1 // Copyright 2016 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_CERT_OCSP_VERIFY_RESULT_H_ 6 #define NET_CERT_OCSP_VERIFY_RESULT_H_ 7 8 #include "net/base/net_export.h" 9 #include "net/cert/ocsp_revocation_status.h" 10 11 namespace net { 12 13 // The result of OCSP verification. This always contains a ResponseStatus, which 14 // describes whether or not an OCSP response was provided, and response level 15 // errors. It optionally contains an OCSPRevocationStatus when |response_status 16 // = PROVIDED|. For example, a stapled OCSP response matching the certificate, 17 // and indicating a non-revoked status, will have |response_status = PROVIDED| 18 // and |revocation_status = GOOD|. This is populated as part of the certificate 19 // verification process, and should not be modified at other layers. 20 struct NET_EXPORT OCSPVerifyResult { 21 OCSPVerifyResult(); 22 OCSPVerifyResult(const OCSPVerifyResult&); 23 ~OCSPVerifyResult(); 24 25 bool operator==(const OCSPVerifyResult& other) const; 26 27 // This value is histogrammed, so do not re-order or change values, and add 28 // new values at the end. 29 enum ResponseStatus { 30 // OCSP verification was not checked on this connection. 31 NOT_CHECKED = 0, 32 33 // No OCSPResponse was stapled. 34 MISSING = 1, 35 36 // An up-to-date OCSP response was stapled and matched the certificate. 37 PROVIDED = 2, 38 39 // The stapled OCSP response did not have a SUCCESSFUL status. 40 ERROR_RESPONSE = 3, 41 42 // The OCSPResponseData field producedAt was outside the certificate 43 // validity period. 44 BAD_PRODUCED_AT = 4, 45 46 // At least one OCSPSingleResponse was stapled, but none matched the 47 // certificate. 48 NO_MATCHING_RESPONSE = 5, 49 50 // A matching OCSPSingleResponse was stapled, but was either expired or not 51 // yet valid. 52 INVALID_DATE = 6, 53 54 // The OCSPResponse structure could not be parsed. 55 PARSE_RESPONSE_ERROR = 7, 56 57 // The OCSPResponseData structure could not be parsed. 58 PARSE_RESPONSE_DATA_ERROR = 8, 59 60 // Unhandled critical extension in either OCSPResponseData or 61 // OCSPSingleResponse 62 UNHANDLED_CRITICAL_EXTENSION = 9, 63 RESPONSE_STATUS_MAX = UNHANDLED_CRITICAL_EXTENSION 64 }; 65 66 ResponseStatus response_status = NOT_CHECKED; 67 68 // The strictest CertStatus matching the certificate (REVOKED > UNKNOWN > 69 // GOOD). Only valid if |response_status| = PROVIDED. 70 OCSPRevocationStatus revocation_status = OCSPRevocationStatus::UNKNOWN; 71 }; 72 73 } // namespace net 74 75 #endif // NET_CERT_OCSP_VERIFY_RESULT_H_ 76