net/cert/internal/verify_certificate_chain.h - Issue 2813043002: Add tests for keyUsage to the built-in cert verifier.

Side by Side Diff: net/cert/internal/verify_certificate_chain.h

Issue 2813043002: Add tests for keyUsage to the built-in cert verifier. (Closed)

Patch Set: rebase and add test files for ios Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_	5 #ifndef NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_

6 #define NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_	6 #define NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_

7	7

8 #include <vector>	8 #include <vector>

9	9

10 #include "base/compiler_specific.h"	10 #include "base/compiler_specific.h"

(...skipping 12 matching lines...) Expand all Loading...
23 class SignaturePolicy;	23 class SignaturePolicy;

24 class TrustAnchor;	24 class TrustAnchor;

25	25

26 // The key purpose (extended key usage) to check for during verification.	26 // The key purpose (extended key usage) to check for during verification.

27 enum class KeyPurpose {	27 enum class KeyPurpose {

28 ANY_EKU,	28 ANY_EKU,

29 SERVER_AUTH,	29 SERVER_AUTH,

30 CLIENT_AUTH,	30 CLIENT_AUTH,

31 };	31 };

32	32

33 // VerifyCertificateChain() verifies a certificate path (chain) based on the	33 // VerifyCertificateChain() verifies an ordered certificate path in accordance

34 // rules in RFC 5280. The caller is responsible for building the path and	34 // with RFC 5280 (with some modifications [1]).

35 // finding the trust anchor.	35 //

	36 // [1] Deviations from RFC 5280:

	37 //

	38 // * If Extended Key Usage appears on intermediates it is treated as a

	39 // restriction on subordinate certificates.

	40 //

	41 // The caller is responsible for additionally checking:

	42 //

	43 // * The end-entity's KeyUsage before using its SPKI.

	44 // * The end-entity's name/subjectAltName (note that name constraints from

	45 // intermediates will have already been applied, so just need to check

	46 // the end-entity for a match).

	47 // * Policies

36 //	48 //

37 // WARNING: This implementation is in progress, and is currently incomplete.	49 // WARNING: This implementation is in progress, and is currently incomplete.

38 // Consult an OWNER before using it.	50 // Consult an OWNER before using it.

39 //	51 //

40 // TODO(eroman): Take a CertPath instead of ParsedCertificateList +	52 // TODO(eroman): Take a CertPath instead of ParsedCertificateList +

41 // TrustAnchor.	53 // TrustAnchor.

42 //	54 //

43 // ---------	55 // ---------

44 // Inputs	56 // Inputs

45 // ---------	57 // ---------

(...skipping 39 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
85 KeyPurpose required_key_purpose,	97 KeyPurpose required_key_purpose,

86 CertPathErrors* errors);	98 CertPathErrors* errors);

87	99

88 // TODO(crbug.com/634443): Move exported errors to a central location?	100 // TODO(crbug.com/634443): Move exported errors to a central location?

89 extern CertErrorId kValidityFailedNotAfter;	101 extern CertErrorId kValidityFailedNotAfter;

90 extern CertErrorId kValidityFailedNotBefore;	102 extern CertErrorId kValidityFailedNotBefore;

91	103

92 } // namespace net	104 } // namespace net

93	105

94 #endif // NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_	106 #endif // NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_

OLD	NEW

« no previous file with comments | « net/cert/cert_verify_proc_unittest.cc ('k') | net/cert/internal/verify_certificate_chain.cc » ('j') | no next file with comments »