| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_BASE_HOST_RESOLVER_H_ | 5 #ifndef NET_BASE_CERT_VERIFIER_H_ |
| 6 #define NET_BASE_HOST_RESOLVER_H_ | 6 #define NET_BASE_CERT_VERIFIER_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| 11 #include "base/ref_counted.h" | 11 #include "base/ref_counted.h" |
| 12 #include "net/base/completion_callback.h" | 12 #include "net/base/completion_callback.h" |
| 13 | 13 |
| 14 namespace net { | 14 namespace net { |
| 15 | 15 |
| 16 class AddressList; | 16 class X509Certificate; |
| 17 | 17 |
| 18 // This class represents the task of resolving a hostname (or IP address | 18 // This class represents the task of verifying a certificate. It can only |
| 19 // literal) to an AddressList object. It can only resolve a single hostname at | 19 // verify a single certificate at a time, so if you need to verify multiple |
| 20 // a time, so if you need to resolve multiple hostnames at the same time, you | 20 // certificates at the same time, you will need to allocate a CertVerifier |
| 21 // will need to allocate a HostResolver object for each hostname. | 21 // object for each certificate. |
| 22 // | 22 // |
| 23 // No attempt is made at this level to cache or pin resolution results. For | 23 // TODO(wtc): This class is based on HostResolver. We should create a base |
| 24 // each request, this API talks directly to the underlying name resolver of | 24 // class for the common code between the two classes. |
| 25 // the local system, which may or may not result in a DNS query. The exact | |
| 26 // behavior depends on the system configuration. | |
| 27 // | 25 // |
| 28 class HostResolver { | 26 class CertVerifier { |
| 29 public: | 27 public: |
| 30 HostResolver(); | 28 CertVerifier(); |
| 31 | 29 |
| 32 // If a completion callback is pending when the resolver is destroyed, the | 30 // If a completion callback is pending when the verifier is destroyed, the |
| 33 // host resolution is cancelled, and the completion callback will not be | 31 // certificate verification is cancelled, and the completion callback will |
| 34 // called. | 32 // not be called. |
| 35 ~HostResolver(); | 33 ~CertVerifier(); |
| 36 | 34 |
| 37 // Resolves the given hostname (or IP address literal), filling out the | 35 // Verifies the given certificate against the given hostname. Returns OK if |
| 38 // |addresses| object upon success. The |port| parameter will be set as the | 36 // successful or an error code upon failure. |
| 39 // sin(6)_port field of the sockaddr_in{6} struct. Returns OK if successful | 37 // |
| 40 // or an error code upon failure. | 38 // The |cert_status| bitmask is always filled out regardless of the return |
| 39 // value. If the certificate has multiple errors, the corresponding status |
| 40 // flags are set in |cert_status|, and the error code for the most serious |
| 41 // error is returned. |
| 42 // |
| 43 // If |rev_checking_enabled| is true, certificate revocation checking is |
| 44 // performed. |
| 41 // | 45 // |
| 42 // When callback is null, the operation completes synchronously. | 46 // When callback is null, the operation completes synchronously. |
| 43 // | 47 // |
| 44 // When callback is non-null, ERR_IO_PENDING is returned if the operation | 48 // When callback is non-null, ERR_IO_PENDING is returned if the operation |
| 45 // could not be completed synchronously, in which case the result code will | 49 // could not be completed synchronously, in which case the result code will |
| 46 // be passed to the callback when available. | 50 // be passed to the callback when available. |
| 47 // | 51 // |
| 48 int Resolve(const std::string& hostname, int port, | 52 int Verify(X509Certificate* cert, const std::string& hostname, |
| 49 AddressList* addresses, CompletionCallback* callback); | 53 bool rev_checking_enabled, int* cert_status, |
| 54 CompletionCallback* callback); |
| 50 | 55 |
| 51 private: | 56 private: |
| 52 class Request; | 57 class Request; |
| 53 friend class Request; | 58 friend class Request; |
| 54 scoped_refptr<Request> request_; | 59 scoped_refptr<Request> request_; |
| 55 DISALLOW_COPY_AND_ASSIGN(HostResolver); | 60 DISALLOW_COPY_AND_ASSIGN(CertVerifier); |
| 56 }; | 61 }; |
| 57 | 62 |
| 58 // A helper class used in unit tests to alter hostname mappings. See | |
| 59 // SetHostMapper for details. | |
| 60 class HostMapper { | |
| 61 public: | |
| 62 virtual ~HostMapper() {} | |
| 63 virtual std::string Map(const std::string& host) = 0; | |
| 64 }; | |
| 65 | |
| 66 #ifdef UNIT_TEST | |
| 67 // This function is designed to allow unit tests to override the behavior of | |
| 68 // HostResolver. For example, a HostMapper instance can force all hostnames | |
| 69 // to map to a fixed IP address such as 127.0.0.1. | |
| 70 // | |
| 71 // The previously set HostMapper (or NULL if there was none) is returned. | |
| 72 // | |
| 73 // NOTE: This function is not thread-safe, so take care to only call this | |
| 74 // function while there are no outstanding HostResolver instances. | |
| 75 // | |
| 76 // NOTE: In most cases, you should use ScopedHostMapper instead, which is | |
| 77 // defined in host_resolver_unittest.h | |
| 78 // | |
| 79 HostMapper* SetHostMapper(HostMapper* host_mapper); | |
| 80 #endif | |
| 81 | |
| 82 } // namespace net | 63 } // namespace net |
| 83 | 64 |
| 84 #endif // NET_BASE_HOST_RESOLVER_H_ | 65 #endif // NET_BASE_CERT_VERIFIER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 14868:
Add the CertVerifier class. It is based on the... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/