| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ | 5 #ifndef NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ |
| 6 #define NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ | 6 #define NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <memory> | 10 #include <memory> |
| 11 #include <string> | 11 #include <string> |
| 12 #include <vector> | 12 #include <vector> |
| 13 | 13 |
| 14 #include "base/compiler_specific.h" | 14 #include "base/compiler_specific.h" |
| 15 #include "net/base/net_export.h" | 15 #include "net/base/net_export.h" |
| 16 #include "net/cert/internal/parse_certificate.h" | 16 #include "net/cert/internal/parse_certificate.h" |
| 17 #include "net/der/input.h" | 17 #include "net/der/input.h" |
| 18 | 18 |
| 19 namespace net { | 19 namespace net { |
| 20 | 20 |
| 21 namespace der { | 21 namespace der { |
| 22 struct GeneralizedTime; | 22 struct GeneralizedTime; |
| 23 } | 23 } |
| 24 | 24 |
| 25 struct ParseCertificateOptions; |
| 25 class SignaturePolicy; | 26 class SignaturePolicy; |
| 26 | 27 |
| 27 // Represents a trust anchor (i.e. a trusted root certificate). | 28 // Represents a trust anchor (i.e. a trusted root certificate). |
| 28 class NET_EXPORT TrustAnchor { | 29 class NET_EXPORT TrustAnchor { |
| 29 public: | 30 public: |
| 30 // The certificate data for this trust anchor may either be owned internally | 31 // The certificate data for this trust anchor may either be owned internally |
| 31 // (INTERNAL_COPY) or owned externally (EXTERNAL_REFERENCE). When it is | 32 // (INTERNAL_COPY) or owned externally (EXTERNAL_REFERENCE). When it is |
| 32 // owned internally the data is held by |cert_data_| | 33 // owned internally the data is held by |cert_data_| |
| 33 enum class DataSource { | 34 enum class DataSource { |
| 34 INTERNAL_COPY, | 35 INTERNAL_COPY, |
| 35 EXTERNAL_REFERENCE, | 36 EXTERNAL_REFERENCE, |
| 36 }; | 37 }; |
| 37 | 38 |
| 38 TrustAnchor(); | 39 TrustAnchor(); |
| 39 ~TrustAnchor(); | 40 ~TrustAnchor(); |
| 40 | 41 |
| 41 // Creates a TrustAnchor given a DER-encoded certificate. Returns nullptr on | 42 // Creates a TrustAnchor given a DER-encoded certificate. Returns nullptr on |
| 42 // failure. Failure will occur if the certificate data cannot be parsed to | 43 // failure. Failure will occur if the certificate data cannot be parsed to |
| 43 // find a subject. | 44 // find a subject. |
| 44 // | 45 // |
| 45 // The provided certificate data is either copied, or aliased, depending on | 46 // The provided certificate data is either copied, or aliased, depending on |
| 46 // the value of |source|. See the comments for DataSource for details. | 47 // the value of |source|. See the comments for DataSource for details. |
| 47 static std::unique_ptr<TrustAnchor> CreateFromCertificateData( | 48 static std::unique_ptr<TrustAnchor> CreateFromCertificateData( |
| 48 const uint8_t* data, | 49 const uint8_t* data, |
| 49 size_t length, | 50 size_t length, |
| 51 const ParseCertificateOptions& options, |
| 50 DataSource source); | 52 DataSource source); |
| 51 | 53 |
| 52 // Returns true if the trust anchor matches |name|. In other words, returns | 54 // Returns true if the trust anchor matches |name|. In other words, returns |
| 53 // true if the certificate's subject matches |name|. | 55 // true if the certificate's subject matches |name|. |
| 54 bool MatchesName(const der::Input& name) const; | 56 bool MatchesName(const der::Input& name) const; |
| 55 | 57 |
| 56 // Returns the DER-encoded certificate data for this trust anchor. | 58 // Returns the DER-encoded certificate data for this trust anchor. |
| 57 const der::Input& cert() const { return cert_; } | 59 const der::Input& cert() const { return cert_; } |
| 58 | 60 |
| 59 private: | 61 private: |
| (...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 144 // | 146 // |
| 145 // time: | 147 // time: |
| 146 // The UTC time to use for expiration checks. | 148 // The UTC time to use for expiration checks. |
| 147 // | 149 // |
| 148 // --------- | 150 // --------- |
| 149 // Outputs | 151 // Outputs |
| 150 // --------- | 152 // --------- |
| 151 // | 153 // |
| 152 // Returns true if the target certificate can be verified. | 154 // Returns true if the target certificate can be verified. |
| 153 NET_EXPORT bool VerifyCertificateChain(const std::vector<der::Input>& certs_der, | 155 NET_EXPORT bool VerifyCertificateChain(const std::vector<der::Input>& certs_der, |
| 156 const ParseCertificateOptions& options, |
| 154 const TrustStore& trust_store, | 157 const TrustStore& trust_store, |
| 155 const SignaturePolicy* signature_policy, | 158 const SignaturePolicy* signature_policy, |
| 156 const der::GeneralizedTime& time) | 159 const der::GeneralizedTime& time) |
| 157 WARN_UNUSED_RESULT; | 160 WARN_UNUSED_RESULT; |
| 158 | 161 |
| 159 } // namespace net | 162 } // namespace net |
| 160 | 163 |
| 161 #endif // NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ | 164 #endif // NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2093223002:
Allow Cast certificates to have serial numbers greater than 20 bytes, as well as non-minimal INTEGE… (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@2743