OLD | NEW |
---|---|
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_X509_CERTIFICATE_H_ | 5 #ifndef NET_BASE_X509_CERTIFICATE_H_ |
6 #define NET_BASE_X509_CERTIFICATE_H_ | 6 #define NET_BASE_X509_CERTIFICATE_H_ |
7 | 7 |
8 #include <set> | 8 #include <set> |
9 #include <string> | 9 #include <string> |
10 #include <vector> | 10 #include <vector> |
11 | 11 |
12 #include "base/ref_counted.h" | 12 #include "base/ref_counted.h" |
13 #include "base/time.h" | 13 #include "base/time.h" |
14 | 14 |
15 #if defined(OS_WIN) | 15 #if defined(OS_WIN) |
16 #include <windows.h> | 16 #include <windows.h> |
17 #include <wincrypt.h> | 17 #include <wincrypt.h> |
18 #elif defined(OS_MACOSX) | |
19 #include <Security/Security.h> | |
18 #endif | 20 #endif |
19 | 21 |
20 class Pickle; | 22 class Pickle; |
21 | 23 |
22 namespace net { | 24 namespace net { |
23 | 25 |
24 // X509Certificate represents an X.509 certificate used by SSL. | 26 // X509Certificate represents an X.509 certificate used by SSL. |
25 class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { | 27 class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { |
26 public: | 28 public: |
27 // SHA-1 fingerprint (160 bits) of a certificate. | 29 // SHA-1 fingerprint (160 bits) of a certificate. |
28 struct Fingerprint { | 30 struct Fingerprint { |
29 unsigned char data[20]; | 31 unsigned char data[20]; |
30 }; | 32 }; |
31 | 33 |
32 class FingerprintLessThan | 34 class FingerprintLessThan |
33 : public std::binary_function<Fingerprint, Fingerprint, bool> { | 35 : public std::binary_function<Fingerprint, Fingerprint, bool> { |
34 public: | 36 public: |
35 bool operator() (const Fingerprint& lhs, const Fingerprint& rhs) const; | 37 bool operator() (const Fingerprint& lhs, const Fingerprint& rhs) const; |
36 }; | 38 }; |
37 | 39 |
38 // Predicate functor used in maps when X509Certificate is used as the key. | 40 // Predicate functor used in maps when X509Certificate is used as the key. |
39 class LessThan | 41 class LessThan |
40 : public std::binary_function<X509Certificate*, X509Certificate*, bool> { | 42 : public std::binary_function<X509Certificate*, X509Certificate*, bool> { |
41 public: | 43 public: |
42 bool operator() (X509Certificate* lhs, X509Certificate* rhs) const; | 44 bool operator() (X509Certificate* lhs, X509Certificate* rhs) const; |
43 }; | 45 }; |
44 | 46 |
45 #if defined(OS_WIN) | 47 #if defined(OS_WIN) |
46 typedef PCCERT_CONTEXT OSCertHandle; | 48 typedef PCCERT_CONTEXT OSCertHandle; |
49 #elif defined(OS_MACOSX) | |
50 typedef SecCertificateRef OSCertHandle; | |
47 #else | 51 #else |
48 // TODO(ericroman): not implemented | 52 // TODO(ericroman): not implemented |
49 typedef void* OSCertHandle; | 53 typedef void* OSCertHandle; |
50 #endif | 54 #endif |
51 | 55 |
52 // Principal represent an X.509 principal. | 56 // Principal represent an X.509 principal. |
53 struct Principal { | 57 struct Principal { |
54 Principal() { } | 58 Principal() { } |
55 explicit Principal(std::string name) : common_name(name) { } | 59 explicit Principal(std::string name) : common_name(name) { } |
56 | 60 |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
95 | 99 |
96 private: | 100 private: |
97 // The set of fingerprints of allowed certificates. | 101 // The set of fingerprints of allowed certificates. |
98 std::set<Fingerprint, FingerprintLessThan> allowed_; | 102 std::set<Fingerprint, FingerprintLessThan> allowed_; |
99 | 103 |
100 // The set of fingerprints of denied certificates. | 104 // The set of fingerprints of denied certificates. |
101 std::set<Fingerprint, FingerprintLessThan> denied_; | 105 std::set<Fingerprint, FingerprintLessThan> denied_; |
102 }; | 106 }; |
103 | 107 |
104 // Create an X509Certificate from a handle to the certificate object | 108 // Create an X509Certificate from a handle to the certificate object |
105 // in the underlying crypto library. | 109 // in the underlying crypto library. This is a transfer of ownership; |
110 // X509Certificate will properly dispose of |cert_handle| for you. | |
106 static X509Certificate* CreateFromHandle(OSCertHandle cert_handle); | 111 static X509Certificate* CreateFromHandle(OSCertHandle cert_handle); |
107 | 112 |
108 // Create an X509Certificate from the representation stored in the given | 113 // Create an X509Certificate from the representation stored in the given |
109 // pickle. The data for this object is found relative to the given | 114 // pickle. The data for this object is found relative to the given |
110 // pickle_iter, which should be passed to the pickle's various Read* methods. | 115 // pickle_iter, which should be passed to the pickle's various Read* methods. |
116 // Returns NULL on failure. | |
111 static X509Certificate* CreateFromPickle(const Pickle& pickle, | 117 static X509Certificate* CreateFromPickle(const Pickle& pickle, |
112 void** pickle_iter); | 118 void** pickle_iter); |
113 | 119 |
114 // Creates a X509Certificate from the ground up. Used by tests that simulate | 120 // Creates a X509Certificate from the ground up. Used by tests that simulate |
115 // SSL connections. | 121 // SSL connections. |
116 X509Certificate(std::string subject, std::string issuer, | 122 X509Certificate(std::string subject, std::string issuer, |
117 Time start_date, Time expiration_date); | 123 Time start_date, Time expiration_date); |
118 | 124 |
119 // Appends a representation of this object to the given pickle. | 125 // Appends a representation of this object to the given pickle. |
120 void Persist(Pickle* pickle); | 126 void Persist(Pickle* pickle); |
121 | 127 |
122 // The subject of the certificate. For HTTPS server certificates, this | 128 // The subject of the certificate. For HTTPS server certificates, this |
123 // represents the web server. The common name of the subject should match | 129 // represents the web server. The common name of the subject should match |
124 // the host name of the web server. | 130 // the host name of the web server. |
125 const Principal& subject() const { return subject_; } | 131 const Principal& subject() const { return subject_; } |
126 | 132 |
127 // The issuer of the certificate. | 133 // The issuer of the certificate. |
128 const Principal& issuer() const { return issuer_; } | 134 const Principal& issuer() const { return issuer_; } |
129 | 135 |
136 #if defined(OS_WIN) | |
Amanda Walker
2008/09/18 16:14:43
Since you wrote code to extract individual fields
wtc
2008/09/18 20:37:55
I believe the valid_start() and valid_expiry() met
Avi (use Gerrit)
2008/09/18 20:48:17
No, they are not. valid_start() isn't used anywher
| |
130 // Time period during which the certificate is valid. More precisely, this | 137 // Time period during which the certificate is valid. More precisely, this |
131 // certificate is invalid before the |valid_start| date and invalid after | 138 // certificate is invalid before the |valid_start| date and invalid after |
132 // the |valid_expiry| date. | 139 // the |valid_expiry| date. |
133 // If we were unable to parse either date from the certificate (or if the cert | 140 // If we were unable to parse either date from the certificate (or if the cert |
134 // lacks either date), the date will be null (i.e., is_null() will be true). | 141 // lacks either date), the date will be null (i.e., is_null() will be true). |
135 const Time& valid_start() const { return valid_start_; } | 142 const Time& valid_start() const { return valid_start_; } |
136 const Time& valid_expiry() const { return valid_expiry_; } | 143 const Time& valid_expiry() const { return valid_expiry_; } |
144 #endif | |
137 | 145 |
138 // The fingerprint of this certificate. | 146 // The fingerprint of this certificate. |
139 const Fingerprint& fingerprint() const { return fingerprint_; } | 147 const Fingerprint& fingerprint() const { return fingerprint_; } |
140 | 148 |
141 // Gets the DNS names in the certificate. Pursuant to RFC 2818, Section 3.1 | 149 // Gets the DNS names in the certificate. Pursuant to RFC 2818, Section 3.1 |
142 // Server Identity, if the certificate has a subjectAltName extension of | 150 // Server Identity, if the certificate has a subjectAltName extension of |
143 // type dNSName, this method gets the DNS names in that extension. | 151 // type dNSName, this method gets the DNS names in that extension. |
144 // Otherwise, it gets the common name in the subject field. | 152 // Otherwise, it gets the common name in the subject field. |
145 void GetDNSNames(std::vector<std::string>* dns_names) const; | 153 void GetDNSNames(std::vector<std::string>* dns_names) const; |
146 | 154 |
155 #if defined(OS_WIN) | |
Amanda Walker
2008/09/18 16:14:43
Same comment as above: we should either implement
| |
147 // Convenience method that returns whether this certificate has expired as of | 156 // Convenience method that returns whether this certificate has expired as of |
148 // now. | 157 // now. |
149 bool HasExpired() const; | 158 bool HasExpired() const; |
159 #endif | |
150 | 160 |
151 // Returns true if the certificate is an extended-validation (EV) | 161 // Returns true if the certificate is an extended-validation (EV) |
152 // certificate. | 162 // certificate. |
153 bool IsEV(int cert_status) const; | 163 bool IsEV(int cert_status) const; |
154 | 164 |
155 OSCertHandle os_cert_handle() const { return cert_handle_; } | 165 OSCertHandle os_cert_handle() const { return cert_handle_; } |
156 | 166 |
157 private: | 167 private: |
158 // A cache of X509Certificate objects. | 168 // A cache of X509Certificate objects. |
159 class Cache; | 169 class Cache; |
160 | 170 |
161 // Construct an X509Certificate from a handle to the certificate object | 171 // Construct an X509Certificate from a handle to the certificate object |
162 // in the underlying crypto library. | 172 // in the underlying crypto library. |
163 explicit X509Certificate(OSCertHandle cert_handle); | 173 explicit X509Certificate(OSCertHandle cert_handle); |
164 | 174 |
165 friend class base::RefCountedThreadSafe<X509Certificate>; | 175 friend class base::RefCountedThreadSafe<X509Certificate>; |
166 ~X509Certificate(); | 176 ~X509Certificate(); |
167 | 177 |
168 // Common object initialization code. Called by the constructors only. | 178 // Common object initialization code. Called by the constructors only. |
169 void Initialize(); | 179 void Initialize(); |
170 | 180 |
181 #if defined(OS_WIN) | |
171 // Helper function to parse a principal from a WinInet description of that | 182 // Helper function to parse a principal from a WinInet description of that |
172 // principal. | 183 // principal. |
173 static void ParsePrincipal(const std::string& description, | 184 static void ParsePrincipal(const std::string& description, |
174 Principal* principal); | 185 Principal* principal); |
186 #endif | |
Amanda Walker
2008/09/18 16:14:43
Add a declaration for the Mac version, mostly to k
| |
175 | 187 |
176 // The subject of the certificate. | 188 // The subject of the certificate. |
177 Principal subject_; | 189 Principal subject_; |
178 | 190 |
179 // The issuer of the certificate. | 191 // The issuer of the certificate. |
180 Principal issuer_; | 192 Principal issuer_; |
181 | 193 |
194 #if defined(OS_WIN) | |
182 // This certificate is not valid before |valid_start_| | 195 // This certificate is not valid before |valid_start_| |
183 Time valid_start_; | 196 Time valid_start_; |
184 | 197 |
185 // This certificate is not valid after |valid_expiry_| | 198 // This certificate is not valid after |valid_expiry_| |
186 Time valid_expiry_; | 199 Time valid_expiry_; |
200 #endif | |
187 | 201 |
188 // The fingerprint of this certificate. | 202 // The fingerprint of this certificate. |
189 Fingerprint fingerprint_; | 203 Fingerprint fingerprint_; |
190 | 204 |
191 // A handle to the certificate object in the underlying crypto library. | 205 // A handle to the certificate object in the underlying crypto library. |
192 OSCertHandle cert_handle_; | 206 OSCertHandle cert_handle_; |
193 | 207 |
194 DISALLOW_EVIL_CONSTRUCTORS(X509Certificate); | 208 DISALLOW_COPY_AND_ASSIGN(X509Certificate); |
195 }; | 209 }; |
196 | 210 |
197 } // namespace net | 211 } // namespace net |
198 | 212 |
199 #endif // NET_BASE_X509_CERTIFICATE_H_ | 213 #endif // NET_BASE_X509_CERTIFICATE_H_ |
200 | 214 |
OLD | NEW |