OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_CERT_VERIFY_RESULT_H_ | 5 #ifndef NET_BASE_CERT_VERIFY_RESULT_H_ |
6 #define NET_BASE_CERT_VERIFY_RESULT_H_ | 6 #define NET_BASE_CERT_VERIFY_RESULT_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/memory/ref_counted.h" | |
11 #include "net/base/x509_cert_types.h" | 12 #include "net/base/x509_cert_types.h" |
12 | 13 |
13 namespace net { | 14 namespace net { |
14 | 15 |
15 // The result of certificate verification. Eventually this may contain the | 16 class X509Certificate; |
16 // certificate chain that was constructed during certificate verification. | 17 |
18 // The result of certificate verification. | |
17 class CertVerifyResult { | 19 class CertVerifyResult { |
18 public: | 20 public: |
19 CertVerifyResult(); | 21 CertVerifyResult(); |
20 ~CertVerifyResult(); | 22 ~CertVerifyResult(); |
21 | 23 |
22 void Reset(); | 24 void Reset(); |
23 | 25 |
24 // Bitmask of CERT_STATUS_* from net/base/cert_status_flags.h | 26 // The certificate and chain that were constructed during verification. |
wtc
2011/07/26 00:16:35
Nit: were => was
because only the chain was constr
| |
27 // Note that the though the verified certificate will match the originally | |
28 // supplied certificate, the intermediate certificates stored within may | |
29 // be substantially different. | |
agl
2011/04/18 13:50:27
I think it's worth noting that, in the event of a
| |
30 scoped_refptr<X509Certificate> verified_cert; | |
wtc
2011/04/20 23:39:30
It's better to return a CertificateList to avoid t
Ryan Sleevi
2011/04/20 23:44:34
As implemented, this means that the subject, issue
| |
31 | |
32 // Bitmask of CERT_STATUS_* from net/base/cert_status_flags.h. Note that | |
33 // these status flags apply to the certificate chain returned in | |
34 // |verified_certificate|, rather than the originally supplied certificate | |
wtc
2011/07/26 00:16:35
Typo: verified_certificate => verified_cert
| |
35 // chain. | |
25 int cert_status; | 36 int cert_status; |
26 | 37 |
27 // Properties of the certificate chain. | 38 // Properties of the certificate chain. |
28 bool has_md5; | 39 bool has_md5; |
29 bool has_md2; | 40 bool has_md2; |
30 bool has_md4; | 41 bool has_md4; |
31 bool has_md5_ca; | 42 bool has_md5_ca; |
32 bool has_md2_ca; | 43 bool has_md2_ca; |
33 | 44 |
34 // If the certificate was successfully verified then this contains the SHA1 | 45 // If the certificate was successfully verified then this contains the SHA1 |
35 // fingerprints of the SubjectPublicKeyInfos of the chain. The fingerprint | 46 // fingerprints of the SubjectPublicKeyInfos of the chain. The fingerprint |
36 // from the leaf certificate will be the first element of the vector. | 47 // from the leaf certificate will be the first element of the vector. |
37 std::vector<SHA1Fingerprint> public_key_hashes; | 48 std::vector<SHA1Fingerprint> public_key_hashes; |
38 | 49 |
39 // is_issued_by_known_root is true if we recognise the root CA as a standard | 50 // is_issued_by_known_root is true if we recognise the root CA as a standard |
40 // root. If it isn't then it's probably the case that this certificate was | 51 // root. If it isn't then it's probably the case that this certificate was |
41 // generated by a MITM proxy whose root has been installed locally. This is | 52 // generated by a MITM proxy whose root has been installed locally. This is |
42 // meaningless if the certificate was not trusted. | 53 // meaningless if the certificate was not trusted. |
43 bool is_issued_by_known_root; | 54 bool is_issued_by_known_root; |
44 }; | 55 }; |
45 | 56 |
46 } // namespace net | 57 } // namespace net |
47 | 58 |
48 #endif // NET_BASE_CERT_VERIFY_RESULT_H_ | 59 #endif // NET_BASE_CERT_VERIFY_RESULT_H_ |
OLD | NEW |