/* Copyright (c) 2023, Google Inc. * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include <openssl/pki/verify.h> #include <assert.h> #include <chrono> #include <optional> #include <string_view> #include <openssl/base.h> #include <openssl/bytestring.h> #include <openssl/pool.h> #include <openssl/pki/signature_verify_cache.h> #include "cert_errors.h" #include "cert_issuer_source_static.h" #include "certificate_policies.h" #include "common_cert_errors.h" #include "encode_values.h" #include "input.h" #include "parse_certificate.h" #include "parse_values.h" #include "parsed_certificate.h" #include "path_builder.h" #include "simple_path_builder_delegate.h" #include "trust_store.h" #include "trust_store_in_memory.h" #include "verify_certificate_chain.h" BSSL_NAMESPACE_BEGIN namespace { std::optional<std::shared_ptr<const ParsedCertificate>> InternalParseCertificate(Span<const uint8_t> cert, std::string *out_diagnostic) { … } } // namespace CertPool::CertPool() { … } CertificateVerifyOptions::CertificateVerifyOptions() { … } static std::unique_ptr<VerifyTrustStore> WrapTrustStore( std::unique_ptr<TrustStoreInMemory> trust_store) { … } VerifyTrustStore::~VerifyTrustStore() { … } std::unique_ptr<VerifyTrustStore> VerifyTrustStore::FromDER( std::string_view der_certs, std::string *out_diagnostic) { … } std::unique_ptr<VerifyTrustStore> VerifyTrustStore::FromDER( const std::vector<std::string_view> &der_roots, std::string *out_diagnostic) { … } CertPool::~CertPool() { … } std::unique_ptr<CertPool> CertPool::FromCerts( const std::vector<std::string_view> &der_certs, std::string *out_diagnostic) { … } CertificateVerifyStatus::CertificateVerifyStatus() { … } size_t CertificateVerifyStatus::IterationCount() const { … } size_t CertificateVerifyStatus::MaxDepthSeen() const { … } // PathBuilderDelegateImpl implements a deadline and allows for the // use of a SignatureVerifyCache if an implementation is provided. class PathBuilderDelegateImpl : public SimplePathBuilderDelegate { … }; std::optional<std::vector<std::vector<std::string>>> CertificateVerifyInternal( const CertificateVerifyOptions &opts, VerifyError *out_error, CertificateVerifyStatus *out_status, bool all_paths) { … } std::optional<std::vector<std::string>> CertificateVerify( const CertificateVerifyOptions &opts, VerifyError *out_error, CertificateVerifyStatus *out_status) { … } std::optional<std::vector<std::vector<std::string>>> CertificateVerifyAllPaths( const CertificateVerifyOptions &opts) { … } BSSL_NAMESPACE_END
Codebase Browser
chromium