• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2016 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_CERT_OCSP_VERIFY_RESULT_H_
6 #define NET_CERT_OCSP_VERIFY_RESULT_H_
7 
8 #include "net/base/net_export.h"
9 #include "net/cert/ocsp_revocation_status.h"
10 
11 namespace net {
12 
13 // The result of OCSP verification. This always contains a ResponseStatus, which
14 // describes whether or not an OCSP response was provided, and response level
15 // errors. It optionally contains an OCSPRevocationStatus when |response_status
16 // = PROVIDED|. For example, a stapled OCSP response matching the certificate,
17 // and indicating a non-revoked status, will have |response_status = PROVIDED|
18 // and |revocation_status = GOOD|. This is populated as part of the certificate
19 // verification process, and should not be modified at other layers.
20 struct NET_EXPORT OCSPVerifyResult {
21   OCSPVerifyResult();
22   OCSPVerifyResult(const OCSPVerifyResult&);
23   ~OCSPVerifyResult();
24 
25   bool operator==(const OCSPVerifyResult& other) const;
26 
27   // This value is histogrammed, so do not re-order or change values, and add
28   // new values at the end.
29   enum ResponseStatus {
30     // OCSP verification was not checked on this connection.
31     NOT_CHECKED = 0,
32 
33     // No OCSPResponse was stapled.
34     MISSING = 1,
35 
36     // An up-to-date OCSP response was stapled and matched the certificate.
37     PROVIDED = 2,
38 
39     // The stapled OCSP response did not have a SUCCESSFUL status.
40     ERROR_RESPONSE = 3,
41 
42     // The OCSPResponseData field producedAt was outside the certificate
43     // validity period.
44     BAD_PRODUCED_AT = 4,
45 
46     // At least one OCSPSingleResponse was stapled, but none matched the
47     // certificate.
48     NO_MATCHING_RESPONSE = 5,
49 
50     // A matching OCSPSingleResponse was stapled, but was either expired or not
51     // yet valid.
52     INVALID_DATE = 6,
53 
54     // The OCSPResponse structure could not be parsed.
55     PARSE_RESPONSE_ERROR = 7,
56 
57     // The OCSPResponseData structure could not be parsed.
58     PARSE_RESPONSE_DATA_ERROR = 8,
59 
60     // Unhandled critical extension in either OCSPResponseData or
61     // OCSPSingleResponse
62     UNHANDLED_CRITICAL_EXTENSION = 9,
63     RESPONSE_STATUS_MAX = UNHANDLED_CRITICAL_EXTENSION
64   };
65 
66   ResponseStatus response_status = NOT_CHECKED;
67 
68   // The strictest CertStatus matching the certificate (REVOKED > UNKNOWN >
69   // GOOD). Only valid if |response_status| = PROVIDED.
70   OCSPRevocationStatus revocation_status = OCSPRevocationStatus::UNKNOWN;
71 };
72 
73 }  // namespace net
74 
75 #endif  // NET_CERT_OCSP_VERIFY_RESULT_H_
76