Chromium Code Reviews Chromium Code Reviews
Issue 8342054:
net: enable CRL sets behind a command line flag. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_BASE_X509_CERTIFICATE_H_ | 5 #ifndef NET_BASE_X509_CERTIFICATE_H_ |
| 6 #define NET_BASE_X509_CERTIFICATE_H_ | 6 #define NET_BASE_X509_CERTIFICATE_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <string.h> | 9 #include <string.h> |
| 10 | 10 |
| (...skipping 26 matching lines...) Expand all Loading... | |
| 37 | 37 |
| 38 class Pickle; | 38 class Pickle; |
| 39 | 39 |
| 40 namespace crypto { | 40 namespace crypto { |
| 41 class StringPiece; | 41 class StringPiece; |
| 42 class RSAPrivateKey; | 42 class RSAPrivateKey; |
| 43 } // namespace crypto | 43 } // namespace crypto |
| 44 | 44 |
| 45 namespace net { | 45 namespace net { |
| 46 | 46 |
| 47 class CRLSet; | |
| 47 class CertVerifyResult; | 48 class CertVerifyResult; |
| 48 | 49 |
| 49 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; | 50 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; |
| 50 | 51 |
| 51 // X509Certificate represents a X.509 certificate, which is comprised a | 52 // X509Certificate represents a X.509 certificate, which is comprised a |
| 52 // particular identity or end-entity certificate, such as an SSL server | 53 // particular identity or end-entity certificate, such as an SSL server |
| 53 // identity or an SSL client certificate, and zero or more intermediate | 54 // identity or an SSL client certificate, and zero or more intermediate |
| 54 // certificates that may be used to build a path to a root certificate. | 55 // certificates that may be used to build a path to a root certificate. |
| 55 class NET_EXPORT X509Certificate | 56 class NET_EXPORT X509Certificate |
| 56 : public base::RefCountedThreadSafe<X509Certificate> { | 57 : public base::RefCountedThreadSafe<X509Certificate> { |
| (...skipping 256 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 313 // The |*verify_result| structure, including the |verify_result->cert_status| | 314 // The |*verify_result| structure, including the |verify_result->cert_status| |
| 314 // bitmask, is always filled out regardless of the return value. If the | 315 // bitmask, is always filled out regardless of the return value. If the |
| 315 // certificate has multiple errors, the corresponding status flags are set in | 316 // certificate has multiple errors, the corresponding status flags are set in |
| 316 // |verify_result->cert_status|, and the error code for the most serious | 317 // |verify_result->cert_status|, and the error code for the most serious |
| 317 // error is returned. | 318 // error is returned. |
| 318 // | 319 // |
| 319 // |flags| is bitwise OR'd of VerifyFlags. | 320 // |flags| is bitwise OR'd of VerifyFlags. |
| 320 // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation | 321 // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation |
| 321 // checking is performed. If VERIFY_EV_CERT is set in |flags| too, | 322 // checking is performed. If VERIFY_EV_CERT is set in |flags| too, |
| 322 // EV certificate verification is performed. | 323 // EV certificate verification is performed. |
| 324 // | |
| 325 // |crl_set| points to an optional CRLSet structure which can be used to | |
| 326 // avoid revocation checks over the network. | |
| 323 int Verify(const std::string& hostname, | 327 int Verify(const std::string& hostname, |
| 324 int flags, | 328 int flags, |
| 325 CertVerifyResult* verify_result) const; | 329 CertVerifyResult* verify_result, |
| 330 CRLSet* crl_set) const; | |
|
wtc
2011/10/21 23:17:31
List |crl_set| (an input) before |verify_result| (
agl
2011/10/24 20:44:27
Done.
| |
| 326 | 331 |
| 327 // Verifies that |hostname| matches this certificate. | 332 // Verifies that |hostname| matches this certificate. |
| 328 // Does not verify that the certificate is valid, only that the certificate | 333 // Does not verify that the certificate is valid, only that the certificate |
| 329 // matches this host. | 334 // matches this host. |
| 330 // Returns true if it matches. | 335 // Returns true if it matches. |
| 331 bool VerifyNameMatch(const std::string& hostname) const; | 336 bool VerifyNameMatch(const std::string& hostname) const; |
| 332 | 337 |
| 333 // This method returns the DER encoded certificate. | 338 // This method returns the DER encoded certificate. |
| 334 // If the return value is true then the DER encoded certificate is available. | 339 // If the return value is true then the DER encoded certificate is available. |
| 335 // The content of the DER encoded certificate is written to |encoded|. | 340 // The content of the DER encoded certificate is written to |encoded|. |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 409 const std::string& cert_common_name, | 414 const std::string& cert_common_name, |
| 410 const std::vector<std::string>& cert_san_dns_names, | 415 const std::vector<std::string>& cert_san_dns_names, |
| 411 const std::vector<std::string>& cert_san_ip_addrs); | 416 const std::vector<std::string>& cert_san_ip_addrs); |
| 412 | 417 |
| 413 // Performs the platform-dependent part of the Verify() method, verifiying | 418 // Performs the platform-dependent part of the Verify() method, verifiying |
| 414 // this certificate against the platform's root CA certificates. | 419 // this certificate against the platform's root CA certificates. |
| 415 // | 420 // |
| 416 // Parameters and return value are as per Verify(). | 421 // Parameters and return value are as per Verify(). |
| 417 int VerifyInternal(const std::string& hostname, | 422 int VerifyInternal(const std::string& hostname, |
| 418 int flags, | 423 int flags, |
| 419 CertVerifyResult* verify_result) const; | 424 CertVerifyResult* verify_result, |
| 425 CRLSet* crl_set) const; | |
| 420 | 426 |
| 421 // The serial number, DER encoded. | 427 // The serial number, DER encoded. |
| 422 // NOTE: keep this method private, used by IsBlacklisted only. To simplify | 428 // NOTE: keep this method private, used by IsBlacklisted only. To simplify |
| 423 // IsBlacklisted, we strip the leading 0 byte of a serial number, used to | 429 // IsBlacklisted, we strip the leading 0 byte of a serial number, used to |
| 424 // encode a positive DER INTEGER (a signed type) with a most significant bit | 430 // encode a positive DER INTEGER (a signed type) with a most significant bit |
| 425 // of 1. Other code must not use this method for general purpose until this | 431 // of 1. Other code must not use this method for general purpose until this |
| 426 // is fixed. | 432 // is fixed. |
| 427 const std::string& serial_number() const { return serial_number_; } | 433 const std::string& serial_number() const { return serial_number_; } |
| 428 | 434 |
| 429 // IsBlacklisted returns true if this certificate is explicitly blacklisted. | 435 // IsBlacklisted returns true if this certificate is explicitly blacklisted. |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 481 // (Marked mutable because it's used in a const method.) | 487 // (Marked mutable because it's used in a const method.) |
| 482 mutable base::Lock verification_lock_; | 488 mutable base::Lock verification_lock_; |
| 483 #endif | 489 #endif |
| 484 | 490 |
| 485 DISALLOW_COPY_AND_ASSIGN(X509Certificate); | 491 DISALLOW_COPY_AND_ASSIGN(X509Certificate); |
| 486 }; | 492 }; |
| 487 | 493 |
| 488 } // namespace net | 494 } // namespace net |
| 489 | 495 |
| 490 #endif // NET_BASE_X509_CERTIFICATE_H_ | 496 #endif // NET_BASE_X509_CERTIFICATE_H_ |
| OLD | NEW |
