Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(52)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/cert_verifier.h

Issue 14915: Move certificate verification off the IO thread.... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 11 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/cert_status_flags.cc ('k') | net/base/cert_verifier.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2008 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_BASE_CERT_VERIFIER_H_ 5 #ifndef NET_BASE_CERT_VERIFIER_H_
6 #define NET_BASE_CERT_VERIFIER_H_ 6 #define NET_BASE_CERT_VERIFIER_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/basictypes.h" 10 #include "base/basictypes.h"
11 #include "base/ref_counted.h" 11 #include "base/ref_counted.h"
12 #include "net/base/completion_callback.h" 12 #include "net/base/completion_callback.h"
13 13
14 namespace net { 14 namespace net {
15 15
16 class CertVerifyResult;
16 class X509Certificate; 17 class X509Certificate;
17 18
18 // This class represents the task of verifying a certificate. It can only 19 // This class represents the task of verifying a certificate. It can only
19 // verify a single certificate at a time, so if you need to verify multiple 20 // verify a single certificate at a time, so if you need to verify multiple
20 // certificates at the same time, you will need to allocate a CertVerifier 21 // certificates at the same time, you will need to allocate a CertVerifier
21 // object for each certificate. 22 // object for each certificate.
22 // 23 //
23 // TODO(wtc): This class is based on HostResolver. We should create a base 24 // TODO(wtc): This class is based on HostResolver. We should create a base
24 // class for the common code between the two classes. 25 // class for the common code between the two classes.
25 // 26 //
26 class CertVerifier { 27 class CertVerifier {
27 public: 28 public:
28 CertVerifier(); 29 CertVerifier();
29 30
30 // If a completion callback is pending when the verifier is destroyed, the 31 // If a completion callback is pending when the verifier is destroyed, the
31 // certificate verification is cancelled, and the completion callback will 32 // certificate verification is cancelled, and the completion callback will
32 // not be called. 33 // not be called.
33 ~CertVerifier(); 34 ~CertVerifier();
34 35
35 // Verifies the given certificate against the given hostname. Returns OK if 36 // Verifies the given certificate against the given hostname. Returns OK if
36 // successful or an error code upon failure. 37 // successful or an error code upon failure.
37 // 38 //
38 // The |cert_status| bitmask is always filled out regardless of the return 39 // The |*verify_result| structure, including the |verify_result->cert_status|
39 // value. If the certificate has multiple errors, the corresponding status 40 // bitmask, is always filled out regardless of the return value. If the
40 // flags are set in |cert_status|, and the error code for the most serious 41 // certificate has multiple errors, the corresponding status flags are set in
42 // |verify_result->cert_status|, and the error code for the most serious
41 // error is returned. 43 // error is returned.
42 // 44 //
43 // If |rev_checking_enabled| is true, certificate revocation checking is 45 // If |rev_checking_enabled| is true, certificate revocation checking is
44 // performed. 46 // performed.
45 // 47 //
46 // When callback is null, the operation completes synchronously. 48 // When callback is null, the operation completes synchronously.
47 // 49 //
48 // When callback is non-null, ERR_IO_PENDING is returned if the operation 50 // When callback is non-null, ERR_IO_PENDING is returned if the operation
49 // could not be completed synchronously, in which case the result code will 51 // could not be completed synchronously, in which case the result code will
50 // be passed to the callback when available. 52 // be passed to the callback when available.
51 // 53 //
52 int Verify(X509Certificate* cert, const std::string& hostname, 54 int Verify(X509Certificate* cert, const std::string& hostname,
53 bool rev_checking_enabled, int* cert_status, 55 bool rev_checking_enabled, CertVerifyResult* verify_result,
54 CompletionCallback* callback); 56 CompletionCallback* callback);
55 57
56 private: 58 private:
57 class Request; 59 class Request;
58 friend class Request; 60 friend class Request;
59 scoped_refptr<Request> request_; 61 scoped_refptr<Request> request_;
60 DISALLOW_COPY_AND_ASSIGN(CertVerifier); 62 DISALLOW_COPY_AND_ASSIGN(CertVerifier);
61 }; 63 };
62 64
63 } // namespace net 65 } // namespace net
64 66
65 #endif // NET_BASE_CERT_VERIFIER_H_ 67 #endif // NET_BASE_CERT_VERIFIER_H_
OLDNEW
« no previous file with comments | « net/base/cert_status_flags.cc ('k') | net/base/cert_verifier.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698