| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_INTERNAL_PATH_BUILDER_H_ | 5 #ifndef NET_CERT_INTERNAL_PATH_BUILDER_H_ |
| 6 #define NET_CERT_INTERNAL_PATH_BUILDER_H_ | 6 #define NET_CERT_INTERNAL_PATH_BUILDER_H_ |
| 7 | 7 |
| 8 #include <memory> | 8 #include <memory> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <vector> | 10 #include <vector> |
| 11 | 11 |
| 12 #include "net/base/net_export.h" | 12 #include "net/base/net_export.h" |
| 13 #include "net/cert/internal/cert_errors.h" | 13 #include "net/cert/internal/cert_errors.h" |
| 14 #include "net/cert/internal/parsed_certificate.h" | 14 #include "net/cert/internal/parsed_certificate.h" |
| 15 #include "net/cert/internal/trust_store.h" | 15 #include "net/cert/internal/trust_store.h" |
| 16 #include "net/cert/internal/verify_certificate_chain.h" |
| 16 #include "net/der/input.h" | 17 #include "net/der/input.h" |
| 17 #include "net/der/parse_values.h" | 18 #include "net/der/parse_values.h" |
| 18 | 19 |
| 19 namespace net { | 20 namespace net { |
| 20 | 21 |
| 21 namespace der { | 22 namespace der { |
| 22 struct GeneralizedTime; | 23 struct GeneralizedTime; |
| 23 } | 24 } |
| 24 | 25 |
| 25 class CertPathIter; | 26 class CertPathIter; |
| (...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 111 // Creates a CertPathBuilder that attempts to find a path from |cert| to a | 112 // Creates a CertPathBuilder that attempts to find a path from |cert| to a |
| 112 // trust anchor in |trust_store|, which satisfies |signature_policy| and is | 113 // trust anchor in |trust_store|, which satisfies |signature_policy| and is |
| 113 // valid at |time|. Details of attempted path(s) are stored in |*result|. | 114 // valid at |time|. Details of attempted path(s) are stored in |*result|. |
| 114 // | 115 // |
| 115 // The caller must keep |trust_store|, |signature_policy|, and |*result| valid | 116 // The caller must keep |trust_store|, |signature_policy|, and |*result| valid |
| 116 // for the lifetime of the CertPathBuilder. | 117 // for the lifetime of the CertPathBuilder. |
| 117 CertPathBuilder(scoped_refptr<ParsedCertificate> cert, | 118 CertPathBuilder(scoped_refptr<ParsedCertificate> cert, |
| 118 const TrustStore* trust_store, | 119 const TrustStore* trust_store, |
| 119 const SignaturePolicy* signature_policy, | 120 const SignaturePolicy* signature_policy, |
| 120 const der::GeneralizedTime& time, | 121 const der::GeneralizedTime& time, |
| 122 KeyPurpose key_purpose, |
| 121 Result* result); | 123 Result* result); |
| 122 ~CertPathBuilder(); | 124 ~CertPathBuilder(); |
| 123 | 125 |
| 124 // Adds a CertIssuerSource to provide intermediates for use in path building. | 126 // Adds a CertIssuerSource to provide intermediates for use in path building. |
| 125 // Multiple sources may be added. Must not be called after Run is called. | 127 // Multiple sources may be added. Must not be called after Run is called. |
| 126 // The |*cert_issuer_source| must remain valid for the lifetime of the | 128 // The |*cert_issuer_source| must remain valid for the lifetime of the |
| 127 // CertPathBuilder. | 129 // CertPathBuilder. |
| 128 // | 130 // |
| 129 // (If no issuer sources are added, the target certificate will only verify if | 131 // (If no issuer sources are added, the target certificate will only verify if |
| 130 // it is a trust anchor or is directly signed by a trust anchor.) | 132 // it is a trust anchor or is directly signed by a trust anchor.) |
| (...skipping 14 matching lines...) Expand all Loading... |
| 145 }; | 147 }; |
| 146 | 148 |
| 147 void DoGetNextPath(); | 149 void DoGetNextPath(); |
| 148 void DoGetNextPathComplete(); | 150 void DoGetNextPathComplete(); |
| 149 | 151 |
| 150 void AddResultPath(std::unique_ptr<ResultPath> result_path); | 152 void AddResultPath(std::unique_ptr<ResultPath> result_path); |
| 151 | 153 |
| 152 std::unique_ptr<CertPathIter> cert_path_iter_; | 154 std::unique_ptr<CertPathIter> cert_path_iter_; |
| 153 const SignaturePolicy* signature_policy_; | 155 const SignaturePolicy* signature_policy_; |
| 154 const der::GeneralizedTime time_; | 156 const der::GeneralizedTime time_; |
| 157 const KeyPurpose key_purpose_; |
| 155 | 158 |
| 156 // Stores the next complete path to attempt verification on. This is filled in | 159 // Stores the next complete path to attempt verification on. This is filled in |
| 157 // by |cert_path_iter_| during the STATE_GET_NEXT_PATH step, and thus should | 160 // by |cert_path_iter_| during the STATE_GET_NEXT_PATH step, and thus should |
| 158 // only be accessed during the STATE_GET_NEXT_PATH_COMPLETE step. | 161 // only be accessed during the STATE_GET_NEXT_PATH_COMPLETE step. |
| 159 // (Will be empty if all paths have been tried, otherwise will be a candidate | 162 // (Will be empty if all paths have been tried, otherwise will be a candidate |
| 160 // path starting with the target cert and ending with a | 163 // path starting with the target cert and ending with a |
| 161 // certificate issued by trust anchor.) | 164 // certificate issued by trust anchor.) |
| 162 CertPath next_path_; | 165 CertPath next_path_; |
| 163 State next_state_; | 166 State next_state_; |
| 164 | 167 |
| 165 Result* out_result_; | 168 Result* out_result_; |
| 166 | 169 |
| 167 DISALLOW_COPY_AND_ASSIGN(CertPathBuilder); | 170 DISALLOW_COPY_AND_ASSIGN(CertPathBuilder); |
| 168 }; | 171 }; |
| 169 | 172 |
| 170 } // namespace net | 173 } // namespace net |
| 171 | 174 |
| 172 #endif // NET_CERT_INTERNAL_PATH_BUILDER_H_ | 175 #endif // NET_CERT_INTERNAL_PATH_BUILDER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2800993002:
Add a key purpose parameter to Certificate PathBuilder. (Closed)
