| // Copyright 2016 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef BSSL_PKI_CERT_ISSUER_SOURCE_H_ |
| #define BSSL_PKI_CERT_ISSUER_SOURCE_H_ |
| |
| #include <memory> |
| #include <vector> |
| |
| #include <openssl/base.h> |
| |
| #include "parsed_certificate.h" |
| |
| BSSL_NAMESPACE_BEGIN |
| |
| // Interface for looking up issuers of a certificate during path building. |
| // Provides a synchronous and asynchronous method for retrieving issuers, so the |
| // path builder can try to complete synchronously first. The caller is expected |
| // to call SyncGetIssuersOf first, see if it can make progress with those |
| // results, and if not, then fall back to calling AsyncGetIssuersOf. |
| // An implementations may choose to return results from either one of the Get |
| // methods, or from both. |
| class OPENSSL_EXPORT CertIssuerSource { |
| public: |
| class OPENSSL_EXPORT Request { |
| public: |
| Request() = default; |
| |
| Request(const Request &) = delete; |
| Request &operator=(const Request &) = delete; |
| |
| // Destruction of the Request cancels it. |
| virtual ~Request() = default; |
| |
| // Retrieves issuers and appends them to |issuers|. |
| // |
| // GetNext should be called again to retrieve any remaining issuers. |
| // |
| // If no issuers are left then |issuers| will not be modified. This |
| // indicates that the issuers have been exhausted and GetNext() should |
| // not be called again. |
| virtual void GetNext(ParsedCertificateList *issuers) = 0; |
| }; |
| |
| virtual ~CertIssuerSource() = default; |
| |
| // Finds certificates whose Subject matches |cert|'s Issuer. |
| // Matches are appended to |issuers|. Any existing contents of |issuers| will |
| // not be modified. If the implementation does not support synchronous |
| // lookups, or if there are no matches, |issuers| is not modified. |
| virtual void SyncGetIssuersOf(const ParsedCertificate *cert, |
| ParsedCertificateList *issuers) = 0; |
| |
| // Finds certificates whose Subject matches |cert|'s Issuer. |
| // If the implementation does not support asynchronous lookups or can |
| // determine synchronously that it would return no results, |*out_req| |
| // will be set to nullptr. |
| // |
| // Otherwise a request is started and saved to |out_req|. The results can be |
| // read through the Request interface. |
| virtual void AsyncGetIssuersOf(const ParsedCertificate *cert, |
| std::unique_ptr<Request> *out_req) = 0; |
| }; |
| |
| BSSL_NAMESPACE_END |
| |
| #endif // BSSL_PKI_CERT_ISSUER_SOURCE_H_ |