unplugged-system/external/cronet/net/cert/pki/simple_path_builder_delegate.h

// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef NET_CERT_PKI_SIMPLE_PATH_BUILDER_DELEGATE_H_
#define NET_CERT_PKI_SIMPLE_PATH_BUILDER_DELEGATE_H_

#include <stddef.h>

#include "net/base/net_export.h"
#include "net/cert/pki/path_builder.h"
#include "net/cert/pki/signature_algorithm.h"
#include "net/cert/pki/signature_verify_cache.h"

namespace net {

class CertErrors;

// SimplePathBuilderDelegate is an implementation of CertPathBuilderDelegate
// that uses some default policies:
//
//   * RSA public keys must be >= |min_rsa_modulus_length_bits|.
//   * Signature algorithm can be RSA PKCS#1, RSASSA-PSS or ECDSA
//   * Digest algorithm can be SHA256, SHA348 or SHA512.
//       * If the |digest_policy| was set to kAllowSha1, then SHA1 is
//         additionally accepted.
//   * EC named curve can be P-256, P-384, P-521.
class NET_EXPORT SimplePathBuilderDelegate : public CertPathBuilderDelegate {
 public:
  enum class DigestPolicy {
    // Accepts digests of SHA256, SHA348 or SHA512
    kStrong,

    // Accepts everything that kStrong does, plus SHA1.
    kWeakAllowSha1,

    kMaxValue = kWeakAllowSha1
  };

  // Error emitted when a public key is rejected because it is an RSA key with a
  // modulus size that is too small.
  static const CertErrorId kRsaModulusTooSmall;

  SimplePathBuilderDelegate(size_t min_rsa_modulus_length_bits,
                            DigestPolicy digest_policy);

  // Accepts RSA PKCS#1, RSASSA-PSS or ECDA using any of the SHA* digests
  // (including SHA1).
  bool IsSignatureAlgorithmAcceptable(SignatureAlgorithm signature_algorithm,
                                      CertErrors* errors) override;

  // Requires RSA keys be >= |min_rsa_modulus_length_bits_|.
  bool IsPublicKeyAcceptable(EVP_PKEY* public_key, CertErrors* errors) override;

  // No-op implementation.
  void CheckPathAfterVerification(const CertPathBuilder& path_builder,
                                  CertPathBuilderResultPath* path) override;

  // No-op implementation.
  bool IsDeadlineExpired() override;

  // No-op implementation.
  SignatureVerifyCache* GetVerifyCache() override;

 private:
  const size_t min_rsa_modulus_length_bits_;
  const DigestPolicy digest_policy_;
};

}  // namespace net

#endif  // NET_CERT_PKI_SIMPLE_PATH_BUILDER_DELEGATE_H_
Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00			`// Copyright 2017 The Chromium Authors`
			`// Use of this source code is governed by a BSD-style license that can be`
			`// found in the LICENSE file.`

			`#ifndef NET_CERT_PKI_SIMPLE_PATH_BUILDER_DELEGATE_H_`
			`#define NET_CERT_PKI_SIMPLE_PATH_BUILDER_DELEGATE_H_`

			`#include <stddef.h>`

			`#include "net/base/net_export.h"`
			`#include "net/cert/pki/path_builder.h"`
			`#include "net/cert/pki/signature_algorithm.h"`
			`#include "net/cert/pki/signature_verify_cache.h"`

			`namespace net {`

			`class CertErrors;`

			`// SimplePathBuilderDelegate is an implementation of CertPathBuilderDelegate`
			`// that uses some default policies:`
			`//`
			`// * RSA public keys must be >= \|min_rsa_modulus_length_bits\|.`
			`// * Signature algorithm can be RSA PKCS#1, RSASSA-PSS or ECDSA`
			`// * Digest algorithm can be SHA256, SHA348 or SHA512.`
			`// * If the \|digest_policy\| was set to kAllowSha1, then SHA1 is`
			`// additionally accepted.`
			`// * EC named curve can be P-256, P-384, P-521.`
			`class NET_EXPORT SimplePathBuilderDelegate : public CertPathBuilderDelegate {`
			`public:`
			`enum class DigestPolicy {`
			`// Accepts digests of SHA256, SHA348 or SHA512`
			`kStrong,`

			`// Accepts everything that kStrong does, plus SHA1.`
			`kWeakAllowSha1,`

			`kMaxValue = kWeakAllowSha1`
			`};`

			`// Error emitted when a public key is rejected because it is an RSA key with a`
			`// modulus size that is too small.`
			`static const CertErrorId kRsaModulusTooSmall;`

			`SimplePathBuilderDelegate(size_t min_rsa_modulus_length_bits,`
			`DigestPolicy digest_policy);`

			`// Accepts RSA PKCS#1, RSASSA-PSS or ECDA using any of the SHA* digests`
			`// (including SHA1).`
			`bool IsSignatureAlgorithmAcceptable(SignatureAlgorithm signature_algorithm,`
			`CertErrors* errors) override;`

			`// Requires RSA keys be >= \|min_rsa_modulus_length_bits_\|.`
			`bool IsPublicKeyAcceptable(EVP_PKEY* public_key, CertErrors* errors) override;`

			`// No-op implementation.`
			`void CheckPathAfterVerification(const CertPathBuilder& path_builder,`
			`CertPathBuilderResultPath* path) override;`

			`// No-op implementation.`
			`bool IsDeadlineExpired() override;`

			`// No-op implementation.`
			`SignatureVerifyCache* GetVerifyCache() override;`

			`private:`
			`const size_t min_rsa_modulus_length_bits_;`
			`const DigestPolicy digest_policy_;`
			`};`

			`} // namespace net`

			`#endif // NET_CERT_PKI_SIMPLE_PATH_BUILDER_DELEGATE_H_`