• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright 2019 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5syntax = "proto2";
6
7package cast.certificate;
8
9option optimize_for = LITE_RUNTIME;
10
11// A suite of test data to exercise Cast device certificate verification and
12// revocation logic.
13message DeviceCertTestSuite {
14  repeated DeviceCertTest tests = 1;
15}
16
17enum VerificationResult {
18  // This should never be encountered in a valid test.
19  UNSPECIFIED = 0;
20
21  // The device certificate is valid.
22  SUCCESS = 1;
23
24  // Problem with device certificate or its path.
25  PATH_VERIFICATION_FAILED = 2;
26
27  // Problem with the CRL.
28  CRL_VERIFICATION_FAILED = 3;
29
30  // Device certificate or one of the certificates in its path did not pass the
31  // revocation check.
32  REVOCATION_CHECK_FAILED = 4;
33
34  // No CRL was provided, but revocation check is required, and therefore fails.
35  REVOCATION_CHECK_FAILED_WITHOUT_CRL = 5;
36
37  // CRL is valid at the time of initial verification, but when device cert
38  // revocation is checked, the CRL signer cert has expired and the CRL is no
39  // longer valid.
40  CRL_EXPIRED_AFTER_INITIAL_VERIFICATION = 6;
41}
42
43message DeviceCertTest {
44  // Human-readable description of the test.
45  optional string description = 1;
46
47  // Expected result of the certificate verification.
48  optional VerificationResult expected_result = 4;
49
50  // Device certiticate path up to a trusted root.  Root is not included.
51  repeated bytes der_cert_path = 2;
52
53  // Serialized cast.CrlBundle proto if revocation check is required.
54  optional bytes crl_bundle = 3;
55
56  // Time at which to verify the device certificate.
57  optional uint64 cert_verification_time_seconds = 5;
58
59  // Time at which to verify the CRL. It this field is omitted, the CRL is
60  // verified at cert_verification_time_seconds.
61  optional uint64 crl_verification_time_seconds = 6;
62
63  // Chooses between test and production trust anchors for device certificates
64  // and CRLs. Defaults to using the test trust anchors.
65  optional bool use_test_trust_anchors = 7 [default = true];
66}
67