// Copyright 2016 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef BSSL_PKI_PATH_BUILDER_H_ #define BSSL_PKI_PATH_BUILDER_H_ #include <memory> #include <vector> #include <openssl/base.h> #include <openssl/pki/verify_error.h> #include "cert_errors.h" #include "input.h" #include "parse_values.h" #include "parsed_certificate.h" #include "trust_store.h" #include "verify_certificate_chain.h" BSSL_NAMESPACE_BEGIN namespace der { struct GeneralizedTime; } class CertPathBuilder; class CertPathIter; class CertIssuerSource; // Base class for custom data that CertPathBuilderDelegate can attach to paths. class OPENSSL_EXPORT CertPathBuilderDelegateData { … }; // Represents a single candidate path that was built or is being processed. // // This is used both to represent valid paths, as well as invalid/partial ones. // // Consumers must use |IsValid()| to test whether the // CertPathBuilderResultPath is the result of a successful certificate // verification. struct OPENSSL_EXPORT CertPathBuilderResultPath { … }; // CertPathBuilderDelegate controls policies for certificate verification and // path building. class OPENSSL_EXPORT CertPathBuilderDelegate : public VerifyCertificateChainDelegate { … }; // Checks whether a certificate is trusted by building candidate paths to trust // anchors and verifying those paths according to RFC 5280. Each instance of // CertPathBuilder is used for a single verification. // // WARNING: This implementation is currently experimental. Consult an OWNER // before using it. class OPENSSL_EXPORT CertPathBuilder { … }; BSSL_NAMESPACE_END #endif // BSSL_PKI_PATH_BUILDER_H_
Codebase Browser
chromium