OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ | 5 #ifndef NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ |
6 #define NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ | 6 #define NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ |
7 | 7 |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
(...skipping 23 matching lines...) Expand all Loading... |
34 // --------- | 34 // --------- |
35 // | 35 // |
36 // cert_chain: | 36 // cert_chain: |
37 // A non-empty chain of N DER-encoded certificates, listed in the | 37 // A non-empty chain of N DER-encoded certificates, listed in the |
38 // "forward" direction. | 38 // "forward" direction. |
39 // | 39 // |
40 // * cert_chain[0] is the target certificate to verify. | 40 // * cert_chain[0] is the target certificate to verify. |
41 // * cert_chain[i+1] holds the certificate that issued cert_chain[i]. | 41 // * cert_chain[i+1] holds the certificate that issued cert_chain[i]. |
42 // * cert_chain[N-1] must be the trust anchor. | 42 // * cert_chain[N-1] must be the trust anchor. |
43 // | 43 // |
44 // trust_store: | |
45 // Contains the set of trusted public keys (and their names). This is only | |
46 // used to DCHECK that the final cert is a trust anchor. | |
47 // | |
48 // signature_policy: | 44 // signature_policy: |
49 // The policy to use when verifying signatures (what hash algorithms are | 45 // The policy to use when verifying signatures (what hash algorithms are |
50 // allowed, what length keys, what named curves, etc). | 46 // allowed, what length keys, what named curves, etc). |
51 // | 47 // |
52 // time: | 48 // time: |
53 // The UTC time to use for expiration checks. | 49 // The UTC time to use for expiration checks. |
54 // | 50 // |
55 // --------- | 51 // --------- |
56 // Outputs | 52 // Outputs |
57 // --------- | 53 // --------- |
58 // | 54 // |
59 // Returns true if the target certificate can be verified. | 55 // Returns true if the target certificate can be verified. |
60 NET_EXPORT bool VerifyCertificateChainAssumingTrustedRoot( | 56 NET_EXPORT bool VerifyCertificateChainAssumingTrustedRoot( |
61 const ParsedCertificateList& certs, | 57 const ParsedCertificateList& certs, |
62 // The trust store is only used for assertions. | |
63 const TrustStore& trust_store, | |
64 const SignaturePolicy* signature_policy, | 58 const SignaturePolicy* signature_policy, |
65 const der::GeneralizedTime& time) WARN_UNUSED_RESULT; | 59 const der::GeneralizedTime& time) WARN_UNUSED_RESULT; |
66 | 60 |
67 } // namespace net | 61 } // namespace net |
68 | 62 |
69 #endif // NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ | 63 #endif // NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ |
OLD | NEW |