OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_X509_CERTIFICATE_H_ | 5 #ifndef NET_BASE_X509_CERTIFICATE_H_ |
6 #define NET_BASE_X509_CERTIFICATE_H_ | 6 #define NET_BASE_X509_CERTIFICATE_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <string.h> | 9 #include <string.h> |
10 | 10 |
(...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
160 // Create a self-signed certificate containing the public key in |key|. | 160 // Create a self-signed certificate containing the public key in |key|. |
161 // Subject, serial number and validity period are given as parameters. | 161 // Subject, serial number and validity period are given as parameters. |
162 // The certificate is signed by the private key in |key|. The hashing | 162 // The certificate is signed by the private key in |key|. The hashing |
163 // algorithm for the signature is SHA-1. | 163 // algorithm for the signature is SHA-1. |
164 // | 164 // |
165 // |subject| is a distinguished name defined in RFC4514. | 165 // |subject| is a distinguished name defined in RFC4514. |
166 // | 166 // |
167 // An example: | 167 // An example: |
168 // CN=Michael Wong,O=FooBar Corporation,DC=foobar,DC=com | 168 // CN=Michael Wong,O=FooBar Corporation,DC=foobar,DC=com |
169 // | 169 // |
170 // SECURUITY WARNING | 170 // SECURITY WARNING |
171 // | 171 // |
172 // Using self-signed certificates has the following security risks: | 172 // Using self-signed certificates has the following security risks: |
173 // 1. Encryption without authentication and thus vulnerable to | 173 // 1. Encryption without authentication and thus vulnerable to |
174 // man-in-the-middle attacks. | 174 // man-in-the-middle attacks. |
175 // 2. Self-signed certificates cannot be revoked. | 175 // 2. Self-signed certificates cannot be revoked. |
176 // | 176 // |
177 // Use this certificate only after the above risks are acknowledged. | 177 // Use this certificate only after the above risks are acknowledged. |
178 static X509Certificate* CreateSelfSigned(base::RSAPrivateKey* key, | 178 static X509Certificate* CreateSelfSigned(base::RSAPrivateKey* key, |
179 const std::string& subject, | 179 const std::string& subject, |
180 uint32 serial_number, | 180 uint32 serial_number, |
(...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
337 const OSCertHandles& intermediates); | 337 const OSCertHandles& intermediates); |
338 | 338 |
339 ~X509Certificate(); | 339 ~X509Certificate(); |
340 | 340 |
341 // Common object initialization code. Called by the constructors only. | 341 // Common object initialization code. Called by the constructors only. |
342 void Initialize(); | 342 void Initialize(); |
343 | 343 |
344 #if defined(OS_WIN) | 344 #if defined(OS_WIN) |
345 bool CheckEV(PCCERT_CHAIN_CONTEXT chain_context, | 345 bool CheckEV(PCCERT_CHAIN_CONTEXT chain_context, |
346 const char* policy_oid) const; | 346 const char* policy_oid) const; |
347 bool IsIssuedByKnownRoot(PCCERT_CHAIN_CONTEXT chain_context); | |
348 #endif | |
349 #if defined(OS_MACOSX) | |
350 bool IsIssuedByKnownRoot(CFArrayRef chain); | |
wtc
2011/04/07 05:01:54
IsIssuedByKnownRoot can be a *static* method.
agl
2011/04/07 15:02:49
Done.
| |
347 #endif | 351 #endif |
348 bool VerifyEV() const; | 352 bool VerifyEV() const; |
349 | 353 |
350 #if defined(USE_OPENSSL) | 354 #if defined(USE_OPENSSL) |
351 // Resets the store returned by cert_store() to default state. Used by | 355 // Resets the store returned by cert_store() to default state. Used by |
352 // TestRootCerts to undo modifications. | 356 // TestRootCerts to undo modifications. |
353 static void ResetCertStore(); | 357 static void ResetCertStore(); |
354 #endif | 358 #endif |
355 | 359 |
356 // Calculates the SHA-1 fingerprint of the certificate. Returns an empty | 360 // Calculates the SHA-1 fingerprint of the certificate. Returns an empty |
(...skipping 14 matching lines...) Expand all Loading... | |
371 // NOTE: keep this method private, used by IsBlacklisted only. To simplify | 375 // NOTE: keep this method private, used by IsBlacklisted only. To simplify |
372 // IsBlacklisted, we strip the leading 0 byte of a serial number, used to | 376 // IsBlacklisted, we strip the leading 0 byte of a serial number, used to |
373 // encode a positive DER INTEGER (a signed type) with a most significant bit | 377 // encode a positive DER INTEGER (a signed type) with a most significant bit |
374 // of 1. Other code must not use this method for general purpose until this | 378 // of 1. Other code must not use this method for general purpose until this |
375 // is fixed. | 379 // is fixed. |
376 const std::string& serial_number() const { return serial_number_; } | 380 const std::string& serial_number() const { return serial_number_; } |
377 | 381 |
378 // IsBlacklisted returns true if this certificate is explicitly blacklisted. | 382 // IsBlacklisted returns true if this certificate is explicitly blacklisted. |
379 bool IsBlacklisted() const; | 383 bool IsBlacklisted() const; |
380 | 384 |
385 // IsSHA1HashInSortedArray returns true iff |hash| is in |array|, a sorted | |
386 // array of SHA1 hashes. | |
387 static bool IsSHA1HashInSortedArray(const SHA1Fingerprint& hash, | |
388 const uint8* array, | |
389 size_t array_byte_len); | |
390 | |
381 // The subject of the certificate. | 391 // The subject of the certificate. |
382 CertPrincipal subject_; | 392 CertPrincipal subject_; |
383 | 393 |
384 // The issuer of the certificate. | 394 // The issuer of the certificate. |
385 CertPrincipal issuer_; | 395 CertPrincipal issuer_; |
386 | 396 |
387 // This certificate is not valid before |valid_start_| | 397 // This certificate is not valid before |valid_start_| |
388 base::Time valid_start_; | 398 base::Time valid_start_; |
389 | 399 |
390 // This certificate is not valid after |valid_expiry_| | 400 // This certificate is not valid after |valid_expiry_| |
(...skipping 20 matching lines...) Expand all Loading... | |
411 | 421 |
412 // Where the certificate comes from. | 422 // Where the certificate comes from. |
413 Source source_; | 423 Source source_; |
414 | 424 |
415 DISALLOW_COPY_AND_ASSIGN(X509Certificate); | 425 DISALLOW_COPY_AND_ASSIGN(X509Certificate); |
416 }; | 426 }; |
417 | 427 |
418 } // namespace net | 428 } // namespace net |
419 | 429 |
420 #endif // NET_BASE_X509_CERTIFICATE_H_ | 430 #endif // NET_BASE_X509_CERTIFICATE_H_ |
OLD | NEW |