OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_X509_CERTIFICATE_H_ | 5 #ifndef NET_BASE_X509_CERTIFICATE_H_ |
6 #define NET_BASE_X509_CERTIFICATE_H_ | 6 #define NET_BASE_X509_CERTIFICATE_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <string.h> | 9 #include <string.h> |
10 | 10 |
(...skipping 305 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
316 // specific |format|. Returns an empty collection on failure. | 316 // specific |format|. Returns an empty collection on failure. |
317 static OSCertHandles CreateOSCertHandlesFromBytes( | 317 static OSCertHandles CreateOSCertHandlesFromBytes( |
318 const char* data, int length, Format format); | 318 const char* data, int length, Format format); |
319 | 319 |
320 // Duplicates (or adds a reference to) an OS certificate handle. | 320 // Duplicates (or adds a reference to) an OS certificate handle. |
321 static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle); | 321 static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle); |
322 | 322 |
323 // Frees (or releases a reference to) an OS certificate handle. | 323 // Frees (or releases a reference to) an OS certificate handle. |
324 static void FreeOSCertHandle(OSCertHandle cert_handle); | 324 static void FreeOSCertHandle(OSCertHandle cert_handle); |
325 | 325 |
326 // Gets the complete cert chain (including root and intermediaries). | |
327 // The returned chain must be freed with DestroyCertChain. | |
328 static void GetCertChainFromCert(OSCertHandle cert_handle, | |
329 OSCertHandles* cert_handles); | |
330 | |
331 // Frees a cert chain. | |
332 static void DestroyCertChain(OSCertHandles* cert_handles); | |
abarth-chromium
2011/04/04 22:49:36
We should probably have a stack-allocated, scoped
| |
333 | |
334 // Calculates the SHA-1 fingerprint of the certificate. Returns an empty | |
335 // (all zero) fingerprint on failure. | |
336 static SHA1Fingerprint CalculateFingerprint(OSCertHandle cert_handle); | |
337 | |
326 private: | 338 private: |
327 friend class base::RefCountedThreadSafe<X509Certificate>; | 339 friend class base::RefCountedThreadSafe<X509Certificate>; |
328 friend class TestRootCerts; // For unit tests | 340 friend class TestRootCerts; // For unit tests |
329 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, Cache); | 341 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, Cache); |
330 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, IntermediateCertificates); | 342 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, IntermediateCertificates); |
331 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, SerialNumbers); | 343 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, SerialNumbers); |
332 FRIEND_TEST_ALL_PREFIXES(X509CertificateNameVerifyTest, VerifyHostname); | 344 FRIEND_TEST_ALL_PREFIXES(X509CertificateNameVerifyTest, VerifyHostname); |
333 | 345 |
334 // Construct an X509Certificate from a handle to the certificate object | 346 // Construct an X509Certificate from a handle to the certificate object |
335 // in the underlying crypto library. | 347 // in the underlying crypto library. |
(...skipping 10 matching lines...) Expand all Loading... | |
346 const char* policy_oid) const; | 358 const char* policy_oid) const; |
347 #endif | 359 #endif |
348 bool VerifyEV() const; | 360 bool VerifyEV() const; |
349 | 361 |
350 #if defined(USE_OPENSSL) | 362 #if defined(USE_OPENSSL) |
351 // Resets the store returned by cert_store() to default state. Used by | 363 // Resets the store returned by cert_store() to default state. Used by |
352 // TestRootCerts to undo modifications. | 364 // TestRootCerts to undo modifications. |
353 static void ResetCertStore(); | 365 static void ResetCertStore(); |
354 #endif | 366 #endif |
355 | 367 |
356 // Calculates the SHA-1 fingerprint of the certificate. Returns an empty | |
357 // (all zero) fingerprint on failure. | |
358 static SHA1Fingerprint CalculateFingerprint(OSCertHandle cert_handle); | |
359 | |
360 // Verifies that |hostname| matches one of the names in |cert_names|, based on | 368 // Verifies that |hostname| matches one of the names in |cert_names|, based on |
361 // TLS name matching rules, specifically following http://tools.ietf.org/html/ draft-saintandre-tls-server-id-check-09#section-4.4.3 | 369 // TLS name matching rules, specifically following http://tools.ietf.org/html/ draft-saintandre-tls-server-id-check-09#section-4.4.3 |
362 // The members of |cert_names| must have been extracted from the Subject CN or | 370 // The members of |cert_names| must have been extracted from the Subject CN or |
363 // SAN fields of a certificate. | 371 // SAN fields of a certificate. |
364 // WARNING: This function may return false negatives (for example, if | 372 // WARNING: This function may return false negatives (for example, if |
365 // |hostname| is an IP address literal) on some platforms. Only | 373 // |hostname| is an IP address literal) on some platforms. Only |
366 // use in cases where some false-positives are acceptible. | 374 // use in cases where some false-positives are acceptible. |
367 static bool VerifyHostname(const std::string& hostname, | 375 static bool VerifyHostname(const std::string& hostname, |
368 const std::vector<std::string>& cert_names); | 376 const std::vector<std::string>& cert_names); |
369 | 377 |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
411 | 419 |
412 // Where the certificate comes from. | 420 // Where the certificate comes from. |
413 Source source_; | 421 Source source_; |
414 | 422 |
415 DISALLOW_COPY_AND_ASSIGN(X509Certificate); | 423 DISALLOW_COPY_AND_ASSIGN(X509Certificate); |
416 }; | 424 }; |
417 | 425 |
418 } // namespace net | 426 } // namespace net |
419 | 427 |
420 #endif // NET_BASE_X509_CERTIFICATE_H_ | 428 #endif // NET_BASE_X509_CERTIFICATE_H_ |
OLD | NEW |