| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ | 5 #ifndef NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ |
| 6 #define NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ | 6 #define NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ |
| 7 | 7 |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
| (...skipping 23 matching lines...) Expand all Loading... |
| 34 // --------- | 34 // --------- |
| 35 // | 35 // |
| 36 // cert_chain: | 36 // cert_chain: |
| 37 // A non-empty chain of N DER-encoded certificates, listed in the | 37 // A non-empty chain of N DER-encoded certificates, listed in the |
| 38 // "forward" direction. | 38 // "forward" direction. |
| 39 // | 39 // |
| 40 // * cert_chain[0] is the target certificate to verify. | 40 // * cert_chain[0] is the target certificate to verify. |
| 41 // * cert_chain[i+1] holds the certificate that issued cert_chain[i]. | 41 // * cert_chain[i+1] holds the certificate that issued cert_chain[i]. |
| 42 // * cert_chain[N-1] must be the trust anchor. | 42 // * cert_chain[N-1] must be the trust anchor. |
| 43 // | 43 // |
| 44 // trust_store: | |
| 45 // Contains the set of trusted public keys (and their names). This is only | |
| 46 // used to DCHECK that the final cert is a trust anchor. | |
| 47 // | |
| 48 // signature_policy: | 44 // signature_policy: |
| 49 // The policy to use when verifying signatures (what hash algorithms are | 45 // The policy to use when verifying signatures (what hash algorithms are |
| 50 // allowed, what length keys, what named curves, etc). | 46 // allowed, what length keys, what named curves, etc). |
| 51 // | 47 // |
| 52 // time: | 48 // time: |
| 53 // The UTC time to use for expiration checks. | 49 // The UTC time to use for expiration checks. |
| 54 // | 50 // |
| 55 // --------- | 51 // --------- |
| 56 // Outputs | 52 // Outputs |
| 57 // --------- | 53 // --------- |
| 58 // | 54 // |
| 59 // Returns true if the target certificate can be verified. | 55 // Returns true if the target certificate can be verified. |
| 60 NET_EXPORT bool VerifyCertificateChainAssumingTrustedRoot( | 56 NET_EXPORT bool VerifyCertificateChainAssumingTrustedRoot( |
| 61 const ParsedCertificateList& certs, | 57 const ParsedCertificateList& certs, |
| 62 // The trust store is only used for assertions. | |
| 63 const TrustStore& trust_store, | |
| 64 const SignaturePolicy* signature_policy, | 58 const SignaturePolicy* signature_policy, |
| 65 const der::GeneralizedTime& time) WARN_UNUSED_RESULT; | 59 const der::GeneralizedTime& time) WARN_UNUSED_RESULT; |
| 66 | 60 |
| 67 } // namespace net | 61 } // namespace net |
| 68 | 62 |
| 69 #endif // NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ | 63 #endif // NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2126803004:
WIP: NSS trust store integration for path builder. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert-command-line-path-builder-add_certpathbuilder