Revert "Fix broken channel icon in chrome://help on CrOS" and try again
[chromium-blink-merge.git] / net / cert / cert_verify_proc_nss.h
blobc7b90b72b7abfb381f1141d7a96bc96747bd466a
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_CERT_CERT_VERIFY_PROC_NSS_H_
6 #define NET_CERT_CERT_VERIFY_PROC_NSS_H_
8 #include <certt.h>
10 #include "net/base/net_export.h"
11 #include "net/cert/cert_verify_proc.h"
13 namespace net {
15 // Performs certificate path construction and validation using NSS's libpkix.
16 class NET_EXPORT_PRIVATE CertVerifyProcNSS : public CertVerifyProc {
17 public:
18 CertVerifyProcNSS();
20 bool SupportsAdditionalTrustAnchors() const override;
21 bool SupportsOCSPStapling() const override;
23 protected:
24 ~CertVerifyProcNSS() override;
26 // Like VerifyInternal, but adds a |chain_verify_callback| to override trust
27 // decisions. See the documentation for CERTChainVerifyCallback and
28 // CERTChainVerifyCallbackFunc in NSS's lib/certdb/certt.h.
29 int VerifyInternalImpl(X509Certificate* cert,
30 const std::string& hostname,
31 const std::string& ocsp_response,
32 int flags,
33 CRLSet* crl_set,
34 const CertificateList& additional_trust_anchors,
35 CERTChainVerifyCallback* chain_verify_callback,
36 CertVerifyResult* verify_result);
38 private:
39 int VerifyInternal(X509Certificate* cert,
40 const std::string& hostname,
41 const std::string& ocsp_response,
42 int flags,
43 CRLSet* crl_set,
44 const CertificateList& additional_trust_anchors,
45 CertVerifyResult* verify_result) override;
47 using CacheOCSPResponseFromSideChannelFunction =
48 SECStatus (*)(CERTCertDBHandle* handle,
49 CERTCertificate* cert,
50 PRTime time,
51 const SECItem* encodedResponse,
52 void* pwArg);
53 const CacheOCSPResponseFromSideChannelFunction
54 cache_ocsp_response_from_side_channel_;
57 } // namespace net
59 #endif // NET_CERT_CERT_VERIFY_PROC_NSS_H_