xref: /aosp_15_r20/external/cronet/third_party/boringssl/src/pki/cert_issuer_source.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2016 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef BSSL_PKI_CERT_ISSUER_SOURCE_H_
6 #define BSSL_PKI_CERT_ISSUER_SOURCE_H_
7 
8 #include <memory>
9 #include <vector>
10 
11 #include <openssl/base.h>
12 
13 #include "parsed_certificate.h"
14 
15 namespace bssl {
16 
17 // Interface for looking up issuers of a certificate during path building.
18 // Provides a synchronous and asynchronous method for retrieving issuers, so the
19 // path builder can try to complete synchronously first. The caller is expected
20 // to call SyncGetIssuersOf first, see if it can make progress with those
21 // results, and if not, then fall back to calling AsyncGetIssuersOf.
22 // An implementations may choose to return results from either one of the Get
23 // methods, or from both.
24 class OPENSSL_EXPORT CertIssuerSource {
25  public:
26   class OPENSSL_EXPORT Request {
27    public:
28     Request() = default;
29 
30     Request(const Request &) = delete;
31     Request &operator=(const Request &) = delete;
32 
33     // Destruction of the Request cancels it.
34     virtual ~Request() = default;
35 
36     // Retrieves issuers and appends them to |issuers|.
37     //
38     // GetNext should be called again to retrieve any remaining issuers.
39     //
40     // If no issuers are left then |issuers| will not be modified. This
41     // indicates that the issuers have been exhausted and GetNext() should
42     // not be called again.
43     virtual void GetNext(ParsedCertificateList *issuers) = 0;
44   };
45 
46   virtual ~CertIssuerSource() = default;
47 
48   // Finds certificates whose Subject matches |cert|'s Issuer.
49   // Matches are appended to |issuers|. Any existing contents of |issuers| will
50   // not be modified. If the implementation does not support synchronous
51   // lookups, or if there are no matches, |issuers| is not modified.
52   virtual void SyncGetIssuersOf(const ParsedCertificate *cert,
53                                 ParsedCertificateList *issuers) = 0;
54 
55   // Finds certificates whose Subject matches |cert|'s Issuer.
56   // If the implementation does not support asynchronous lookups or can
57   // determine synchronously that it would return no results, |*out_req|
58   // will be set to nullptr.
59   //
60   // Otherwise a request is started and saved to |out_req|. The results can be
61   // read through the Request interface.
62   virtual void AsyncGetIssuersOf(const ParsedCertificate *cert,
63                                  std::unique_ptr<Request> *out_req) = 0;
64 };
65 
66 }  // namespace bssl
67 
68 #endif  // BSSL_PKI_CERT_ISSUER_SOURCE_H_
69