Index: net/base/crl_set.h |
diff --git a/net/base/crl_set.h b/net/base/crl_set.h |
index a41cf0c392a0cabb6e0018c1a59fbc5cab9885dc..624e6711228aa114ff33fdeebb26d2df5cc1b931 100644 |
--- a/net/base/crl_set.h |
+++ b/net/base/crl_set.h |
@@ -17,6 +17,10 @@ |
#include "base/time.h" |
#include "net/base/net_export.h" |
+namespace base { |
+class DictionaryValue; |
+} |
+ |
namespace net { |
// A CRLSet is a structure that lists the serial numbers of revoked |
@@ -39,10 +43,12 @@ class NET_EXPORT CRLSet : public base::RefCountedThreadSafe<CRLSet> { |
// CheckCertificate returns the information contained in the set for a given |
// certificate: |
+ // spki_hash: the SHA256 of the SubjectPublicKeyInfo |
wtc
2012/01/10 00:50:59
Nit: add "of the certificate".
agl
2012/01/10 16:15:29
Done.
|
// serial_number: the serial number of the certificate |
// issuer_spki_hash: the SHA256 of the SubjectPublicKeyInfo of the CRL |
wtc
2012/01/10 00:50:59
You should describe what happens if issuer_spki_ha
agl
2012/01/10 16:15:29
(Have split the function to hopefully make it clea
|
// signer |
Result CheckCertificate( |
+ const base::StringPiece& spki_hash, |
const base::StringPiece& serial_number, |
const base::StringPiece& issuer_spki_hash) const; |
@@ -78,7 +84,7 @@ class NET_EXPORT CRLSet : public base::RefCountedThreadSafe<CRLSet> { |
private: |
CRLSet(); |
- static CRLSet* CRLSetFromHeader(base::StringPiece header); |
+ bool CopyBlockedSPKIsFromHeader(base::DictionaryValue* header_dict); |
wtc
2012/01/10 00:50:59
Nit: perhaps call these "revoked SPKIs" rather tha
agl
2012/01/10 16:15:29
(See other comment for why I want to stick with "b
|
uint32 sequence_; |
CRLList crls_; |
@@ -87,6 +93,9 @@ class NET_EXPORT CRLSet : public base::RefCountedThreadSafe<CRLSet> { |
// and |crls_index_by_issuer_| because, when applying a delta update, we need |
// to identify a CRL by index. |
std::map<std::string, size_t> crls_index_by_issuer_; |
+ // blocked_spkis_ contains the SHA256 hash of SPKIs which are to be blocked no |
wtc
2012/01/10 00:50:59
Nit: hash => hashes ?
agl
2012/01/10 16:15:29
On 2012/01/10 00:50:59, wtc wrote:
>
> Nit: hash
|
+ // matter where in a certificate chain they might appear. |
+ std::vector<std::string> blocked_spkis_; |
}; |
} // namespace net |