OLD | NEW |
(Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef NET_CERT_INTERNAL_PATH_BUILDER_H_ |
| 6 #define NET_CERT_INTERNAL_PATH_BUILDER_H_ |
| 7 |
| 8 #include <memory> |
| 9 #include <string> |
| 10 #include <vector> |
| 11 |
| 12 #include "base/callback.h" |
| 13 #include "net/base/completion_callback.h" |
| 14 #include "net/base/net_errors.h" |
| 15 #include "net/base/net_export.h" |
| 16 #include "net/cert/internal/completion_status.h" |
| 17 #include "net/cert/internal/parsed_certificate.h" |
| 18 #include "net/der/input.h" |
| 19 #include "net/der/parse_values.h" |
| 20 |
| 21 namespace net { |
| 22 |
| 23 namespace der { |
| 24 struct GeneralizedTime; |
| 25 } |
| 26 |
| 27 class CertPathIter; |
| 28 class CertIssuerSource; |
| 29 class TrustStore; |
| 30 class SignaturePolicy; |
| 31 |
| 32 // Checks whether a certificate is trusted by building candidate paths to trust |
| 33 // anchors and verifying those paths according to RFC 5280. Each instance of |
| 34 // CertPathBuilder is used for a single verification. |
| 35 // |
| 36 // WARNING: This implementation is currently experimental. Consult an OWNER |
| 37 // before using it. |
| 38 class NET_EXPORT CertPathBuilder { |
| 39 public: |
| 40 // Represents a single candidate path that was built. |
| 41 struct NET_EXPORT ResultPath { |
| 42 ResultPath(); |
| 43 ~ResultPath(); |
| 44 |
| 45 // Returns true if this path was successfully verified. |
| 46 bool is_success() const { return error == OK; } |
| 47 |
| 48 // The candidate path, in forward direction. |
| 49 // * path[0] is the target certificate. |
| 50 // * path[i+1] is a candidate issuer of path[i]. The subject matches |
| 51 // path[i]'s issuer, but nothing else is guaranteed unless is_success() is |
| 52 // true. |
| 53 // * path[N-1] will be a trust anchor if is_success() is true, otherwise |
| 54 // it may or may not be a trust anchor. |
| 55 ParsedCertificateList path; |
| 56 |
| 57 // A net error code result of attempting to verify this path. |
| 58 // TODO(mattm): may want to have an independent result enum, which caller |
| 59 // can map to a net error if they want. |
| 60 int error = ERR_UNEXPECTED; |
| 61 }; |
| 62 |
| 63 // Provides the overall result of path building. This includes the paths that |
| 64 // were attempted. |
| 65 struct NET_EXPORT Result { |
| 66 Result(); |
| 67 ~Result(); |
| 68 |
| 69 // Returns true if there was a valid path. |
| 70 bool is_success() const { return error() == OK; } |
| 71 |
| 72 // Returns the net error code of the overall best result. |
| 73 int error() const { |
| 74 if (paths.empty()) |
| 75 return ERR_CERT_AUTHORITY_INVALID; |
| 76 return paths[best_result_index]->error; |
| 77 } |
| 78 |
| 79 // List of paths that were attempted and the result for each. |
| 80 std::vector<std::unique_ptr<ResultPath>> paths; |
| 81 |
| 82 // Index into |paths|. Before use, |paths.empty()| must be checked. |
| 83 // NOTE: currently the definition of "best" is fairly limited. Successful is |
| 84 // better than unsuccessful, but otherwise nothing is guaranteed. |
| 85 size_t best_result_index = 0; |
| 86 |
| 87 private: |
| 88 DISALLOW_COPY_AND_ASSIGN(Result); |
| 89 }; |
| 90 |
| 91 // TODO(mattm): allow caller specified hook/callback to extend path |
| 92 // verification. |
| 93 // |
| 94 // Creates a CertPathBuilder that attempts to find a path from |cert| to a |
| 95 // trust anchor in |trust_store|, which satisfies |signature_policy| and is |
| 96 // valid at |time|. Details of attempted path(s) are stored in |*result|. |
| 97 // |
| 98 // The caller must keep |trust_store|, |signature_policy|, and |*result| valid |
| 99 // for the lifetime of the CertPathBuilder. |
| 100 CertPathBuilder(scoped_refptr<ParsedCertificate> cert, |
| 101 const TrustStore* trust_store, |
| 102 const SignaturePolicy* signature_policy, |
| 103 const der::GeneralizedTime& time, |
| 104 Result* result); |
| 105 ~CertPathBuilder(); |
| 106 |
| 107 // Adds a CertIssuerSource to provide intermediates for use in path building. |
| 108 // Multiple sources may be added. Must not be called after Run is called. |
| 109 // The |*cert_issuer_source| must remain valid for the lifetime of the |
| 110 // CertPathBuilder. |
| 111 // |
| 112 // (If no issuer sources are added, the target certificate will only verify if |
| 113 // it is a trust anchor or is directly signed by a trust anchor.) |
| 114 void AddCertIssuerSource(CertIssuerSource* cert_issuer_source); |
| 115 |
| 116 // Begins verification of the target certificate. |
| 117 // |
| 118 // If the return value is SYNC then the verification is complete and the |
| 119 // |result| value can be inspected for the status, and |callback| will not be |
| 120 // called. |
| 121 // If the return value is ASYNC, the |callback| will be called asynchronously |
| 122 // once the verification is complete. |result| should not be examined or |
| 123 // modified until the |callback| is run. |
| 124 // |
| 125 // If |callback| is null, verification always completes synchronously, even if |
| 126 // it fails to find a valid path and one could have been found asynchronously. |
| 127 // |
| 128 // The CertPathBuilder may be deleted while an ASYNC verification is pending, |
| 129 // in which case the verification is cancelled, |callback| will not be called, |
| 130 // and the output Result will be in an undefined state. |
| 131 // It is safe to delete the CertPathBuilder during the |callback|. |
| 132 // Run must not be called more than once on each CertPathBuilder instance. |
| 133 CompletionStatus Run(const base::Closure& callback); |
| 134 |
| 135 private: |
| 136 enum State { |
| 137 STATE_NONE, |
| 138 STATE_GET_NEXT_PATH, |
| 139 STATE_GET_NEXT_PATH_COMPLETE, |
| 140 }; |
| 141 |
| 142 CompletionStatus DoLoop(bool allow_async); |
| 143 |
| 144 CompletionStatus DoGetNextPath(bool allow_async); |
| 145 void HandleGotNextPath(); |
| 146 CompletionStatus DoGetNextPathComplete(); |
| 147 |
| 148 void AddResultPath(const ParsedCertificateList& path, bool is_success); |
| 149 |
| 150 base::Closure callback_; |
| 151 |
| 152 std::unique_ptr<CertPathIter> cert_path_iter_; |
| 153 const TrustStore* trust_store_; |
| 154 const SignaturePolicy* signature_policy_; |
| 155 const der::GeneralizedTime time_; |
| 156 |
| 157 // Stores the next complete path to attempt verification on. This is filled in |
| 158 // by |cert_path_iter_| during the STATE_GET_NEXT_PATH step, and thus should |
| 159 // only be accessed during the STATE_GET_NEXT_PATH_COMPLETE step. |
| 160 // (Will be empty if all paths have been tried, otherwise will be a candidate |
| 161 // path starting with the target cert and ending with a trust anchor.) |
| 162 ParsedCertificateList next_path_; |
| 163 State next_state_; |
| 164 |
| 165 Result* out_result_; |
| 166 |
| 167 DISALLOW_COPY_AND_ASSIGN(CertPathBuilder); |
| 168 }; |
| 169 |
| 170 } // namespace net |
| 171 |
| 172 #endif // NET_CERT_INTERNAL_PATH_BUILDER_H_ |
OLD | NEW |