1 // Copyright 2016 The Chromium Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #ifndef BSSL_PKI_CERT_ISSUER_SOURCE_H_
16 #define BSSL_PKI_CERT_ISSUER_SOURCE_H_
17 
18 #include <memory>
19 #include <vector>
20 
21 #include <openssl/base.h>
22 
23 #include "parsed_certificate.h"
24 
25 BSSL_NAMESPACE_BEGIN
26 
27 // Interface for looking up issuers of a certificate during path building.
28 // Provides a synchronous and asynchronous method for retrieving issuers, so the
29 // path builder can try to complete synchronously first. The caller is expected
30 // to call SyncGetIssuersOf first, see if it can make progress with those
31 // results, and if not, then fall back to calling AsyncGetIssuersOf.
32 // An implementations may choose to return results from either one of the Get
33 // methods, or from both.
34 class OPENSSL_EXPORT CertIssuerSource {
35  public:
36   class OPENSSL_EXPORT Request {
37    public:
38     Request() = default;
39 
40     Request(const Request &) = delete;
41     Request &operator=(const Request &) = delete;
42 
43     // Destruction of the Request cancels it.
44     virtual ~Request() = default;
45 
46     // Retrieves issuers and appends them to |issuers|.
47     //
48     // GetNext should be called again to retrieve any remaining issuers.
49     //
50     // If no issuers are left then |issuers| will not be modified. This
51     // indicates that the issuers have been exhausted and GetNext() should
52     // not be called again.
53     virtual void GetNext(ParsedCertificateList *issuers) = 0;
54   };
55 
56   virtual ~CertIssuerSource() = default;
57 
58   // Finds certificates whose Subject matches |cert|'s Issuer.
59   // Matches are appended to |issuers|. Any existing contents of |issuers| will
60   // not be modified. If the implementation does not support synchronous
61   // lookups, or if there are no matches, |issuers| is not modified.
62   virtual void SyncGetIssuersOf(const ParsedCertificate *cert,
63                                 ParsedCertificateList *issuers) = 0;
64 
65   // Finds certificates whose Subject matches |cert|'s Issuer.
66   // If the implementation does not support asynchronous lookups or can
67   // determine synchronously that it would return no results, |*out_req|
68   // will be set to nullptr.
69   //
70   // Otherwise a request is started and saved to |out_req|. The results can be
71   // read through the Request interface.
72   virtual void AsyncGetIssuersOf(const ParsedCertificate *cert,
73                                  std::unique_ptr<Request> *out_req) = 0;
74 };
75 
76 BSSL_NAMESPACE_END
77 
78 #endif  // BSSL_PKI_CERT_ISSUER_SOURCE_H_
79