blob: 0a4b37c21ccc12aece0dceca4e7ada61d8a33c1b [file] [log] [blame]
// Copyright 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <openssl/x509.h>
#include <string>
#include <vector>
#include "absl/strings/string_view.h"
#include "platform/base/error.h"
namespace openscreen {
namespace cast {
struct TrustStore {
enum class Mode {
// In strict mode, only certificates signed by a CA will be accepted as
// part of authentication. Note that if a self-signed certificate is placed
// in a strict mode TrustStore, it cannot be used for authentication.
// In allow self signed mode, certificates signed by an arbitrary private
// key that have been placed in this trust store will be allowed. Note
// that certificates must still otherwise be valid.
static TrustStore CreateInstanceFromPemFile(absl::string_view file_path);
std::vector<bssl::UniquePtr<X509>> certs;
// Adds a trust anchor given a DER-encoded certificate from static
// storage.
template <size_t N>
bssl::UniquePtr<X509> MakeTrustAnchor(const uint8_t (&data)[N]) {
const uint8_t* dptr = data;
return bssl::UniquePtr<X509>{d2i_X509(nullptr, &dptr, N)};
inline bssl::UniquePtr<X509> MakeTrustAnchor(const std::vector<uint8_t>& data) {
const uint8_t* dptr =;
return bssl::UniquePtr<X509>{d2i_X509(nullptr, &dptr, data.size())};
struct ConstDataSpan;
struct DateTime;
bool VerifySignedData(const EVP_MD* digest,
EVP_PKEY* public_key,
const ConstDataSpan& data,
const ConstDataSpan& signature);
// Parses DateTime with additional restrictions laid out by RFC 5280
bool ParseAsn1GeneralizedTime(ASN1_GENERALIZEDTIME* time, DateTime* out);
bool GetCertValidTimeRange(X509* cert,
DateTime* not_before,
DateTime* not_after);
struct CertificatePathResult {
bssl::UniquePtr<X509> target_cert;
std::vector<bssl::UniquePtr<X509>> intermediate_certs;
std::vector<X509*> path;
Error FindCertificatePath(const std::vector<std::string>& der_certs,
const DateTime& time,
CertificatePathResult* result_path,
TrustStore* trust_store);
} // namespace cast
} // namespace openscreen