OERV-RUNTIME/boringssl
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
bc97b7a8e1952bab69fea961301a90e5ad3344e9
boringssl/pki/cert_issuer_source.h
Bob Beck bc97b7a8e1 Bring in the core of chromium certificate verifier as libpki 
Initially this leaves the canonical source in chrome, Additions
and fillins are committed directly, the chrome files are coverted
using the IMPORT script run from the pki directory for the moment.

The intention here is to continue frequent automatic conversion
(and avoid wholesale cosmetic changes in here for now) until
chrome converts to use these files in place of it's versions.
At that point these will become the definiative files, and the
IMPORT script can be tossed out.

A middle step along the way will be to change google3's verify.cc
in third_party/chromium_certificate_verifier to use this instead
of it's own extracted copy.

Status (and what is not done yet) being roughly tracked in README.md

Bug: chromium:1322914

Change-Id: Ibdb5479bc68985fa61ce6b10f98f31f6b3a7cbdf
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60285
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2023-06-22 19:34:39 +00:00

71 lines
2.5 KiB
C++
Raw Blame History

// Copyright 2016 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef BSSL_PKI_CERT_ISSUER_SOURCE_H_
#define BSSL_PKI_CERT_ISSUER_SOURCE_H_
#include "fillins/openssl_util.h"
#include <memory>
#include <vector>
#include "parsed_certificate.h"
namespace bssl {
// Interface for looking up issuers of a certificate during path building.
// Provides a synchronous and asynchronous method for retrieving issuers, so the
// path builder can try to complete synchronously first. The caller is expected
// to call SyncGetIssuersOf first, see if it can make progress with those
// results, and if not, then fall back to calling AsyncGetIssuersOf.
// An implementations may choose to return results from either one of the Get
// methods, or from both.
class OPENSSL_EXPORT CertIssuerSource {
public:
class OPENSSL_EXPORT Request {
public:
Request() = default;
Request(const Request&) = delete;
Request& operator=(const Request&) = delete;
// Destruction of the Request cancels it.
virtual ~Request() = default;
// Retrieves issuers and appends them to |issuers|.
//
// GetNext should be called again to retrieve any remaining issuers.
//
// If no issuers are left then |issuers| will not be modified. This
// indicates that the issuers have been exhausted and GetNext() should
// not be called again.
virtual void GetNext(ParsedCertificateList* issuers,
void* debug_data) = 0;
};
virtual ~CertIssuerSource() = default;
// Finds certificates whose Subject matches |cert|'s Issuer.
// Matches are appended to |issuers|. Any existing contents of |issuers| will
// not be modified. If the implementation does not support synchronous
// lookups, or if there are no matches, |issuers| is not modified.
virtual void SyncGetIssuersOf(const ParsedCertificate* cert,
ParsedCertificateList* issuers) = 0;
// Finds certificates whose Subject matches |cert|'s Issuer.
// If the implementation does not support asynchronous lookups or can
// determine synchronously that it would return no results, |*out_req|
// will be set to nullptr.
//
// Otherwise a request is started and saved to |out_req|. The results can be
// read through the Request interface.
virtual void AsyncGetIssuersOf(const ParsedCertificate* cert,
std::unique_ptr<Request>* out_req) = 0;
};
} // namespace net
#endif // BSSL_PKI_CERT_ISSUER_SOURCE_H_
Reference in New Issue View Git Blame Copy Permalink