OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_CERT_VERIFY_PROC_H_ | 5 #ifndef NET_CERT_CERT_VERIFY_PROC_H_ |
6 #define NET_CERT_CERT_VERIFY_PROC_H_ | 6 #define NET_CERT_CERT_VERIFY_PROC_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
60 CRLSet* crl_set, | 60 CRLSet* crl_set, |
61 const CertificateList& additional_trust_anchors, | 61 const CertificateList& additional_trust_anchors, |
62 CertVerifyResult* verify_result); | 62 CertVerifyResult* verify_result); |
63 | 63 |
64 // Returns true if the implementation supports passing additional trust | 64 // Returns true if the implementation supports passing additional trust |
65 // anchors to the Verify() call. The |additional_trust_anchors| parameter | 65 // anchors to the Verify() call. The |additional_trust_anchors| parameter |
66 // passed to Verify() is ignored when this returns false. | 66 // passed to Verify() is ignored when this returns false. |
67 virtual bool SupportsAdditionalTrustAnchors() const = 0; | 67 virtual bool SupportsAdditionalTrustAnchors() const = 0; |
68 | 68 |
69 protected: | 69 protected: |
70 friend class base::RefCountedThreadSafe<CertVerifyProc>; | |
71 FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest, DigiNotarCerts); | |
72 | |
73 CertVerifyProc(); | 70 CertVerifyProc(); |
74 virtual ~CertVerifyProc(); | 71 virtual ~CertVerifyProc(); |
75 | 72 |
76 private: | 73 private: |
| 74 friend class base::RefCountedThreadSafe<CertVerifyProc>; |
| 75 friend class CertVerifyProcNonUniqueNameTest; |
| 76 FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest, DigiNotarCerts); |
| 77 |
77 // Performs the actual verification using the desired underlying | 78 // Performs the actual verification using the desired underlying |
78 // cryptographic library. | 79 // cryptographic library. |
79 virtual int VerifyInternal(X509Certificate* cert, | 80 virtual int VerifyInternal(X509Certificate* cert, |
80 const std::string& hostname, | 81 const std::string& hostname, |
81 int flags, | 82 int flags, |
82 CRLSet* crl_set, | 83 CRLSet* crl_set, |
83 const CertificateList& additional_trust_anchors, | 84 const CertificateList& additional_trust_anchors, |
84 CertVerifyResult* verify_result) = 0; | 85 CertVerifyResult* verify_result) = 0; |
85 | 86 |
86 // Returns true if |cert| is explicitly blacklisted. | 87 // Returns true if |cert| is explicitly blacklisted. |
87 static bool IsBlacklisted(X509Certificate* cert); | 88 static bool IsBlacklisted(X509Certificate* cert); |
88 | 89 |
89 // IsPublicKeyBlacklisted returns true iff one of |public_key_hashes| (which | 90 // IsPublicKeyBlacklisted returns true iff one of |public_key_hashes| (which |
90 // are hashes of SubjectPublicKeyInfo structures) is explicitly blocked. | 91 // are hashes of SubjectPublicKeyInfo structures) is explicitly blocked. |
91 static bool IsPublicKeyBlacklisted(const HashValueVector& public_key_hashes); | 92 static bool IsPublicKeyBlacklisted(const HashValueVector& public_key_hashes); |
| 93 |
| 94 // Returns true if |hostname| contains a name that is non-unique among |
| 95 // certificates (eg: an "internal server name"). |
| 96 // |
| 97 // While such names are not scheduled to be deprecated until 1 November 2015 |
| 98 // according to the CA/Browser Forum Baseline Requirements (v1.1), they |
| 99 // represent a real risk for the deployment of new gTLDs, and thus being |
| 100 // phased out ahead of the hard deadline. |
| 101 // TODO(rsleevi): http://crbug.com/119212 - Also match internal IP address |
| 102 // ranges. |
| 103 static bool IsHostnameNonUnique(const std::string& hostname); |
| 104 |
| 105 DISALLOW_COPY_AND_ASSIGN(CertVerifyProc); |
92 }; | 106 }; |
93 | 107 |
94 } // namespace net | 108 } // namespace net |
95 | 109 |
96 #endif // NET_CERT_CERT_VERIFY_PROC_H_ | 110 #endif // NET_CERT_CERT_VERIFY_PROC_H_ |
OLD | NEW |