Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(88)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chromeos/net/cert_verify_proc_chromeos.h

Issue 137553004: NSS Cros multiprofile: trust roots added by a profile shouldn't apply to other profiles. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ios fix Created 6 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | chrome/browser/chromeos/net/cert_verify_proc_chromeos.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef CHROME_BROWSER_CHROMEOS_NET_CERT_VERIFY_PROC_CHROMEOS_H_
6 #define CHROME_BROWSER_CHROMEOS_NET_CERT_VERIFY_PROC_CHROMEOS_H_
7
8 #include "crypto/scoped_nss_types.h"
9 #include "net/cert/cert_verify_proc_nss.h"
10 #include "net/cert/nss_profile_filter_chromeos.h"
11
12 namespace chromeos {
13
14 // Wrapper around CertVerifyProcNSS which allows filtering trust decisions on a
15 // per-slot basis.
16 //
17 // Note that only the simple case is currently handled (if a slot contains a new
18 // trust root, that root should not be trusted by CertVerifyProcChromeOS
19 // instances using other slots). More complicated cases are not handled (like
20 // two slots adding the same root cert but with different trust values).
21 class CertVerifyProcChromeOS : public net::CertVerifyProcNSS {
22 public:
23 // Creates a CertVerifyProc that doesn't allow any user-provided trust roots.
24 CertVerifyProcChromeOS();
25
26 // Creates a CertVerifyProc that doesn't allow trust roots provided by
27 // users other than the specified slot.
28 explicit CertVerifyProcChromeOS(crypto::ScopedPK11Slot public_slot);
29
30 protected:
31 virtual ~CertVerifyProcChromeOS();
32
33 private:
34 // net::CertVerifyProcNSS implementation:
35 virtual int VerifyInternal(
36 net::X509Certificate* cert,
37 const std::string& hostname,
38 int flags,
39 net::CRLSet* crl_set,
40 const net::CertificateList& additional_trust_anchors,
41 net::CertVerifyResult* verify_result) OVERRIDE;
42
43 // Check if the trust root of |current_chain| is allowed.
44 // |is_chain_valid_arg| is actually a ChainVerifyArgs*, which is used to pass
45 // state through the NSS CERTChainVerifyCallback.isChainValidArg parameter.
46 // If the chain is allowed, |*chain_ok| will be set to PR_TRUE.
47 // If the chain is not allowed, |*chain_ok| is set to PR_FALSE, and this
48 // function may be called again during a single certificate verification if
49 // there are multiple possible valid chains.
50 static SECStatus IsChainValidFunc(void* is_chain_valid_arg,
51 const CERTCertList* current_chain,
52 PRBool* chain_ok);
53
54 net::NSSProfileFilterChromeOS profile_filter_;
55 };
56
57 } // namespace chromeos
58
59 #endif // CHROME_BROWSER_CHROMEOS_NET_CERT_VERIFY_PROC_CHROMEOS_H_
OLDNEW
« no previous file with comments | « no previous file | chrome/browser/chromeos/net/cert_verify_proc_chromeos.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698