1 /* 2 * Copyright (C) 2021 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <openssl/ssl.h> 20 #include <utils/Errors.h> 21 22 namespace android { 23 24 // An interface with a function that verifies a peer certificate. It is a wrapper over the custom 25 // verify function (see SSL_CTX_set_custom_verify). 26 class RpcCertificateVerifier { 27 public: 28 virtual ~RpcCertificateVerifier() = default; 29 30 // The implementation may use the following function to get 31 // the peer certificate and chain: 32 // - SSL_get_peer_certificate 33 // - SSL_get_peer_cert_chain 34 // - SSL_get_peer_full_cert_chain 35 // 36 // The implementation should return OK on success or error codes on error. For example: 37 // - PERMISSION_DENIED for rejected certificates 38 // - NO_INIT for not presenting a certificate when requested 39 // - UNKNOWN_ERROR for other errors 40 virtual status_t verify(const SSL* ssl, uint8_t* outAlert) = 0; 41 }; 42 43 } // namespace android 44