net/base/cert_verify_result.h

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_BASE_CERT_VERIFY_RESULT_H_
   6 #define NET_BASE_CERT_VERIFY_RESULT_H_
   7 #pragma once
   8
   9 #include <vector>
  10
  11 #include "net/base/cert_status_flags.h"
  12 #include "net/base/net_export.h"
  13 #include "base/memory/ref_counted.h"
  14 #include "net/base/x509_cert_types.h"
  15
  16 namespace net {
  17
  18 class X509Certificate;
  19
  20 // The result of certificate verification.
  21 class NET_EXPORT CertVerifyResult {
  22  public:
  23   CertVerifyResult();
  24   ~CertVerifyResult();
  25
  26   void Reset();
  27
  28   // The certificate and chain that was constructed during verification.
  29   // Note that the though the verified certificate will match the originally
  30   // supplied certificate, the intermediate certificates stored within may
  31   // be substantially different. In the event of a verification failure, this
  32   // will contain the chain as supplied by the server. This may be NULL if
  33   // running within the sandbox.
  34   scoped_refptr<X509Certificate> verified_cert;
  35
  36   // Bitmask of CERT_STATUS_* from net/base/cert_status_flags.h. Note that
  37   // these status flags apply to the certificate chain returned in
  38   // |verified_cert|, rather than the originally supplied certificate
  39   // chain.
  40   CertStatus cert_status;
  41
  42   // Properties of the certificate chain.
  43   bool has_md5;
  44   bool has_md2;
  45   bool has_md4;
  46   bool has_md5_ca;
  47   bool has_md2_ca;
  48
  49   // If the certificate was successfully verified then this contains the SHA1
  50   // fingerprints of the SubjectPublicKeyInfos of the chain. The fingerprint
  51   // from the leaf certificate will be the first element of the vector.
  52   std::vector<SHA1Fingerprint> public_key_hashes;
  53
  54   // is_issued_by_known_root is true if we recognise the root CA as a standard
  55   // root.  If it isn't then it's probably the case that this certificate was
  56   // generated by a MITM proxy whose root has been installed locally. This is
  57   // meaningless if the certificate was not trusted.
  58   bool is_issued_by_known_root;
  59 };
  60
  61 }  // namespace net
  62
  63 #endif  // NET_BASE_CERT_VERIFY_RESULT_H_