Home | History | Annotate | Download | only in crypto 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_
      6 #define NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include "base/basictypes.h"
     12 #include "base/compiler_specific.h"
     13 #include "base/memory/scoped_ptr.h"
     14 #include "net/base/completion_callback.h"
     15 #include "net/base/net_export.h"
     16 #include "net/base/net_log.h"
     17 #include "net/cert/cert_verify_result.h"
     18 #include "net/cert/x509_certificate.h"
     19 #include "net/quic/crypto/proof_verifier.h"
     20 
     21 namespace net {
     22 
     23 class CertVerifier;
     24 class SingleRequestCertVerifier;
     25 
     26 // ProofVerifyDetailsChromium is the implementation-specific information that a
     27 // ProofVerifierChromium returns about a certificate verification.
     28 struct ProofVerifyDetailsChromium : public ProofVerifyDetails {
     29  public:
     30   CertVerifyResult cert_verify_result;
     31 };
     32 
     33 // ProofVerifierChromium implements the QUIC ProofVerifier interface.
     34 // TODO(rtenneti): Add support for multiple requests for one ProofVerifier.
     35 class NET_EXPORT_PRIVATE ProofVerifierChromium : public ProofVerifier {
     36  public:
     37   ProofVerifierChromium(CertVerifier* cert_verifier,
     38                         const BoundNetLog& net_log);
     39   virtual ~ProofVerifierChromium();
     40 
     41   // ProofVerifier interface
     42   virtual Status VerifyProof(QuicVersion version,
     43                              const std::string& hostname,
     44                              const std::string& server_config,
     45                              const std::vector<std::string>& certs,
     46                              const std::string& signature,
     47                              std::string* error_details,
     48                              scoped_ptr<ProofVerifyDetails>* details,
     49                              ProofVerifierCallback* callback) OVERRIDE;
     50 
     51  private:
     52   enum State {
     53     STATE_NONE,
     54     STATE_VERIFY_CERT,
     55     STATE_VERIFY_CERT_COMPLETE,
     56   };
     57 
     58   int DoLoop(int last_io_result);
     59   void OnIOComplete(int result);
     60   int DoVerifyCert(int result);
     61   int DoVerifyCertComplete(int result);
     62 
     63   bool VerifySignature(QuicVersion version,
     64                        const std::string& signed_data,
     65                        const std::string& signature,
     66                        const std::string& cert);
     67 
     68   // |cert_verifier_| and |verifier_| are used for verifying certificates.
     69   CertVerifier* const cert_verifier_;
     70   scoped_ptr<SingleRequestCertVerifier> verifier_;
     71 
     72   // |hostname| specifies the hostname for which |certs| is a valid chain.
     73   std::string hostname_;
     74 
     75   scoped_ptr<ProofVerifierCallback> callback_;
     76   scoped_ptr<ProofVerifyDetailsChromium> verify_details_;
     77   std::string error_details_;
     78 
     79   // X509Certificate from a chain of DER encoded certificates.
     80   scoped_refptr<X509Certificate> cert_;
     81 
     82   State next_state_;
     83 
     84   BoundNetLog net_log_;
     85 
     86   DISALLOW_COPY_AND_ASSIGN(ProofVerifierChromium);
     87 };
     88 
     89 }  // namespace net
     90 
     91 #endif  // NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_
     92