Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(640)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/parse_ocsp.h

Issue 2100303002: Add OCSPVerifyResult for tracking stapled OCSP responses cross-platform. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@ocsp-date-check
Patch Set: Extract OCSPCertStatus::Status from internal Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/cert_verify_proc.cc ('K') | « net/cert/cert_verify_result.cc ('k') | net/cert/internal/parse_ocsp.cc » ('j') | net/test/spawned_test_server/base_test_server.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_CERT_INTERNAL_PARSE_OCSP_H_ 5 #ifndef NET_CERT_INTERNAL_PARSE_OCSP_H_
6 #define NET_CERT_INTERNAL_PARSE_OCSP_H_ 6 #define NET_CERT_INTERNAL_PARSE_OCSP_H_
7 7
8 #include <memory> 8 #include <memory>
9 #include <string> 9 #include <string>
10 #include <vector> 10 #include <vector>
11 11
12 #include "net/base/hash_value.h" 12 #include "net/base/hash_value.h"
13 #include "net/cert/internal/parse_certificate.h" 13 #include "net/cert/internal/parse_certificate.h"
14 #include "net/cert/internal/signature_algorithm.h" 14 #include "net/cert/internal/signature_algorithm.h"
15 #include "net/cert/ocsp_revocation_status.h"
15 #include "net/der/input.h" 16 #include "net/der/input.h"
16 #include "net/der/parse_values.h" 17 #include "net/der/parse_values.h"
17 #include "net/der/parser.h" 18 #include "net/der/parser.h"
18 #include "net/der/tag.h" 19 #include "net/der/tag.h"
19 20
20 namespace base { 21 namespace base {
21 class Time; 22 class Time;
22 } 23 }
23 24
24 namespace net { 25 namespace net {
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
67 // superseded (4), 68 // superseded (4),
68 // cessationOfOperation (5), 69 // cessationOfOperation (5),
69 // certificateHold (6), 70 // certificateHold (6),
70 // -- value 7 is not used 71 // -- value 7 is not used
71 // removeFromCRL (8), 72 // removeFromCRL (8),
72 // privilegeWithdrawn (9), 73 // privilegeWithdrawn (9),
73 // aACompromise (10) 74 // aACompromise (10)
74 // } 75 // }
75 // (from RFC 5280) 76 // (from RFC 5280)
76 struct OCSPCertStatus { 77 struct OCSPCertStatus {
77 enum class Status {
78 GOOD,
79 REVOKED,
80 UNKNOWN,
81 };
82 78
83 // Correspond to the values of CRLReason 79 // Correspond to the values of CRLReason
84 enum class RevocationReason { 80 enum class RevocationReason {
85 UNSPECIFIED = 0, 81 UNSPECIFIED = 0,
86 KEY_COMPROMISE = 1, 82 KEY_COMPROMISE = 1,
87 CA_COMPROMISE = 2, 83 CA_COMPROMISE = 2,
88 AFFILIATION_CHANGED = 3, 84 AFFILIATION_CHANGED = 3,
89 SUPERSEDED = 4, 85 SUPERSEDED = 4,
90 CESSATION_OF_OPERATION = 5, 86 CESSATION_OF_OPERATION = 5,
91 CERTIFICATE_HOLD = 6, 87 CERTIFICATE_HOLD = 6,
92 UNUSED = 7, 88 UNUSED = 7,
93 REMOVE_FROM_CRL = 8, 89 REMOVE_FROM_CRL = 8,
94 PRIVILEGE_WITHDRAWN = 9, 90 PRIVILEGE_WITHDRAWN = 9,
95 AA_COMPROMISE = 10, 91 AA_COMPROMISE = 10,
96 92
97 LAST = AA_COMPROMISE, 93 LAST = AA_COMPROMISE,
98 }; 94 };
99 95
100 Status status; 96 OCSPRevocationStatus status;
101 der::GeneralizedTime revocation_time; 97 der::GeneralizedTime revocation_time;
102 bool has_reason; 98 bool has_reason;
103 RevocationReason revocation_reason; 99 RevocationReason revocation_reason;
104 }; 100 };
105 101
106 // OCSPSingleResponse contains a representation of a DER-encoded RFC 6960 102 // OCSPSingleResponse contains a representation of a DER-encoded RFC 6960
107 // "SingleResponse". The |cert_id_tlv| and |extensions| fields are pointers to 103 // "SingleResponse". The |cert_id_tlv| and |extensions| fields are pointers to
108 // the original object and are only valid as long as it is alive. They also 104 // the original object and are only valid as long as it is alive. They also
109 // aren't verified until they are parsed. |next_update| is only valid if 105 // aren't verified until they are parsed. |next_update| is only valid if
110 // |has_next_update| is true and |extensions| is only valid if |has_extensions| 106 // |has_next_update| is true and |extensions| is only valid if |has_extensions|
(...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after
287 // |max_age|. Expressed differently, returns true if |response.thisUpdate| <= 283 // |max_age|. Expressed differently, returns true if |response.thisUpdate| <=
288 // |verify_time| < response.nextUpdate, and |response.thisUpdate| >= 284 // |verify_time| < response.nextUpdate, and |response.thisUpdate| >=
289 // |verify_time| - |max_age|. 285 // |verify_time| - |max_age|.
290 NET_EXPORT_PRIVATE bool CheckOCSPDateValid(const OCSPSingleResponse& response, 286 NET_EXPORT_PRIVATE bool CheckOCSPDateValid(const OCSPSingleResponse& response,
291 const base::Time& verify_time, 287 const base::Time& verify_time,
292 const base::TimeDelta& max_age); 288 const base::TimeDelta& max_age);
293 289
294 } // namespace net 290 } // namespace net
295 291
296 #endif // NET_CERT_INTERNAL_PARSE_OCSP_H_ 292 #endif // NET_CERT_INTERNAL_PARSE_OCSP_H_
OLDNEW
« net/cert/cert_verify_proc.cc ('K') | « net/cert/cert_verify_result.cc ('k') | net/cert/internal/parse_ocsp.cc » ('j') | net/test/spawned_test_server/base_test_server.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698