Validate access tokens
The restriction controller app verifies an issued token as follows:
1. Extract the SSL certificate chain from the x5c header;
2. Validate the SSL certificate chain;
3. Verify the leaf certificate has the correct hostname/SNI;
4. Use the leaf certificate to verify the signature of the token;
5. Check the nonce to make sure it matches the token request;
6. Check the token is in its validation period.
Bug: 173732354
Bug: 173732514
Test: Place google-services.json in app/
Test: If using self-signed CA, place RootCA.pem in app/
Test: Set TOKEN_ISSUER_API_NAME in app/build.gradle
Test: Set TOKEN_ISSUER_HOST_NAME in app/build.gradle
Test: Get test credentials from valentine/#/show/1611079519238994
Test: Set envvars DRC_TEST_EMAIL and DRC_TEST_PASSWORD
Test: ./gradlew connectedAndroidTest
Test: ./gradlew createDebugCoverageReport
Change-Id: I00342444876b992523da6923c1b6c03774a6896d
7 files changed