| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_BASE_X509_CERTIFICATE_H_ | 5 #ifndef NET_BASE_X509_CERTIFICATE_H_ |
| 6 #define NET_BASE_X509_CERTIFICATE_H_ | 6 #define NET_BASE_X509_CERTIFICATE_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <string.h> | 9 #include <string.h> |
| 10 | 10 |
| (...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 280 // error is returned. | 280 // error is returned. |
| 281 // | 281 // |
| 282 // |flags| is bitwise OR'd of VerifyFlags. | 282 // |flags| is bitwise OR'd of VerifyFlags. |
| 283 // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation | 283 // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation |
| 284 // checking is performed. If VERIFY_EV_CERT is set in |flags| too, | 284 // checking is performed. If VERIFY_EV_CERT is set in |flags| too, |
| 285 // EV certificate verification is performed. | 285 // EV certificate verification is performed. |
| 286 int Verify(const std::string& hostname, | 286 int Verify(const std::string& hostname, |
| 287 int flags, | 287 int flags, |
| 288 CertVerifyResult* verify_result) const; | 288 CertVerifyResult* verify_result) const; |
| 289 | 289 |
| 290 // Verifies that |hostname| matches this certificate. |
| 291 // Does not verify that the certificate is valid, only that the certificate |
| 292 // matches this host. |
| 293 // Returns true if it matches. |
| 294 // |
| 295 // WARNING: This function may return false negatives (for example, if |
| 296 // |hostname| is an IP address literal) on some platforms. Only |
| 297 // use in cases where some false-positives are acceptible. |
| 298 bool VerifyNameMatch(const std::string& hostname) const; |
| 299 |
| 290 // This method returns the DER encoded certificate. | 300 // This method returns the DER encoded certificate. |
| 291 // If the return value is true then the DER encoded certificate is available. | 301 // If the return value is true then the DER encoded certificate is available. |
| 292 // The content of the DER encoded certificate is written to |encoded|. | 302 // The content of the DER encoded certificate is written to |encoded|. |
| 293 bool GetDEREncoded(std::string* encoded); | 303 bool GetDEREncoded(std::string* encoded); |
| 294 | 304 |
| 295 OSCertHandle os_cert_handle() const { return cert_handle_; } | 305 OSCertHandle os_cert_handle() const { return cert_handle_; } |
| 296 | 306 |
| 297 // Returns true if two OSCertHandles refer to identical certificates. | 307 // Returns true if two OSCertHandles refer to identical certificates. |
| 298 static bool IsSameOSCert(OSCertHandle a, OSCertHandle b); | 308 static bool IsSameOSCert(OSCertHandle a, OSCertHandle b); |
| 299 | 309 |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 338 #if defined(USE_OPENSSL) | 348 #if defined(USE_OPENSSL) |
| 339 // Resets the store returned by cert_store() to default state. Used by | 349 // Resets the store returned by cert_store() to default state. Used by |
| 340 // TestRootCerts to undo modifications. | 350 // TestRootCerts to undo modifications. |
| 341 static void ResetCertStore(); | 351 static void ResetCertStore(); |
| 342 #endif | 352 #endif |
| 343 | 353 |
| 344 // Calculates the SHA-1 fingerprint of the certificate. Returns an empty | 354 // Calculates the SHA-1 fingerprint of the certificate. Returns an empty |
| 345 // (all zero) fingerprint on failure. | 355 // (all zero) fingerprint on failure. |
| 346 static SHA1Fingerprint CalculateFingerprint(OSCertHandle cert_handle); | 356 static SHA1Fingerprint CalculateFingerprint(OSCertHandle cert_handle); |
| 347 | 357 |
| 358 // Verifies that |hostname| matches one of the names in |cert_names|, based on |
| 359 // TLS name matching rules, specifically following http://tools.ietf.org/html/
draft-saintandre-tls-server-id-check-09#section-4.4.3 |
| 360 // The members of |cert_names| must have been extracted from the Subject CN or |
| 361 // SAN fields of a certificate. |
| 362 // WARNING: This function may return false negatives (for example, if |
| 363 // |hostname| is an IP address literal) on some platforms. Only |
| 364 // use in cases where some false-positives are acceptible. |
| 365 static bool VerifyHostname(const std::string& hostname, |
| 366 const std::vector<std::string>& cert_names); |
| 367 |
| 368 |
| 348 // The subject of the certificate. | 369 // The subject of the certificate. |
| 349 CertPrincipal subject_; | 370 CertPrincipal subject_; |
| 350 | 371 |
| 351 // The issuer of the certificate. | 372 // The issuer of the certificate. |
| 352 CertPrincipal issuer_; | 373 CertPrincipal issuer_; |
| 353 | 374 |
| 354 // This certificate is not valid before |valid_start_| | 375 // This certificate is not valid before |valid_start_| |
| 355 base::Time valid_start_; | 376 base::Time valid_start_; |
| 356 | 377 |
| 357 // This certificate is not valid after |valid_expiry_| | 378 // This certificate is not valid after |valid_expiry_| |
| (...skipping 17 matching lines...) Expand all Loading... |
| 375 | 396 |
| 376 // Where the certificate comes from. | 397 // Where the certificate comes from. |
| 377 Source source_; | 398 Source source_; |
| 378 | 399 |
| 379 DISALLOW_COPY_AND_ASSIGN(X509Certificate); | 400 DISALLOW_COPY_AND_ASSIGN(X509Certificate); |
| 380 }; | 401 }; |
| 381 | 402 |
| 382 } // namespace net | 403 } // namespace net |
| 383 | 404 |
| 384 #endif // NET_BASE_X509_CERTIFICATE_H_ | 405 #endif // NET_BASE_X509_CERTIFICATE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6612013:
Add X509Certificate::VerifyCertName(string) API. This will be used... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/