// Copyright 2019 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. syntax = "proto2"; package cast.certificate; option optimize_for = LITE_RUNTIME; // A suite of test data to exercise Cast device certificate verification and // revocation logic. message DeviceCertTestSuite { repeated DeviceCertTest tests = 1; } enum VerificationResult { // This should never be encountered in a valid test. UNSPECIFIED = 0; // The device certificate is valid. SUCCESS = 1; // Problem with device certificate or its path. PATH_VERIFICATION_FAILED = 2; // Problem with the CRL. CRL_VERIFICATION_FAILED = 3; // Device certificate or one of the certificates in its path did not pass the // revocation check. REVOCATION_CHECK_FAILED = 4; // No CRL was provided, but revocation check is required, and therefore fails. REVOCATION_CHECK_FAILED_WITHOUT_CRL = 5; // CRL is valid at the time of initial verification, but when device cert // revocation is checked, the CRL signer cert has expired and the CRL is no // longer valid. CRL_EXPIRED_AFTER_INITIAL_VERIFICATION = 6; } message DeviceCertTest { // Human-readable description of the test. optional string description = 1; // Expected result of the certificate verification. optional VerificationResult expected_result = 4; // Device certiticate path up to a trusted root. Root is not included. repeated bytes der_cert_path = 2; // Serialized cast.CrlBundle proto if revocation check is required. optional bytes crl_bundle = 3; // Time at which to verify the device certificate. optional uint64 cert_verification_time_seconds = 5; // Time at which to verify the CRL. It this field is omitted, the CRL is // verified at cert_verification_time_seconds. optional uint64 crl_verification_time_seconds = 6; // Chooses between test and production trust anchors for device certificates // and CRLs. Defaults to using the test trust anchors. optional bool use_test_trust_anchors = 7 [default = true]; }