OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_QUIC_CRYPTO_PROOF_VERIFIER_H_ | 5 #ifndef NET_QUIC_CRYPTO_PROOF_VERIFIER_H_ |
6 #define NET_QUIC_CRYPTO_PROOF_VERIFIER_H_ | 6 #define NET_QUIC_CRYPTO_PROOF_VERIFIER_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
| 11 #include "net/base/completion_callback.h" |
11 #include "net/base/net_export.h" | 12 #include "net/base/net_export.h" |
12 | 13 |
13 namespace net { | 14 namespace net { |
14 | 15 |
15 // A ProofVerifier checks the signature on a server config, and the certificate | 16 // A ProofVerifier checks the signature on a server config, and the certificate |
16 // chain that backs the public key. | 17 // chain that backs the public key. |
17 class NET_EXPORT_PRIVATE ProofVerifier { | 18 class NET_EXPORT_PRIVATE ProofVerifier { |
18 public: | 19 public: |
19 virtual ~ProofVerifier() {} | 20 virtual ~ProofVerifier() {} |
20 | 21 |
21 // VerifyProof checks that |signature| is a valid signature of | 22 // VerifyProof checks that |signature| is a valid signature of |
22 // |server_config| by the public key in the leaf certificate of |certs|, and | 23 // |server_config| by the public key in the leaf certificate of |certs|, and |
23 // that |certs| is a valid chain for |hostname|. On success, it returns true. | 24 // that |certs| is a valid chain for |hostname|. On success, it returns OK. |
24 // On failure, it returns false and sets |*error_details| to a description of | 25 // On failure, it returns ERR_FAILED and sets |*error_details| to a |
25 // the problem. | 26 // description of the problem. This function may also return ERR_IO_PENDING, |
| 27 // in which case the |callback| will be run on the calling thread with the |
| 28 // final OK/ERR_FAILED result when the proof is verified. |
26 // | 29 // |
27 // The signature uses SHA-256 as the hash function and PSS padding in the | 30 // The signature uses SHA-256 as the hash function and PSS padding in the |
28 // case of RSA. | 31 // case of RSA. |
29 // | 32 // |
30 // Note: this is just for testing. The CN of the certificate is ignored and | 33 // Note: this is just for testing. The CN of the certificate is ignored and |
31 // wildcards in the SANs are not supported. | 34 // wildcards in the SANs are not supported. |
32 virtual bool VerifyProof(const std::string& hostname, | 35 virtual int VerifyProof(const std::string& hostname, |
33 const std::string& server_config, | 36 const std::string& server_config, |
34 const std::vector<std::string>& certs, | 37 const std::vector<std::string>& certs, |
35 const std::string& signature, | 38 const std::string& signature, |
36 std::string* error_details) const = 0; | 39 std::string* error_details, |
| 40 const CompletionCallback& callback) = 0; |
37 }; | 41 }; |
38 | 42 |
39 } // namespace net | 43 } // namespace net |
40 | 44 |
41 #endif // NET_QUIC_CRYPTO_PROOF_VERIFIER_H_ | 45 #endif // NET_QUIC_CRYPTO_PROOF_VERIFIER_H_ |
OLD | NEW |