRevocation(const net::CertPath& chain,
const base::Time& time) const = 0;
// Parses and verifies the CRL used to verify the revocation status of
// Cast device certificates, using the built-in Cast CRL trust anchors.
// Inputs:
// * |crl_proto| is a serialized cast_certificate.CrlBundle proto.
// * |time| is the unix timestamp to use for determining if the CRL is valid.
// Output:
// Returns the CRL object if success, nullptr otherwise.
std::unique_ptr<CastCRL> ParseAndVerifyCRL(const std::string& crl_proto,
const base::Time& time);
// This is an overloaded version of ParseAndVerifyCRL that allows
// the input of a custom TrustStore.
// For production use pass |trust_store| as nullptr to use the production trust
// store.
std::unique_ptr<CastCRL> ParseAndVerifyCRLUsingCustomTrustStore(
const std::string& crl_proto,
const base::Time& time,
net::TrustStore* trust_store);
} // namespace cast_certificate