We started redesigning GpuMemoryBuffer interface to handle multiple buffers [0].
[chromium-blink-merge.git] / net / quic / crypto / proof_verifier.h
blob87339da4208f5654a38f27e3dfffddc30863ae01
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_QUIC_CRYPTO_PROOF_VERIFIER_H_
6 #define NET_QUIC_CRYPTO_PROOF_VERIFIER_H_
8 #include <string>
9 #include <vector>
11 #include "base/memory/scoped_ptr.h"
12 #include "net/base/net_export.h"
13 #include "net/quic/quic_types.h"
15 namespace net {
17 // ProofVerifyDetails is an abstract class that acts as a container for any
18 // implementation specific details that a ProofVerifier wishes to return. These
19 // details are saved in the CachedState for the origin in question.
20 class NET_EXPORT_PRIVATE ProofVerifyDetails {
21 public:
22 virtual ~ProofVerifyDetails() {}
24 // Returns an new ProofVerifyDetails object with the same contents
25 // as this one.
26 virtual ProofVerifyDetails* Clone() const = 0;
29 // ProofVerifyContext is an abstract class that acts as a container for any
30 // implementation specific context that a ProofVerifier needs.
31 class NET_EXPORT_PRIVATE ProofVerifyContext {
32 public:
33 virtual ~ProofVerifyContext() {}
36 // ProofVerifierCallback provides a generic mechanism for a ProofVerifier to
37 // call back after an asynchronous verification.
38 class NET_EXPORT_PRIVATE ProofVerifierCallback {
39 public:
40 virtual ~ProofVerifierCallback() {}
42 // Run is called on the original thread to mark the completion of an
43 // asynchonous verification. If |ok| is true then the certificate is valid
44 // and |error_details| is unused. Otherwise, |error_details| contains a
45 // description of the error. |details| contains implementation-specific
46 // details of the verification. |Run| may take ownership of |details| by
47 // calling |release| on it.
48 virtual void Run(bool ok,
49 const std::string& error_details,
50 scoped_ptr<ProofVerifyDetails>* details) = 0;
53 // A ProofVerifier checks the signature on a server config, and the certificate
54 // chain that backs the public key.
55 class NET_EXPORT_PRIVATE ProofVerifier {
56 public:
57 virtual ~ProofVerifier() {}
59 // VerifyProof checks that |signature| is a valid signature of
60 // |server_config| by the public key in the leaf certificate of |certs|, and
61 // that |certs| is a valid chain for |hostname|. On success, it returns
62 // QUIC_SUCCESS. On failure, it returns QUIC_FAILURE and sets |*error_details|
63 // to a description of the problem. In either case it may set |*details|,
64 // which the caller takes ownership of.
66 // |context| specifies an implementation specific struct (which may be nullptr
67 // for some implementations) that provides useful information for the
68 // verifier, e.g. logging handles.
70 // This function may also return QUIC_PENDING, in which case the ProofVerifier
71 // will call back, on the original thread, via |callback| when complete.
72 // In this case, the ProofVerifier will take ownership of |callback|.
74 // The signature uses SHA-256 as the hash function and PSS padding in the
75 // case of RSA.
76 virtual QuicAsyncStatus VerifyProof(const std::string& hostname,
77 const std::string& server_config,
78 const std::vector<std::string>& certs,
79 const std::string& signature,
80 const ProofVerifyContext* context,
81 std::string* error_details,
82 scoped_ptr<ProofVerifyDetails>* details,
83 ProofVerifierCallback* callback) = 0;
86 } // namespace net
88 #endif // NET_QUIC_CRYPTO_PROOF_VERIFIER_H_