Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(162)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/parse_ocsp.h

Issue 2100303002: Add OCSPVerifyResult for tracking stapled OCSP responses cross-platform. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@ocsp-date-check
Patch Set: Remaining nits. Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/cert_verify_result.cc ('k') | net/cert/internal/parse_ocsp.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_CERT_INTERNAL_PARSE_OCSP_H_ 5 #ifndef NET_CERT_INTERNAL_PARSE_OCSP_H_
6 #define NET_CERT_INTERNAL_PARSE_OCSP_H_ 6 #define NET_CERT_INTERNAL_PARSE_OCSP_H_
7 7
8 #include <memory> 8 #include <memory>
9 #include <string> 9 #include <string>
10 #include <vector> 10 #include <vector>
11 11
12 #include "net/base/hash_value.h" 12 #include "net/base/hash_value.h"
13 #include "net/cert/internal/parse_certificate.h" 13 #include "net/cert/internal/parse_certificate.h"
14 #include "net/cert/internal/signature_algorithm.h" 14 #include "net/cert/internal/signature_algorithm.h"
15 #include "net/cert/ocsp_revocation_status.h"
15 #include "net/der/input.h" 16 #include "net/der/input.h"
16 #include "net/der/parse_values.h" 17 #include "net/der/parse_values.h"
17 #include "net/der/parser.h" 18 #include "net/der/parser.h"
18 #include "net/der/tag.h" 19 #include "net/der/tag.h"
19 20
20 namespace base { 21 namespace base {
21 class Time; 22 class Time;
22 class TimeDelta; 23 class TimeDelta;
23 } 24 }
24 25
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after
68 // superseded (4), 69 // superseded (4),
69 // cessationOfOperation (5), 70 // cessationOfOperation (5),
70 // certificateHold (6), 71 // certificateHold (6),
71 // -- value 7 is not used 72 // -- value 7 is not used
72 // removeFromCRL (8), 73 // removeFromCRL (8),
73 // privilegeWithdrawn (9), 74 // privilegeWithdrawn (9),
74 // aACompromise (10) 75 // aACompromise (10)
75 // } 76 // }
76 // (from RFC 5280) 77 // (from RFC 5280)
77 struct OCSPCertStatus { 78 struct OCSPCertStatus {
78 enum class Status {
79 GOOD,
80 REVOKED,
81 UNKNOWN,
82 };
83 79
84 // Correspond to the values of CRLReason 80 // Correspond to the values of CRLReason
85 enum class RevocationReason { 81 enum class RevocationReason {
86 UNSPECIFIED = 0, 82 UNSPECIFIED = 0,
87 KEY_COMPROMISE = 1, 83 KEY_COMPROMISE = 1,
88 CA_COMPROMISE = 2, 84 CA_COMPROMISE = 2,
89 AFFILIATION_CHANGED = 3, 85 AFFILIATION_CHANGED = 3,
90 SUPERSEDED = 4, 86 SUPERSEDED = 4,
91 CESSATION_OF_OPERATION = 5, 87 CESSATION_OF_OPERATION = 5,
92 CERTIFICATE_HOLD = 6, 88 CERTIFICATE_HOLD = 6,
93 UNUSED = 7, 89 UNUSED = 7,
94 REMOVE_FROM_CRL = 8, 90 REMOVE_FROM_CRL = 8,
95 PRIVILEGE_WITHDRAWN = 9, 91 PRIVILEGE_WITHDRAWN = 9,
96 AA_COMPROMISE = 10, 92 AA_COMPROMISE = 10,
97 93
98 LAST = AA_COMPROMISE, 94 LAST = AA_COMPROMISE,
99 }; 95 };
100 96
101 Status status; 97 OCSPRevocationStatus status;
102 der::GeneralizedTime revocation_time; 98 der::GeneralizedTime revocation_time;
103 bool has_reason; 99 bool has_reason;
104 RevocationReason revocation_reason; 100 RevocationReason revocation_reason;
105 }; 101 };
106 102
107 // OCSPSingleResponse contains a representation of a DER-encoded RFC 6960 103 // OCSPSingleResponse contains a representation of a DER-encoded RFC 6960
108 // "SingleResponse". The |cert_id_tlv| and |extensions| fields are pointers to 104 // "SingleResponse". The |cert_id_tlv| and |extensions| fields are pointers to
109 // the original object and are only valid as long as it is alive. They also 105 // the original object and are only valid as long as it is alive. They also
110 // aren't verified until they are parsed. |next_update| is only valid if 106 // aren't verified until they are parsed. |next_update| is only valid if
111 // |has_next_update| is true and |extensions| is only valid if |has_extensions| 107 // |has_next_update| is true and |extensions| is only valid if |has_extensions|
(...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after
288 // |max_age|. Expressed differently, returns true if |response.thisUpdate| <= 284 // |max_age|. Expressed differently, returns true if |response.thisUpdate| <=
289 // |verify_time| < response.nextUpdate, and |response.thisUpdate| >= 285 // |verify_time| < response.nextUpdate, and |response.thisUpdate| >=
290 // |verify_time| - |max_age|. 286 // |verify_time| - |max_age|.
291 NET_EXPORT_PRIVATE bool CheckOCSPDateValid(const OCSPSingleResponse& response, 287 NET_EXPORT_PRIVATE bool CheckOCSPDateValid(const OCSPSingleResponse& response,
292 const base::Time& verify_time, 288 const base::Time& verify_time,
293 const base::TimeDelta& max_age); 289 const base::TimeDelta& max_age);
294 290
295 } // namespace net 291 } // namespace net
296 292
297 #endif // NET_CERT_INTERNAL_PARSE_OCSP_H_ 293 #endif // NET_CERT_INTERNAL_PARSE_OCSP_H_
OLDNEW
« no previous file with comments | « net/cert/cert_verify_result.cc ('k') | net/cert/internal/parse_ocsp.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698