blob: cffad9db9a58e2ba98eeca328e5d462f0bbc51d2 [file] [log] [blame]
// Copyright 2016 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef BSSL_PKI_CERT_ISSUER_SOURCE_H_
#define BSSL_PKI_CERT_ISSUER_SOURCE_H_
#include <memory>
#include <vector>
#include <openssl/base.h>
#include "parsed_certificate.h"
BSSL_NAMESPACE_BEGIN
// Interface for looking up issuers of a certificate during path building.
// Provides a synchronous and asynchronous method for retrieving issuers, so the
// path builder can try to complete synchronously first. The caller is expected
// to call SyncGetIssuersOf first, see if it can make progress with those
// results, and if not, then fall back to calling AsyncGetIssuersOf.
// An implementations may choose to return results from either one of the Get
// methods, or from both.
class OPENSSL_EXPORT CertIssuerSource {
public:
class OPENSSL_EXPORT Request {
public:
Request() = default;
Request(const Request &) = delete;
Request &operator=(const Request &) = delete;
// Destruction of the Request cancels it.
virtual ~Request() = default;
// Retrieves issuers and appends them to |issuers|.
//
// GetNext should be called again to retrieve any remaining issuers.
//
// If no issuers are left then |issuers| will not be modified. This
// indicates that the issuers have been exhausted and GetNext() should
// not be called again.
virtual void GetNext(ParsedCertificateList *issuers) = 0;
};
virtual ~CertIssuerSource() = default;
// Finds certificates whose Subject matches |cert|'s Issuer.
// Matches are appended to |issuers|. Any existing contents of |issuers| will
// not be modified. If the implementation does not support synchronous
// lookups, or if there are no matches, |issuers| is not modified.
virtual void SyncGetIssuersOf(const ParsedCertificate *cert,
ParsedCertificateList *issuers) = 0;
// Finds certificates whose Subject matches |cert|'s Issuer.
// If the implementation does not support asynchronous lookups or can
// determine synchronously that it would return no results, |*out_req|
// will be set to nullptr.
//
// Otherwise a request is started and saved to |out_req|. The results can be
// read through the Request interface.
virtual void AsyncGetIssuersOf(const ParsedCertificate *cert,
std::unique_ptr<Request> *out_req) = 0;
};
BSSL_NAMESPACE_END
#endif // BSSL_PKI_CERT_ISSUER_SOURCE_H_