OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_CERT_VERIFY_RESULT_H_ | 5 #ifndef NET_BASE_CERT_VERIFY_RESULT_H_ |
6 #define NET_BASE_CERT_VERIFY_RESULT_H_ | 6 #define NET_BASE_CERT_VERIFY_RESULT_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "net/base/net_api.h" | 11 #include "net/base/net_api.h" |
| 12 #include "base/memory/ref_counted.h" |
12 #include "net/base/x509_cert_types.h" | 13 #include "net/base/x509_cert_types.h" |
13 | 14 |
14 namespace net { | 15 namespace net { |
15 | 16 |
16 // The result of certificate verification. Eventually this may contain the | 17 class X509Certificate; |
17 // certificate chain that was constructed during certificate verification. | 18 |
| 19 // The result of certificate verification. |
18 class NET_API CertVerifyResult { | 20 class NET_API CertVerifyResult { |
19 public: | 21 public: |
20 CertVerifyResult(); | 22 CertVerifyResult(); |
21 ~CertVerifyResult(); | 23 ~CertVerifyResult(); |
22 | 24 |
23 void Reset(); | 25 void Reset(); |
24 | 26 |
25 // Bitmask of CERT_STATUS_* from net/base/cert_status_flags.h | 27 // The certificate and chain that was constructed during verification. |
| 28 // Note that the though the verified certificate will match the originally |
| 29 // supplied certificate, the intermediate certificates stored within may |
| 30 // be substantially different. In the event of a verification failure, this |
| 31 // will contain the chain as supplied by the server. This may be NULL if |
| 32 // running within the sandbox. |
| 33 scoped_refptr<X509Certificate> verified_cert; |
| 34 |
| 35 // Bitmask of CERT_STATUS_* from net/base/cert_status_flags.h. Note that |
| 36 // these status flags apply to the certificate chain returned in |
| 37 // |verified_cert|, rather than the originally supplied certificate |
| 38 // chain. |
26 int cert_status; | 39 int cert_status; |
27 | 40 |
28 // Properties of the certificate chain. | 41 // Properties of the certificate chain. |
29 bool has_md5; | 42 bool has_md5; |
30 bool has_md2; | 43 bool has_md2; |
31 bool has_md4; | 44 bool has_md4; |
32 bool has_md5_ca; | 45 bool has_md5_ca; |
33 bool has_md2_ca; | 46 bool has_md2_ca; |
34 | 47 |
35 // If the certificate was successfully verified then this contains the SHA1 | 48 // If the certificate was successfully verified then this contains the SHA1 |
36 // fingerprints of the SubjectPublicKeyInfos of the chain. The fingerprint | 49 // fingerprints of the SubjectPublicKeyInfos of the chain. The fingerprint |
37 // from the leaf certificate will be the first element of the vector. | 50 // from the leaf certificate will be the first element of the vector. |
38 std::vector<SHA1Fingerprint> public_key_hashes; | 51 std::vector<SHA1Fingerprint> public_key_hashes; |
39 | 52 |
40 // is_issued_by_known_root is true if we recognise the root CA as a standard | 53 // is_issued_by_known_root is true if we recognise the root CA as a standard |
41 // root. If it isn't then it's probably the case that this certificate was | 54 // root. If it isn't then it's probably the case that this certificate was |
42 // generated by a MITM proxy whose root has been installed locally. This is | 55 // generated by a MITM proxy whose root has been installed locally. This is |
43 // meaningless if the certificate was not trusted. | 56 // meaningless if the certificate was not trusted. |
44 bool is_issued_by_known_root; | 57 bool is_issued_by_known_root; |
45 }; | 58 }; |
46 | 59 |
47 } // namespace net | 60 } // namespace net |
48 | 61 |
49 #endif // NET_BASE_CERT_VERIFY_RESULT_H_ | 62 #endif // NET_BASE_CERT_VERIFY_RESULT_H_ |
OLD | NEW |