OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_INTERNAL_PATH_BUILDER_H_ | 5 #ifndef NET_CERT_INTERNAL_PATH_BUILDER_H_ |
6 #define NET_CERT_INTERNAL_PATH_BUILDER_H_ | 6 #define NET_CERT_INTERNAL_PATH_BUILDER_H_ |
7 | 7 |
8 #include <memory> | 8 #include <memory> |
9 #include <string> | 9 #include <string> |
10 #include <vector> | 10 #include <vector> |
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
91 // TODO(mattm): allow caller specified hook/callback to extend path | 91 // TODO(mattm): allow caller specified hook/callback to extend path |
92 // verification. | 92 // verification. |
93 // | 93 // |
94 // Creates a CertPathBuilder that attempts to find a path from |cert| to a | 94 // Creates a CertPathBuilder that attempts to find a path from |cert| to a |
95 // trust anchor in |trust_store|, which satisfies |signature_policy| and is | 95 // trust anchor in |trust_store|, which satisfies |signature_policy| and is |
96 // valid at |time|. Details of attempted path(s) are stored in |*result|. | 96 // valid at |time|. Details of attempted path(s) are stored in |*result|. |
97 // | 97 // |
98 // The caller must keep |trust_store|, |signature_policy|, and |*result| valid | 98 // The caller must keep |trust_store|, |signature_policy|, and |*result| valid |
99 // for the lifetime of the CertPathBuilder. | 99 // for the lifetime of the CertPathBuilder. |
100 CertPathBuilder(scoped_refptr<ParsedCertificate> cert, | 100 CertPathBuilder(scoped_refptr<ParsedCertificate> cert, |
101 const TrustStore* trust_store, | |
102 const SignaturePolicy* signature_policy, | 101 const SignaturePolicy* signature_policy, |
103 const der::GeneralizedTime& time, | 102 const der::GeneralizedTime& time, |
104 Result* result); | 103 Result* result); |
105 ~CertPathBuilder(); | 104 ~CertPathBuilder(); |
106 | 105 |
| 106 // Adds a TrustStore to check if certificates are trust anchors during path |
| 107 // building. Multiple trust stores may be added. Should not be called after |
| 108 // Run is called. The |*trust_store| must remain valid for the lifetime of the |
| 109 // CertPathBuilder. |
| 110 // |
| 111 // (If no trust stores are added, verification will fail.) |
| 112 void AddTrustStore(TrustStore* trust_store); |
| 113 |
107 // Adds a CertIssuerSource to provide intermediates for use in path building. | 114 // Adds a CertIssuerSource to provide intermediates for use in path building. |
108 // Multiple sources may be added. Must not be called after Run is called. | 115 // Multiple sources may be added. Must not be called after Run is called. |
109 // The |*cert_issuer_source| must remain valid for the lifetime of the | 116 // The |*cert_issuer_source| must remain valid for the lifetime of the |
110 // CertPathBuilder. | 117 // CertPathBuilder. |
111 // | 118 // |
112 // (If no issuer sources are added, the target certificate will only verify if | 119 // (If no issuer sources are added, the target certificate will only verify if |
113 // it is a trust anchor or is directly signed by a trust anchor.) | 120 // it is a trust anchor.) |
114 void AddCertIssuerSource(CertIssuerSource* cert_issuer_source); | 121 void AddCertIssuerSource(CertIssuerSource* cert_issuer_source); |
115 | 122 |
116 // Begins verification of the target certificate. | 123 // Begins verification of the target certificate. |
117 // | 124 // |
118 // If the return value is SYNC then the verification is complete and the | 125 // If the return value is SYNC then the verification is complete and the |
119 // |result| value can be inspected for the status, and |callback| will not be | 126 // |result| value can be inspected for the status, and |callback| will not be |
120 // called. | 127 // called. |
121 // If the return value is ASYNC, the |callback| will be called asynchronously | 128 // If the return value is ASYNC, the |callback| will be called asynchronously |
122 // once the verification is complete. |result| should not be examined or | 129 // once the verification is complete. |result| should not be examined or |
123 // modified until the |callback| is run. | 130 // modified until the |callback| is run. |
(...skipping 19 matching lines...) Expand all Loading... |
143 | 150 |
144 CompletionStatus DoGetNextPath(bool allow_async); | 151 CompletionStatus DoGetNextPath(bool allow_async); |
145 void HandleGotNextPath(); | 152 void HandleGotNextPath(); |
146 CompletionStatus DoGetNextPathComplete(); | 153 CompletionStatus DoGetNextPathComplete(); |
147 | 154 |
148 void AddResultPath(const ParsedCertificateList& path, bool is_success); | 155 void AddResultPath(const ParsedCertificateList& path, bool is_success); |
149 | 156 |
150 base::Closure callback_; | 157 base::Closure callback_; |
151 | 158 |
152 std::unique_ptr<CertPathIter> cert_path_iter_; | 159 std::unique_ptr<CertPathIter> cert_path_iter_; |
153 const TrustStore* trust_store_; | |
154 const SignaturePolicy* signature_policy_; | 160 const SignaturePolicy* signature_policy_; |
155 const der::GeneralizedTime time_; | 161 const der::GeneralizedTime time_; |
156 | 162 |
157 // Stores the next complete path to attempt verification on. This is filled in | 163 // Stores the next complete path to attempt verification on. This is filled in |
158 // by |cert_path_iter_| during the STATE_GET_NEXT_PATH step, and thus should | 164 // by |cert_path_iter_| during the STATE_GET_NEXT_PATH step, and thus should |
159 // only be accessed during the STATE_GET_NEXT_PATH_COMPLETE step. | 165 // only be accessed during the STATE_GET_NEXT_PATH_COMPLETE step. |
160 // (Will be empty if all paths have been tried, otherwise will be a candidate | 166 // (Will be empty if all paths have been tried, otherwise will be a candidate |
161 // path starting with the target cert and ending with a trust anchor.) | 167 // path starting with the target cert and ending with a trust anchor.) |
162 ParsedCertificateList next_path_; | 168 ParsedCertificateList next_path_; |
163 State next_state_; | 169 State next_state_; |
164 | 170 |
165 Result* out_result_; | 171 Result* out_result_; |
166 | 172 |
167 DISALLOW_COPY_AND_ASSIGN(CertPathBuilder); | 173 DISALLOW_COPY_AND_ASSIGN(CertPathBuilder); |
168 }; | 174 }; |
169 | 175 |
170 } // namespace net | 176 } // namespace net |
171 | 177 |
172 #endif // NET_CERT_INTERNAL_PATH_BUILDER_H_ | 178 #endif // NET_CERT_INTERNAL_PATH_BUILDER_H_ |
OLD | NEW |