OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_INTERNAL_PATH_BUILDER_H_ | 5 #ifndef NET_CERT_INTERNAL_PATH_BUILDER_H_ |
6 #define NET_CERT_INTERNAL_PATH_BUILDER_H_ | 6 #define NET_CERT_INTERNAL_PATH_BUILDER_H_ |
7 | 7 |
8 #include <memory> | 8 #include <memory> |
9 #include <string> | 9 #include <string> |
10 #include <vector> | 10 #include <vector> |
(...skipping 29 matching lines...) Expand all Loading... |
40 ~CertPath(); | 40 ~CertPath(); |
41 | 41 |
42 scoped_refptr<TrustAnchor> trust_anchor; | 42 scoped_refptr<TrustAnchor> trust_anchor; |
43 | 43 |
44 // Path in the forward direction (path[0] is the target cert). | 44 // Path in the forward direction (path[0] is the target cert). |
45 ParsedCertificateList certs; | 45 ParsedCertificateList certs; |
46 | 46 |
47 // Resets the path to empty path (same as if default constructed). | 47 // Resets the path to empty path (same as if default constructed). |
48 void Clear(); | 48 void Clear(); |
49 | 49 |
50 // Returns true if the path is empty. | 50 // TODO(eroman): Can we remove this? Unclear on how this relates to validity. |
51 bool IsEmpty() const; | 51 bool IsEmpty() const; |
52 }; | 52 }; |
53 | 53 |
54 // Checks whether a certificate is trusted by building candidate paths to trust | 54 // Checks whether a certificate is trusted by building candidate paths to trust |
55 // anchors and verifying those paths according to RFC 5280. Each instance of | 55 // anchors and verifying those paths according to RFC 5280. Each instance of |
56 // CertPathBuilder is used for a single verification. | 56 // CertPathBuilder is used for a single verification. |
57 // | 57 // |
58 // WARNING: This implementation is currently experimental. Consult an OWNER | 58 // WARNING: This implementation is currently experimental. Consult an OWNER |
59 // before using it. | 59 // before using it. |
60 class NET_EXPORT CertPathBuilder { | 60 class NET_EXPORT CertPathBuilder { |
61 public: | 61 public: |
62 // Represents a single candidate path that was built. | 62 // Represents a single candidate path that was built. |
63 struct NET_EXPORT ResultPath { | 63 struct NET_EXPORT ResultPath { |
64 ResultPath(); | 64 ResultPath(); |
65 ~ResultPath(); | 65 ~ResultPath(); |
66 | 66 |
| 67 // Returns true if the candidate path is valid, false otherwise. |
| 68 bool IsValid() const; |
| 69 |
67 // The (possibly partial) certificate path. Consumers must always test | 70 // The (possibly partial) certificate path. Consumers must always test |
68 // |valid| before using |path|. When |!valid| path.trust_anchor may be | 71 // |errors.IsValid()| before using |path|. When invalid, |
69 // nullptr, and the path may be otherwise incomplete/invalid. | 72 // |path.trust_anchor| may be null, and the path may be incomplete. |
70 CertPath path; | 73 CertPath path; |
71 | 74 |
72 // The errors/warnings from this path. Note that the list of errors is | 75 // The errors/warnings from this path. Use |IsValid()| to determine if the |
73 // independent of whether the path was |valid| (a valid path may | 76 // path is valid. |
74 // contain errors/warnings, and vice versa an invalid path may not have | 77 CertPathErrors errors; |
75 // logged any errors). | |
76 CertErrors errors; | |
77 | |
78 // True if |path| is a correct verified certificate chain. | |
79 bool valid = false; | |
80 }; | 78 }; |
81 | 79 |
82 // Provides the overall result of path building. This includes the paths that | 80 // Provides the overall result of path building. This includes the paths that |
83 // were attempted. | 81 // were attempted. |
84 struct NET_EXPORT Result { | 82 struct NET_EXPORT Result { |
85 Result(); | 83 Result(); |
86 ~Result(); | 84 ~Result(); |
87 | 85 |
88 // Returns true if there was a valid path. | 86 // Returns true if there was a valid path. |
89 bool HasValidPath() const; | 87 bool HasValidPath() const; |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
165 State next_state_; | 163 State next_state_; |
166 | 164 |
167 Result* out_result_; | 165 Result* out_result_; |
168 | 166 |
169 DISALLOW_COPY_AND_ASSIGN(CertPathBuilder); | 167 DISALLOW_COPY_AND_ASSIGN(CertPathBuilder); |
170 }; | 168 }; |
171 | 169 |
172 } // namespace net | 170 } // namespace net |
173 | 171 |
174 #endif // NET_CERT_INTERNAL_PATH_BUILDER_H_ | 172 #endif // NET_CERT_INTERNAL_PATH_BUILDER_H_ |
OLD | NEW |