OLD | NEW |
| (Empty) |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef NET_BASE_CERT_VERIFY_RESULT_H_ | |
6 #define NET_BASE_CERT_VERIFY_RESULT_H_ | |
7 | |
8 #include <vector> | |
9 | |
10 #include "net/base/cert_status_flags.h" | |
11 #include "net/base/net_export.h" | |
12 #include "base/memory/ref_counted.h" | |
13 #include "net/base/x509_cert_types.h" | |
14 | |
15 namespace net { | |
16 | |
17 class X509Certificate; | |
18 | |
19 // The result of certificate verification. | |
20 class NET_EXPORT CertVerifyResult { | |
21 public: | |
22 CertVerifyResult(); | |
23 ~CertVerifyResult(); | |
24 | |
25 void Reset(); | |
26 | |
27 // The certificate and chain that was constructed during verification. | |
28 // Note that the though the verified certificate will match the originally | |
29 // supplied certificate, the intermediate certificates stored within may | |
30 // be substantially different. In the event of a verification failure, this | |
31 // will contain the chain as supplied by the server. This may be NULL if | |
32 // running within the sandbox. | |
33 scoped_refptr<X509Certificate> verified_cert; | |
34 | |
35 // Bitmask of CERT_STATUS_* from net/base/cert_status_flags.h. Note that | |
36 // these status flags apply to the certificate chain returned in | |
37 // |verified_cert|, rather than the originally supplied certificate | |
38 // chain. | |
39 CertStatus cert_status; | |
40 | |
41 // Properties of the certificate chain. | |
42 bool has_md5; | |
43 bool has_md2; | |
44 bool has_md4; | |
45 bool has_md5_ca; | |
46 bool has_md2_ca; | |
47 | |
48 // If the certificate was successfully verified then this contains the | |
49 // hashes, in several hash algorithms, of the SubjectPublicKeyInfos of the | |
50 // chain. | |
51 HashValueVector public_key_hashes; | |
52 | |
53 // is_issued_by_known_root is true if we recognise the root CA as a standard | |
54 // root. If it isn't then it's probably the case that this certificate was | |
55 // generated by a MITM proxy whose root has been installed locally. This is | |
56 // meaningless if the certificate was not trusted. | |
57 bool is_issued_by_known_root; | |
58 | |
59 // is_issued_by_additional_trust_anchor is true if the root CA used for this | |
60 // verification came from the list of additional trust anchors. | |
61 bool is_issued_by_additional_trust_anchor; | |
62 }; | |
63 | |
64 } // namespace net | |
65 | |
66 #endif // NET_BASE_CERT_VERIFY_RESULT_H_ | |
OLD | NEW |