net/cert/internal/verify_certificate_chain.h - Issue 1410713005: NOT FOR REVIEW....

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/cert/internal/verify_certificate_chain.h

Issue 1410713005: NOT FOR REVIEW.... (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@extension_parsing

Patch Set: Created 5 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_

	6 #define NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_

	7

	8 #include <stdint.h>

	9

	10 #include "base/basictypes.h"

	11 #include "base/compiler_specific.h"

	12 #include "base/memory/scoped_ptr.h"

	13 #include "net/base/net_export.h"

	14

	15 namespace net {

	16

	17 namespace der {

	18 class Input;

	19 struct GeneralizedTime;

	20 }

	21

	22 class SignaturePolicy;

	23

	24 struct NET_EXPORT TrustedRoot {

	25 ~TrustedRoot();

	26

	27 // DER-encoded SubjectPublicKeyInfo for the trusted key.

	28 std::string spki;

	29

	30 // DER-encoded "Name" corresponding with this key.

	31 std::string name;

	32 };

	33

	34 // A very simple implementation of a TrustStore, which contains mappings from a

	35 // name to a correspoding public key for trusted roots.

	36 struct NET_EXPORT TrustStore {

	37 TrustStore();

	38 ~TrustStore();

	39

	40 std::vector<TrustedRoot> roots;

	41 };

	42

	43 // VerifyCertificateChain() verifies a certificate path based on the rules in

	44 // RFC 5280.

	45 //

	46 // WARNING: This implementation is in progress, and is currently

	47 // incomplete. It is not intended for general consumption yet.

	48 //

	49 // ---------

	50 // Inputs

	51 // ---------

	52 //

	53 // cert_chain:

	54 // A non-empty chain of N DER-encoded certificates, listed in the

	55 // "forward" direction.

	56 //

	57 // * cert_chain[0] is the target certificate to verify.

	58 // * cert_chain[i+1] holds the certificate that issued cert_chain[i].

	59 // * cert_chain[N-1] must have been issued by a trusted root.

	60 //

	61 // trust_store:

	62 // Contains the set of public keys that are trusted as roots.

	63 //

	64 // signature_policy:

	65 // The policy to use when verifying signature (what hash algorithms are

	66 // allowed, what length keys, what named curves, etc).

	67 //

	68 // time:

	69 // The UTC time to use for expiration checks.

	70 //

	71 //

	72 // ---------

	73 // Outputs

	74 // ---------

	75 //

	76 // returns true if the target certificate can be verified.

	77 NET_EXPORT bool VerifyCertificateChain(const std::vector<der::Input>& certs_der,

	78 const TrustStore& trust_store,

	79 const SignaturePolicy* signature_policy,

	80 const der::GeneralizedTime time)

	81 WARN_UNUSED_RESULT;

	82

	83 } // namespace net

	84

	85 #endif // NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_

OLD	NEW

« no previous file with comments | « no previous file | net/cert/internal/verify_certificate_chain.cc » ('j') | no next file with comments »