15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#ifndef NET_CERT_CERT_VERIFY_PROC_NSS_H_ 6c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define NET_CERT_CERT_VERIFY_PROC_NSS_H_ 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 85d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include <certt.h> 95d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/net_export.h" 11c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/cert_verify_proc.h" 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace net { 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Performs certificate path construction and validation using NSS's libpkix. 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class NET_EXPORT_PRIVATE CertVerifyProcNSS : public CertVerifyProc { 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CertVerifyProcNSS(); 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 202a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) virtual bool SupportsAdditionalTrustAnchors() const OVERRIDE; 212a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) protected: 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual ~CertVerifyProcNSS(); 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Like VerifyInternal, but adds a |chain_verify_callback| to override trust 265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // decisions. See the documentation for CERTChainVerifyCallback and 275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // CERTChainVerifyCallbackFunc in NSS's lib/certdb/certt.h. 285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) int VerifyInternalImpl(X509Certificate* cert, 295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const std::string& hostname, 305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) int flags, 315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) CRLSet* crl_set, 325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const CertificateList& additional_trust_anchors, 335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) CERTChainVerifyCallback* chain_verify_callback, 345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) CertVerifyResult* verify_result); 355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) private: 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual int VerifyInternal(X509Certificate* cert, 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& hostname, 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int flags, 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CRLSet* crl_set, 412a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const CertificateList& additional_trust_anchors, 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CertVerifyResult* verify_result) OVERRIDE; 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace net 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 47c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#endif // NET_CERT_CERT_VERIFY_PROC_NSS_H_ 48