| Index: net/base/x509_certificate.h
|
| ===================================================================
|
| --- net/base/x509_certificate.h (revision 49024)
|
| +++ net/base/x509_certificate.h (working copy)
|
| @@ -82,6 +82,38 @@
|
| VERIFY_EV_CERT = 1 << 1,
|
| };
|
|
|
| + // The format of the certificate, when using CreateFromBytes(). For formats
|
| + // which permit sequences of certificates, the first certificate encountered
|
| + // will be used to initialize the returned X509Certificate, while each
|
| + // additional certificate will be added as intermediate certificates. The
|
| + // certificates should be ordered from most specific (EE) to least specific
|
| + // (Root, if included)
|
| + enum CertificateFormat {
|
| + // The data contains a single DER-encoded certificate.
|
| + FORMAT_DER = 1 << 1,
|
| +
|
| + // The data contains one or more PEM wrapped certificates. Each
|
| + // certificate will be marked using the PEM encoding block name of
|
| + // CERTIFICATE.
|
| + FORMAT_PEM = 1 << 2,
|
| +
|
| + // The data contains a PKCS#7 SignedData structure, whose certificates
|
| + // member is to be used to initialize the certificate and intermediates.
|
| + // This format MAY be further wrapped via PEM encoding, using the PEM
|
| + // encoding block names of PKCS7 or CERTIFICATE
|
| + FORMAT_PKCS7 = 1 << 3,
|
| +
|
| + // The data contains a PKCS#7 ContentInfo structure with the OID set to
|
| + // 2.16.840.1.113730.2.5, which is the OID for netscape-cert-sequence
|
| + // (see https://wiki.mozilla.org/CA:Certificate_Download_Specification).
|
| + FORMAT_LEGACY_NETSCAPE = 1 << 5,
|
| +
|
| + // Automatically detect the format. Any other format flags will be
|
| + // ignored.
|
| + FORMAT_AUTO = FORMAT_DER | FORMAT_PEM | FORMAT_PKCS7 |
|
| + FORMAT_LEGACY_NETSCAPE
|
| + };
|
| +
|
| // Create an X509Certificate from a handle to the certificate object
|
| // in the underlying crypto library. This is a transfer of ownership;
|
| // X509Certificate will properly dispose of |cert_handle| for you.
|
| @@ -90,17 +122,19 @@
|
| // prefers the handle from the network because our HTTP cache isn't
|
| // caching the corresponding intermediate CA certificates yet
|
| // (http://crbug.com/7065).
|
| - // The list of intermediate certificates is ignored under NSS (i.e. Linux.)
|
| // The returned pointer must be stored in a scoped_refptr<X509Certificate>.
|
| static X509Certificate* CreateFromHandle(OSCertHandle cert_handle,
|
| Source source,
|
| const OSCertHandles& intermediates);
|
|
|
| - // Create an X509Certificate from the BER-encoded representation.
|
| - // Returns NULL on failure.
|
| + // Create an X509Certificate from |data| in a specified |format|, which is
|
| + // the bitwise OR of X509Certificate::CertificateFormat. If multiple
|
| + // certificates are present, additional certificates will be stored in the
|
| + // |intermediate_ca_certs_| member.
|
| //
|
| // The returned pointer must be stored in a scoped_refptr<X509Certificate>.
|
| - static X509Certificate* CreateFromBytes(const char* data, int length);
|
| + static X509Certificate* CreateFromBytes(const char* data, size_t length,
|
| + int format);
|
|
|
| // Create an X509Certificate from the representation stored in the given
|
| // pickle. The data for this object is found relative to the given
|
| @@ -148,14 +182,11 @@
|
| // now.
|
| bool HasExpired() const;
|
|
|
| -#if defined(OS_MACOSX) || defined(OS_WIN)
|
| - // Returns intermediate certificates added via AddIntermediateCertificate().
|
| - // Ownership follows the "get" rule: it is the caller's responsibility to
|
| - // retain the elements of the result.
|
| + // Returns intermediate certificates. Ownership follows the "get" rule: it
|
| + // is the caller's responsibility to retain the elements of the result.
|
| const OSCertHandles& GetIntermediateCertificates() const {
|
| return intermediate_ca_certs_;
|
| }
|
| -#endif
|
|
|
| // Returns true if I already contain the given intermediate cert.
|
| bool HasIntermediateCertificate(OSCertHandle cert);
|
| @@ -213,11 +244,17 @@
|
| // Creates an OS certificate handle from the BER-encoded representation.
|
| // Returns NULL on failure.
|
| static OSCertHandle CreateOSCertHandleFromBytes(const char* data,
|
| - int length);
|
| + size_t length);
|
|
|
| // Duplicates (or adds a reference to) an OS certificate handle.
|
| static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle);
|
|
|
| + // Attempts to create one or more OS certificate handles from data encoded
|
| + // in a particular certificate transport format. Returns an empty collection
|
| + // on failure.
|
| + static OSCertHandles CreateOSCertHandlesFromBytes(const char* data,
|
| + size_t length, CertificateFormat format);
|
| +
|
| // Frees (or releases a reference to) an OS certificate handle.
|
| static void FreeOSCertHandle(OSCertHandle cert_handle);
|
|
|
| @@ -286,11 +323,9 @@
|
| // A handle to the certificate object in the underlying crypto library.
|
| OSCertHandle cert_handle_;
|
|
|
| -#if defined(OS_MACOSX) || defined(OS_WIN)
|
| // Untrusted intermediate certificates associated with this certificate
|
| - // that may be needed for chain building. (NSS impl does not need these.)
|
| + // that may be needed for chain building.
|
| OSCertHandles intermediate_ca_certs_;
|
| -#endif
|
|
|
| #if defined(OS_MACOSX)
|
| // Blocks multiple threads from verifying the cert simultaneously.
|
|
|
Chromium Code Reviews
Issue 2668005:
Bring the handling of <keygen> and support for the application/x-x509-user-ce... (Closed)
Base URL: http://src.chromium.org/svn/trunk/src/