| Index: net/base/cert_verifier.h
|
| ===================================================================
|
| --- net/base/cert_verifier.h (revision 7188)
|
| +++ net/base/cert_verifier.h (working copy)
|
| @@ -1,9 +1,9 @@
|
| -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
|
| +// Copyright (c) 2008 The Chromium Authors. All rights reserved.
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
|
|
| -#ifndef NET_BASE_HOST_RESOLVER_H_
|
| -#define NET_BASE_HOST_RESOLVER_H_
|
| +#ifndef NET_BASE_CERT_VERIFIER_H_
|
| +#define NET_BASE_CERT_VERIFIER_H_
|
|
|
| #include <string>
|
|
|
| @@ -13,72 +13,53 @@
|
|
|
| namespace net {
|
|
|
| -class AddressList;
|
| +class X509Certificate;
|
|
|
| -// This class represents the task of resolving a hostname (or IP address
|
| -// literal) to an AddressList object. It can only resolve a single hostname at
|
| -// a time, so if you need to resolve multiple hostnames at the same time, you
|
| -// will need to allocate a HostResolver object for each hostname.
|
| +// This class represents the task of verifying a certificate. It can only
|
| +// verify a single certificate at a time, so if you need to verify multiple
|
| +// certificates at the same time, you will need to allocate a CertVerifier
|
| +// object for each certificate.
|
| //
|
| -// No attempt is made at this level to cache or pin resolution results. For
|
| -// each request, this API talks directly to the underlying name resolver of
|
| -// the local system, which may or may not result in a DNS query. The exact
|
| -// behavior depends on the system configuration.
|
| +// TODO(wtc): This class is based on HostResolver. We should create a base
|
| +// class for the common code between the two classes.
|
| //
|
| -class HostResolver {
|
| +class CertVerifier {
|
| public:
|
| - HostResolver();
|
| + CertVerifier();
|
|
|
| - // If a completion callback is pending when the resolver is destroyed, the
|
| - // host resolution is cancelled, and the completion callback will not be
|
| - // called.
|
| - ~HostResolver();
|
| + // If a completion callback is pending when the verifier is destroyed, the
|
| + // certificate verification is cancelled, and the completion callback will
|
| + // not be called.
|
| + ~CertVerifier();
|
|
|
| - // Resolves the given hostname (or IP address literal), filling out the
|
| - // |addresses| object upon success. The |port| parameter will be set as the
|
| - // sin(6)_port field of the sockaddr_in{6} struct. Returns OK if successful
|
| - // or an error code upon failure.
|
| + // Verifies the given certificate against the given hostname. Returns OK if
|
| + // successful or an error code upon failure.
|
| //
|
| + // The |cert_status| bitmask is always filled out regardless of the return
|
| + // value. If the certificate has multiple errors, the corresponding status
|
| + // flags are set in |cert_status|, and the error code for the most serious
|
| + // error is returned.
|
| + //
|
| + // If |rev_checking_enabled| is true, certificate revocation checking is
|
| + // performed.
|
| + //
|
| // When callback is null, the operation completes synchronously.
|
| //
|
| // When callback is non-null, ERR_IO_PENDING is returned if the operation
|
| // could not be completed synchronously, in which case the result code will
|
| // be passed to the callback when available.
|
| //
|
| - int Resolve(const std::string& hostname, int port,
|
| - AddressList* addresses, CompletionCallback* callback);
|
| + int Verify(X509Certificate* cert, const std::string& hostname,
|
| + bool rev_checking_enabled, int* cert_status,
|
| + CompletionCallback* callback);
|
|
|
| private:
|
| class Request;
|
| friend class Request;
|
| scoped_refptr<Request> request_;
|
| - DISALLOW_COPY_AND_ASSIGN(HostResolver);
|
| + DISALLOW_COPY_AND_ASSIGN(CertVerifier);
|
| };
|
|
|
| -// A helper class used in unit tests to alter hostname mappings. See
|
| -// SetHostMapper for details.
|
| -class HostMapper {
|
| - public:
|
| - virtual ~HostMapper() {}
|
| - virtual std::string Map(const std::string& host) = 0;
|
| -};
|
| -
|
| -#ifdef UNIT_TEST
|
| -// This function is designed to allow unit tests to override the behavior of
|
| -// HostResolver. For example, a HostMapper instance can force all hostnames
|
| -// to map to a fixed IP address such as 127.0.0.1.
|
| -//
|
| -// The previously set HostMapper (or NULL if there was none) is returned.
|
| -//
|
| -// NOTE: This function is not thread-safe, so take care to only call this
|
| -// function while there are no outstanding HostResolver instances.
|
| -//
|
| -// NOTE: In most cases, you should use ScopedHostMapper instead, which is
|
| -// defined in host_resolver_unittest.h
|
| -//
|
| -HostMapper* SetHostMapper(HostMapper* host_mapper);
|
| -#endif
|
| -
|
| } // namespace net
|
|
|
| -#endif // NET_BASE_HOST_RESOLVER_H_
|
| +#endif // NET_BASE_CERT_VERIFIER_H_
|
|
|
| Property changes on: net\base\cert_verifier.h
|
| ___________________________________________________________________
|
| Added: svn:mergeinfo
|
| Merged /branches/chrome_webkit_merge_branch/net/base/host_resolver.h:r69-2775
|
|
|
|
|
Chromium Code Reviews
Issue 14868:
Add the CertVerifier class. It is based on the... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/