diff options
Diffstat (limited to 'net/base/cert_verifier.h')
| -rw-r--r-- | net/base/cert_verifier.h | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/net/base/cert_verifier.h b/net/base/cert_verifier.h new file mode 100644 index 0000000..06f7cef --- /dev/null +++ b/net/base/cert_verifier.h @@ -0,0 +1,65 @@ +// Copyright (c) 2008 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_BASE_CERT_VERIFIER_H_ +#define NET_BASE_CERT_VERIFIER_H_ + +#include <string> + +#include "base/basictypes.h" +#include "base/ref_counted.h" +#include "net/base/completion_callback.h" + +namespace net { + +class X509Certificate; + +// This class represents the task of verifying a certificate. It can only +// verify a single certificate at a time, so if you need to verify multiple +// certificates at the same time, you will need to allocate a CertVerifier +// object for each certificate. +// +// TODO(wtc): This class is based on HostResolver. We should create a base +// class for the common code between the two classes. +// +class CertVerifier { + public: + CertVerifier(); + + // If a completion callback is pending when the verifier is destroyed, the + // certificate verification is cancelled, and the completion callback will + // not be called. + ~CertVerifier(); + + // Verifies the given certificate against the given hostname. Returns OK if + // successful or an error code upon failure. + // + // The |cert_status| bitmask is always filled out regardless of the return + // value. If the certificate has multiple errors, the corresponding status + // flags are set in |cert_status|, and the error code for the most serious + // error is returned. + // + // If |rev_checking_enabled| is true, certificate revocation checking is + // performed. + // + // When callback is null, the operation completes synchronously. + // + // When callback is non-null, ERR_IO_PENDING is returned if the operation + // could not be completed synchronously, in which case the result code will + // be passed to the callback when available. + // + int Verify(X509Certificate* cert, const std::string& hostname, + bool rev_checking_enabled, int* cert_status, + CompletionCallback* callback); + + private: + class Request; + friend class Request; + scoped_refptr<Request> request_; + DISALLOW_COPY_AND_ASSIGN(CertVerifier); +}; + +} // namespace net + +#endif // NET_BASE_CERT_VERIFIER_H_ |