1 // Copyright 2020 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CAST_RECEIVER_CHANNEL_STATIC_CREDENTIALS_H_
6 #define CAST_RECEIVER_CHANNEL_STATIC_CREDENTIALS_H_
7 
8 #include <memory>
9 #include <string>
10 #include <vector>
11 
12 #include "absl/strings/string_view.h"
13 #include "cast/common/certificate/cast_cert_validator_internal.h"
14 #include "cast/receiver/channel/device_auth_namespace_handler.h"
15 #include "platform/base/error.h"
16 #include "platform/base/tls_credentials.h"
17 
18 namespace openscreen {
19 namespace cast {
20 
21 class StaticCredentialsProvider final
22     : public DeviceAuthNamespaceHandler::CredentialsProvider {
23  public:
24   StaticCredentialsProvider();
25   StaticCredentialsProvider(DeviceCredentials device_creds,
26                             std::vector<uint8_t> tls_cert_der);
27 
28   StaticCredentialsProvider(const StaticCredentialsProvider&) = delete;
29   StaticCredentialsProvider(StaticCredentialsProvider&&) noexcept;
30   StaticCredentialsProvider& operator=(const StaticCredentialsProvider&) =
31       delete;
32   StaticCredentialsProvider& operator=(StaticCredentialsProvider&&);
33   ~StaticCredentialsProvider();
34 
GetCurrentTlsCertAsDer()35   absl::Span<const uint8_t> GetCurrentTlsCertAsDer() override {
36     return absl::Span<uint8_t>(tls_cert_der);
37   }
GetCurrentDeviceCredentials()38   const DeviceCredentials& GetCurrentDeviceCredentials() override {
39     return device_creds;
40   }
41 
42   DeviceCredentials device_creds;
43   std::vector<uint8_t> tls_cert_der;
44 };
45 
46 struct GeneratedCredentials {
47   std::unique_ptr<StaticCredentialsProvider> provider;
48   TlsCredentials tls_credentials;
49   std::vector<uint8_t> root_cert_der;
50 };
51 
52 // Generates a private key and root TLS server certificate for use with cast
53 // sockets.
54 void GenerateDeveloperCredentialsToFile();
55 
56 // Generates a valid set of credentials for use with cast sockets/TLS.
57 // Both the private key and server certificate paths are required, except
58 // in testing where they can be omitted.
59 ErrorOr<GeneratedCredentials> GenerateCredentials(
60     const std::string& device_certificate_id,
61     const std::string& private_key_path,
62     const std::string& server_certificate_path);
63 
64 ErrorOr<GeneratedCredentials> GenerateCredentialsForTesting(
65     const std::string& device_certificate_id);
66 
67 }  // namespace cast
68 }  // namespace openscreen
69 
70 #endif  // CAST_RECEIVER_CHANNEL_STATIC_CREDENTIALS_H_
71