blob: d7acd44faf1f97d02f91b1a0bc3089d40a88e9c0 [file] [log] [blame]
// Copyright 2016 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <vector>
#include "base/memory/ref_counted.h"
#include "net/base/net_export.h"
#include "net/cert/internal/cert_issuer_source.h"
#include "net/cert/internal/parsed_certificate.h"
namespace net {
enum class CertificateTrustType {
// This certificate is explicitly blacklisted (distrusted).
// The trustedness of this certificate is unknown (inherits trust from
// its issuer).
// This certificate is a trust anchor (as defined by RFC 5280). The only
// fields in the certificate that are meaningful are its name and SPKI.
// This certificate is a trust anchor, and additionally some of the fields in
// the certificate (other than name and SPKI) should be used during the
// verification process. See VerifyCertificateChain() for details on how
// constraints are applied.
// Describes the level of trust in a certificate. See CertificateTrustType for
// details.
// TODO(eroman): Right now this is just a glorified wrapper around an enum...
struct NET_EXPORT CertificateTrust {
static CertificateTrust ForTrustAnchor();
static CertificateTrust ForTrustAnchorEnforcingConstraints();
static CertificateTrust ForUnspecified();
static CertificateTrust ForDistrusted();
bool IsTrustAnchor() const;
bool IsDistrusted() const;
bool HasUnspecifiedTrust() const;
CertificateTrustType type = CertificateTrustType::UNSPECIFIED;
// Interface for finding intermediates / trust anchors, and testing the
// trustedness of certificates.
class NET_EXPORT TrustStore : public CertIssuerSource {
// Writes the trustedness of |cert| into |*trust|. Both |cert| and |trust|
// must be non-null.
virtual void GetTrust(const scoped_refptr<ParsedCertificate>& cert,
CertificateTrust* trust) const = 0;
// Disable async issuers for TrustStore, as it isn't needed.
void AsyncGetIssuersOf(const ParsedCertificate* cert,
std::unique_ptr<Request>* out_req) final;
} // namespace net