Mirror of BoringSSL (grpc依赖)
https://boringssl.googlesource.com/boringssl
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
70 lines
2.5 KiB
70 lines
2.5 KiB
// Copyright 2016 The Chromium Authors |
|
// Use of this source code is governed by a BSD-style license that can be |
|
// found in the LICENSE file. |
|
|
|
#ifndef BSSL_PKI_CERT_ISSUER_SOURCE_H_ |
|
#define BSSL_PKI_CERT_ISSUER_SOURCE_H_ |
|
|
|
#include "fillins/openssl_util.h" |
|
#include <memory> |
|
#include <vector> |
|
|
|
|
|
|
|
#include "parsed_certificate.h" |
|
|
|
namespace bssl { |
|
|
|
// Interface for looking up issuers of a certificate during path building. |
|
// Provides a synchronous and asynchronous method for retrieving issuers, so the |
|
// path builder can try to complete synchronously first. The caller is expected |
|
// to call SyncGetIssuersOf first, see if it can make progress with those |
|
// results, and if not, then fall back to calling AsyncGetIssuersOf. |
|
// An implementations may choose to return results from either one of the Get |
|
// methods, or from both. |
|
class OPENSSL_EXPORT CertIssuerSource { |
|
public: |
|
class OPENSSL_EXPORT Request { |
|
public: |
|
Request() = default; |
|
|
|
Request(const Request&) = delete; |
|
Request& operator=(const Request&) = delete; |
|
|
|
// Destruction of the Request cancels it. |
|
virtual ~Request() = default; |
|
|
|
// Retrieves issuers and appends them to |issuers|. |
|
// |
|
// GetNext should be called again to retrieve any remaining issuers. |
|
// |
|
// If no issuers are left then |issuers| will not be modified. This |
|
// indicates that the issuers have been exhausted and GetNext() should |
|
// not be called again. |
|
virtual void GetNext(ParsedCertificateList* issuers, |
|
void* debug_data) = 0; |
|
}; |
|
|
|
virtual ~CertIssuerSource() = default; |
|
|
|
// Finds certificates whose Subject matches |cert|'s Issuer. |
|
// Matches are appended to |issuers|. Any existing contents of |issuers| will |
|
// not be modified. If the implementation does not support synchronous |
|
// lookups, or if there are no matches, |issuers| is not modified. |
|
virtual void SyncGetIssuersOf(const ParsedCertificate* cert, |
|
ParsedCertificateList* issuers) = 0; |
|
|
|
// Finds certificates whose Subject matches |cert|'s Issuer. |
|
// If the implementation does not support asynchronous lookups or can |
|
// determine synchronously that it would return no results, |*out_req| |
|
// will be set to nullptr. |
|
// |
|
// Otherwise a request is started and saved to |out_req|. The results can be |
|
// read through the Request interface. |
|
virtual void AsyncGetIssuersOf(const ParsedCertificate* cert, |
|
std::unique_ptr<Request>* out_req) = 0; |
|
}; |
|
|
|
} // namespace net |
|
|
|
#endif // BSSL_PKI_CERT_ISSUER_SOURCE_H_
|
|
|