| Index: net/cert/internal/verify_certificate_chain.h
|
| diff --git a/net/cert/internal/verify_certificate_chain.h b/net/cert/internal/verify_certificate_chain.h
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..a0eebe8e4985cd598ade3c66cd2d94ce08bdf0c4
|
| --- /dev/null
|
| +++ b/net/cert/internal/verify_certificate_chain.h
|
| @@ -0,0 +1,85 @@
|
| +// Copyright 2015 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#ifndef NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_
|
| +#define NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_
|
| +
|
| +#include <stdint.h>
|
| +
|
| +#include "base/basictypes.h"
|
| +#include "base/compiler_specific.h"
|
| +#include "base/memory/scoped_ptr.h"
|
| +#include "net/base/net_export.h"
|
| +
|
| +namespace net {
|
| +
|
| +namespace der {
|
| +class Input;
|
| +struct GeneralizedTime;
|
| +}
|
| +
|
| +class SignaturePolicy;
|
| +
|
| +struct NET_EXPORT TrustedRoot {
|
| + ~TrustedRoot();
|
| +
|
| + // DER-encoded SubjectPublicKeyInfo for the trusted key.
|
| + std::string spki;
|
| +
|
| + // DER-encoded "Name" corresponding with this key.
|
| + std::string name;
|
| +};
|
| +
|
| +// A very simple implementation of a TrustStore, which contains mappings from a
|
| +// name to a correspoding public key for trusted roots.
|
| +struct NET_EXPORT TrustStore {
|
| + TrustStore();
|
| + ~TrustStore();
|
| +
|
| + std::vector<TrustedRoot> roots;
|
| +};
|
| +
|
| +// VerifyCertificateChain() verifies a certificate path based on the rules in
|
| +// RFC 5280.
|
| +//
|
| +// WARNING: This implementation is in progress, and is currently
|
| +// incomplete. It is not intended for general consumption yet.
|
| +//
|
| +// ---------
|
| +// Inputs
|
| +// ---------
|
| +//
|
| +// cert_chain:
|
| +// A non-empty chain of N DER-encoded certificates, listed in the
|
| +// "forward" direction.
|
| +//
|
| +// * cert_chain[0] is the target certificate to verify.
|
| +// * cert_chain[i+1] holds the certificate that issued cert_chain[i].
|
| +// * cert_chain[N-1] must have been issued by a trusted root.
|
| +//
|
| +// trust_store:
|
| +// Contains the set of public keys that are trusted as roots.
|
| +//
|
| +// signature_policy:
|
| +// The policy to use when verifying signature (what hash algorithms are
|
| +// allowed, what length keys, what named curves, etc).
|
| +//
|
| +// time:
|
| +// The UTC time to use for expiration checks.
|
| +//
|
| +//
|
| +// ---------
|
| +// Outputs
|
| +// ---------
|
| +//
|
| +// returns true if the target certificate can be verified.
|
| +NET_EXPORT bool VerifyCertificateChain(const std::vector<der::Input>& certs_der,
|
| + const TrustStore& trust_store,
|
| + const SignaturePolicy* signature_policy,
|
| + const der::GeneralizedTime time)
|
| + WARN_UNUSED_RESULT;
|
| +
|
| +} // namespace net
|
| +
|
| +#endif // NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_
|
|
|
Chromium Code Reviews
Issue 1410713005:
NOT FOR REVIEW.... (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@extension_parsing