| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ |
| 6 #define NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ |
| 7 |
| 8 #include <stdint.h> |
| 9 |
| 10 #include "base/basictypes.h" |
| 11 #include "base/compiler_specific.h" |
| 12 #include "base/memory/scoped_ptr.h" |
| 13 #include "net/base/net_export.h" |
| 14 |
| 15 namespace net { |
| 16 |
| 17 namespace der { |
| 18 class Input; |
| 19 struct GeneralizedTime; |
| 20 } |
| 21 |
| 22 class SignaturePolicy; |
| 23 |
| 24 struct NET_EXPORT TrustedRoot { |
| 25 ~TrustedRoot(); |
| 26 |
| 27 // DER-encoded SubjectPublicKeyInfo for the trusted key. |
| 28 std::string spki; |
| 29 |
| 30 // DER-encoded "Name" corresponding with this key. |
| 31 std::string name; |
| 32 }; |
| 33 |
| 34 // A very simple implementation of a TrustStore, which contains mappings from a |
| 35 // name to a correspoding public key for trusted roots. |
| 36 struct NET_EXPORT TrustStore { |
| 37 TrustStore(); |
| 38 ~TrustStore(); |
| 39 |
| 40 std::vector<TrustedRoot> roots; |
| 41 }; |
| 42 |
| 43 // VerifyCertificateChain() verifies a certificate path (chain) based on the |
| 44 // rules in RFC 5280. |
| 45 // |
| 46 // WARNING: This implementation is in progress, and is currently |
| 47 // incomplete. DO NOT USE IT. You have been warned. |
| 48 // |
| 49 // --------- |
| 50 // Inputs |
| 51 // --------- |
| 52 // |
| 53 // cert_chain: |
| 54 // A non-empty chain of N DER-encoded certificates, listed in the |
| 55 // "forward" direction. |
| 56 // |
| 57 // * cert_chain[0] is the target certificate to verify. |
| 58 // * cert_chain[i+1] holds the certificate that issued cert_chain[i]. |
| 59 // * cert_chain[N-1] must have been issued by a trusted root. |
| 60 // |
| 61 // trust_store: |
| 62 // Contains the set of public keys (and their names) that are trusted as |
| 63 // roots. |
| 64 // |
| 65 // signature_policy: |
| 66 // The policy to use when verifying signature (what hash algorithms are |
| 67 // allowed, what length keys, what named curves, etc). |
| 68 // |
| 69 // time: |
| 70 // The UTC time to use for expiration checks. |
| 71 // |
| 72 // --------- |
| 73 // Outputs |
| 74 // --------- |
| 75 // |
| 76 // returns true if the target certificate can be verified and is an |
| 77 // end-entity certificate. |
| 78 NET_EXPORT bool VerifyCertificateChain(const std::vector<der::Input>& certs_der, |
| 79 const TrustStore& trust_store, |
| 80 const SignaturePolicy* signature_policy, |
| 81 const der::GeneralizedTime& time) |
| 82 WARN_UNUSED_RESULT; |
| 83 |
| 84 } // namespace net |
| 85 |
| 86 #endif // NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1414923007:
Add initial code for verifying a certificate chain. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@test_driver