OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_X509_CERTIFICATE_H_ | 5 #ifndef NET_BASE_X509_CERTIFICATE_H_ |
6 #define NET_BASE_X509_CERTIFICATE_H_ | 6 #define NET_BASE_X509_CERTIFICATE_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <string.h> | 9 #include <string.h> |
10 | 10 |
(...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
160 // Create a self-signed certificate containing the public key in |key|. | 160 // Create a self-signed certificate containing the public key in |key|. |
161 // Subject, serial number and validity period are given as parameters. | 161 // Subject, serial number and validity period are given as parameters. |
162 // The certificate is signed by the private key in |key|. The hashing | 162 // The certificate is signed by the private key in |key|. The hashing |
163 // algorithm for the signature is SHA-1. | 163 // algorithm for the signature is SHA-1. |
164 // | 164 // |
165 // |subject| is a distinguished name defined in RFC4514. | 165 // |subject| is a distinguished name defined in RFC4514. |
166 // | 166 // |
167 // An example: | 167 // An example: |
168 // CN=Michael Wong,O=FooBar Corporation,DC=foobar,DC=com | 168 // CN=Michael Wong,O=FooBar Corporation,DC=foobar,DC=com |
169 // | 169 // |
170 // SECURUITY WARNING | 170 // SECURITY WARNING |
171 // | 171 // |
172 // Using self-signed certificates has the following security risks: | 172 // Using self-signed certificates has the following security risks: |
173 // 1. Encryption without authentication and thus vulnerable to | 173 // 1. Encryption without authentication and thus vulnerable to |
174 // man-in-the-middle attacks. | 174 // man-in-the-middle attacks. |
175 // 2. Self-signed certificates cannot be revoked. | 175 // 2. Self-signed certificates cannot be revoked. |
176 // | 176 // |
177 // Use this certificate only after the above risks are acknowledged. | 177 // Use this certificate only after the above risks are acknowledged. |
178 static X509Certificate* CreateSelfSigned(base::RSAPrivateKey* key, | 178 static X509Certificate* CreateSelfSigned(base::RSAPrivateKey* key, |
179 const std::string& subject, | 179 const std::string& subject, |
180 uint32 serial_number, | 180 uint32 serial_number, |
(...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
316 // specific |format|. Returns an empty collection on failure. | 316 // specific |format|. Returns an empty collection on failure. |
317 static OSCertHandles CreateOSCertHandlesFromBytes( | 317 static OSCertHandles CreateOSCertHandlesFromBytes( |
318 const char* data, int length, Format format); | 318 const char* data, int length, Format format); |
319 | 319 |
320 // Duplicates (or adds a reference to) an OS certificate handle. | 320 // Duplicates (or adds a reference to) an OS certificate handle. |
321 static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle); | 321 static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle); |
322 | 322 |
323 // Frees (or releases a reference to) an OS certificate handle. | 323 // Frees (or releases a reference to) an OS certificate handle. |
324 static void FreeOSCertHandle(OSCertHandle cert_handle); | 324 static void FreeOSCertHandle(OSCertHandle cert_handle); |
325 | 325 |
326 // IsSHA1HashInArray returns true iff |hash| is in |array|, a sorted array of | |
327 // SHA1 hashes. | |
328 static bool IsSHA1HashInSortedArray(const uint8 hash[20], const uint8* array, | |
329 unsigned array_byte_len); | |
wtc
2011/04/06 04:28:38
This method should be private.
You may be able to
agl
2011/04/06 19:02:02
Done, although this means that the IsIssuedByKnown
| |
330 | |
326 private: | 331 private: |
327 friend class base::RefCountedThreadSafe<X509Certificate>; | 332 friend class base::RefCountedThreadSafe<X509Certificate>; |
328 friend class TestRootCerts; // For unit tests | 333 friend class TestRootCerts; // For unit tests |
329 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, Cache); | 334 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, Cache); |
330 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, IntermediateCertificates); | 335 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, IntermediateCertificates); |
331 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, SerialNumbers); | 336 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, SerialNumbers); |
332 FRIEND_TEST_ALL_PREFIXES(X509CertificateNameVerifyTest, VerifyHostname); | 337 FRIEND_TEST_ALL_PREFIXES(X509CertificateNameVerifyTest, VerifyHostname); |
333 | 338 |
334 // Construct an X509Certificate from a handle to the certificate object | 339 // Construct an X509Certificate from a handle to the certificate object |
335 // in the underlying crypto library. | 340 // in the underlying crypto library. |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
411 | 416 |
412 // Where the certificate comes from. | 417 // Where the certificate comes from. |
413 Source source_; | 418 Source source_; |
414 | 419 |
415 DISALLOW_COPY_AND_ASSIGN(X509Certificate); | 420 DISALLOW_COPY_AND_ASSIGN(X509Certificate); |
416 }; | 421 }; |
417 | 422 |
418 } // namespace net | 423 } // namespace net |
419 | 424 |
420 #endif // NET_BASE_X509_CERTIFICATE_H_ | 425 #endif // NET_BASE_X509_CERTIFICATE_H_ |
OLD | NEW |