OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_X509_CERT_TYPES_H_ | 5 #ifndef NET_BASE_X509_CERT_TYPES_H_ |
6 #define NET_BASE_X509_CERT_TYPES_H_ | 6 #define NET_BASE_X509_CERT_TYPES_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <string.h> | 9 #include <string.h> |
10 | 10 |
11 #include <functional> | |
12 #include <iosfwd> | |
13 #include <set> | 11 #include <set> |
14 #include <string> | 12 #include <string> |
15 #include <vector> | 13 #include <vector> |
16 | 14 |
17 #include "base/ref_counted.h" | 15 #include "build/build_config.h" |
18 #include "base/singleton.h" | |
19 #include "base/time.h" | |
20 #include "testing/gtest/include/gtest/gtest_prod.h" | |
21 | 16 |
22 #if defined(OS_WIN) | 17 #if defined(OS_MACOSX) |
23 #include <windows.h> | |
24 #include <wincrypt.h> | |
25 #elif defined(OS_MACOSX) | |
26 #include <Security/x509defs.h> | 18 #include <Security/x509defs.h> |
27 #elif defined(USE_NSS) | |
28 // Forward declaration; real one in <cert.h> | |
29 struct CERTCertificateStr; | |
30 #endif | 19 #endif |
31 | 20 |
32 namespace net { | 21 namespace net { |
33 | 22 |
34 class X509Certificate; | 23 class X509Certificate; |
35 | 24 |
36 // SHA-1 fingerprint (160 bits) of a certificate. | 25 // SHA-1 fingerprint (160 bits) of a certificate. |
37 struct SHA1Fingerprint { | 26 struct SHA1Fingerprint { |
38 bool Equals(const SHA1Fingerprint& other) const { | 27 bool Equals(const SHA1Fingerprint& other) const { |
39 return memcmp(data, other.data, sizeof(data)) == 0; | 28 return memcmp(data, other.data, sizeof(data)) == 0; |
40 } | 29 } |
41 | 30 |
42 unsigned char data[20]; | 31 unsigned char data[20]; |
43 }; | 32 }; |
44 | 33 |
45 class SHA1FingerprintLessThan { | 34 class SHA1FingerprintLessThan { |
46 public: | 35 public: |
47 bool operator() (const SHA1Fingerprint& lhs, | 36 bool operator() (const SHA1Fingerprint& lhs, |
48 const SHA1Fingerprint& rhs) const { | 37 const SHA1Fingerprint& rhs) const { |
49 return memcmp(lhs.data, rhs.data, sizeof(lhs.data)) < 0; | 38 return memcmp(lhs.data, rhs.data, sizeof(lhs.data)) < 0; |
50 } | 39 } |
51 }; | 40 }; |
52 | 41 |
53 // CertPrincipal represents the issuer or subject field of an X.509 certificate. | 42 // CertPrincipal represents the issuer or subject field of an X.509 certificate. |
54 struct CertPrincipal { | 43 struct CertPrincipal { |
55 CertPrincipal(); | 44 CertPrincipal(); |
56 explicit CertPrincipal(const std::string& name); | 45 explicit CertPrincipal(const std::string& name); |
57 ~CertPrincipal(); | 46 ~CertPrincipal(); |
58 | 47 |
| 48 #if defined(OS_MACOSX) |
59 // Parses a BER-format DistinguishedName. | 49 // Parses a BER-format DistinguishedName. |
60 bool ParseDistinguishedName(const void* ber_name_data, size_t length); | 50 bool ParseDistinguishedName(const void* ber_name_data, size_t length); |
61 | 51 |
62 #if defined(OS_MACOSX) | |
63 // Parses a CSSM_X509_NAME struct. | 52 // Parses a CSSM_X509_NAME struct. |
64 void Parse(const CSSM_X509_NAME* name); | 53 void Parse(const CSSM_X509_NAME* name); |
| 54 |
| 55 // Compare this CertPrincipal with |against|, returning true if they're |
| 56 // equal enough to be a possible match. This should NOT be used for any |
| 57 // security relevant decisions. |
| 58 // TODO(rsleevi): Remove once Mac client auth uses NSS for name comparison. |
| 59 bool Matches(const CertPrincipal& against) const; |
65 #endif | 60 #endif |
66 | 61 |
67 // Returns true if all attributes of the two objects match, | |
68 // where "match" is defined in RFC 5280 sec. 7.1. | |
69 bool Matches(const CertPrincipal& against) const; | |
70 | |
71 // Returns a name that can be used to represent the issuer. It tries in this | 62 // Returns a name that can be used to represent the issuer. It tries in this |
72 // order: CN, O and OU and returns the first non-empty one found. | 63 // order: CN, O and OU and returns the first non-empty one found. |
73 std::string GetDisplayName() const; | 64 std::string GetDisplayName() const; |
74 | 65 |
75 // The different attributes for a principal. They may be "". | 66 // The different attributes for a principal. They may be "". |
76 // Note that some of them can have several values. | 67 // Note that some of them can have several values. |
77 | 68 |
78 std::string common_name; | 69 std::string common_name; |
79 std::string locality_name; | 70 std::string locality_name; |
80 std::string state_or_province_name; | 71 std::string state_or_province_name; |
81 std::string country_name; | 72 std::string country_name; |
82 | 73 |
83 std::vector<std::string> street_addresses; | 74 std::vector<std::string> street_addresses; |
84 std::vector<std::string> organization_names; | 75 std::vector<std::string> organization_names; |
85 std::vector<std::string> organization_unit_names; | 76 std::vector<std::string> organization_unit_names; |
86 std::vector<std::string> domain_components; | 77 std::vector<std::string> domain_components; |
87 }; | 78 }; |
88 | 79 |
89 // Writes a human-readable description of a CertPrincipal, for debugging. | |
90 std::ostream& operator<<(std::ostream& s, const CertPrincipal& p); | |
91 | |
92 // This class is useful for maintaining policies about which certificates are | 80 // This class is useful for maintaining policies about which certificates are |
93 // permitted or forbidden for a particular purpose. | 81 // permitted or forbidden for a particular purpose. |
94 class CertPolicy { | 82 class CertPolicy { |
95 public: | 83 public: |
96 // The judgments this policy can reach. | 84 // The judgments this policy can reach. |
97 enum Judgment { | 85 enum Judgment { |
98 // We don't have policy information for this certificate. | 86 // We don't have policy information for this certificate. |
99 UNKNOWN, | 87 UNKNOWN, |
100 | 88 |
101 // This certificate is allowed. | 89 // This certificate is allowed. |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
135 // Compares two OIDs by value. | 123 // Compares two OIDs by value. |
136 inline bool CSSMOIDEqual(const CSSM_OID* oid1, const CSSM_OID* oid2) { | 124 inline bool CSSMOIDEqual(const CSSM_OID* oid1, const CSSM_OID* oid2) { |
137 return oid1->Length == oid2->Length && | 125 return oid1->Length == oid2->Length && |
138 (memcmp(oid1->Data, oid2->Data, oid1->Length) == 0); | 126 (memcmp(oid1->Data, oid2->Data, oid1->Length) == 0); |
139 } | 127 } |
140 #endif | 128 #endif |
141 | 129 |
142 } // namespace net | 130 } // namespace net |
143 | 131 |
144 #endif // NET_BASE_X509_CERT_TYPES_H_ | 132 #endif // NET_BASE_X509_CERT_TYPES_H_ |
OLD | NEW |