| Index: net/cert/internal/verify_certificate_chain.h
|
| diff --git a/net/cert/internal/verify_certificate_chain.h b/net/cert/internal/verify_certificate_chain.h
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..e3d9815a4e92af478fc4fcd13c10c798d725175c
|
| --- /dev/null
|
| +++ b/net/cert/internal/verify_certificate_chain.h
|
| @@ -0,0 +1,86 @@
|
| +// Copyright 2015 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#ifndef NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_
|
| +#define NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_
|
| +
|
| +#include <stdint.h>
|
| +
|
| +#include "base/basictypes.h"
|
| +#include "base/compiler_specific.h"
|
| +#include "base/memory/scoped_ptr.h"
|
| +#include "net/base/net_export.h"
|
| +
|
| +namespace net {
|
| +
|
| +namespace der {
|
| +class Input;
|
| +struct GeneralizedTime;
|
| +}
|
| +
|
| +class SignaturePolicy;
|
| +
|
| +struct NET_EXPORT TrustedRoot {
|
| + ~TrustedRoot();
|
| +
|
| + // DER-encoded SubjectPublicKeyInfo for the trusted key.
|
| + std::string spki;
|
| +
|
| + // DER-encoded "Name" corresponding with this key.
|
| + std::string name;
|
| +};
|
| +
|
| +// A very simple implementation of a TrustStore, which contains mappings from a
|
| +// name to a correspoding public key for trusted roots.
|
| +struct NET_EXPORT TrustStore {
|
| + TrustStore();
|
| + ~TrustStore();
|
| +
|
| + std::vector<TrustedRoot> roots;
|
| +};
|
| +
|
| +// VerifyCertificateChain() verifies a certificate path (chain) based on the
|
| +// rules in RFC 5280.
|
| +//
|
| +// WARNING: This implementation is in progress, and is currently
|
| +// incomplete. DO NOT USE IT. You have been warned.
|
| +//
|
| +// ---------
|
| +// Inputs
|
| +// ---------
|
| +//
|
| +// cert_chain:
|
| +// A non-empty chain of N DER-encoded certificates, listed in the
|
| +// "forward" direction.
|
| +//
|
| +// * cert_chain[0] is the target certificate to verify.
|
| +// * cert_chain[i+1] holds the certificate that issued cert_chain[i].
|
| +// * cert_chain[N-1] must have been issued by a trusted root.
|
| +//
|
| +// trust_store:
|
| +// Contains the set of public keys (and their names) that are trusted as
|
| +// roots.
|
| +//
|
| +// signature_policy:
|
| +// The policy to use when verifying signature (what hash algorithms are
|
| +// allowed, what length keys, what named curves, etc).
|
| +//
|
| +// time:
|
| +// The UTC time to use for expiration checks.
|
| +//
|
| +// ---------
|
| +// Outputs
|
| +// ---------
|
| +//
|
| +// returns true if the target certificate can be verified and is an
|
| +// end-entity certificate.
|
| +NET_EXPORT bool VerifyCertificateChain(const std::vector<der::Input>& certs_der,
|
| + const TrustStore& trust_store,
|
| + const SignaturePolicy* signature_policy,
|
| + const der::GeneralizedTime& time)
|
| + WARN_UNUSED_RESULT;
|
| +
|
| +} // namespace net
|
| +
|
| +#endif // NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_
|
|
|
Chromium Code Reviews
Issue 1414923007:
Add initial code for verifying a certificate chain. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@test_driver