OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_X509_CERTIFICATE_H_ | 5 #ifndef NET_BASE_X509_CERTIFICATE_H_ |
6 #define NET_BASE_X509_CERTIFICATE_H_ | 6 #define NET_BASE_X509_CERTIFICATE_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <string.h> | 9 #include <string.h> |
10 | 10 |
(...skipping 10 matching lines...) Expand all Loading... | |
21 #if defined(OS_WIN) | 21 #if defined(OS_WIN) |
22 #include <windows.h> | 22 #include <windows.h> |
23 #include <wincrypt.h> | 23 #include <wincrypt.h> |
24 #elif defined(OS_MACOSX) | 24 #elif defined(OS_MACOSX) |
25 #include <CoreFoundation/CFArray.h> | 25 #include <CoreFoundation/CFArray.h> |
26 #include <Security/SecBase.h> | 26 #include <Security/SecBase.h> |
27 | 27 |
28 #include "base/synchronization/lock.h" | 28 #include "base/synchronization/lock.h" |
29 #elif defined(USE_OPENSSL) | 29 #elif defined(USE_OPENSSL) |
30 // Forward declaration; real one in <x509.h> | 30 // Forward declaration; real one in <x509.h> |
31 struct x509_st; | 31 typedef struct x509_st X509; |
32 typedef struct x509_store_st X509_STORE; | |
33 #elif defined(USE_NSS) | 32 #elif defined(USE_NSS) |
34 // Forward declaration; real one in <cert.h> | 33 // Forward declaration; real one in <cert.h> |
35 struct CERTCertificateStr; | 34 struct CERTCertificateStr; |
36 #endif | 35 #endif |
37 | 36 |
38 class Pickle; | 37 class Pickle; |
39 | 38 |
40 namespace crypto { | 39 namespace crypto { |
41 class StringPiece; | 40 class StringPiece; |
42 class RSAPrivateKey; | 41 class RSAPrivateKey; |
43 } // namespace crypto | 42 } // namespace crypto |
44 | 43 |
45 namespace net { | 44 namespace net { |
46 | 45 |
47 class CertVerifyResult; | 46 class CertVerifyResult; |
48 | 47 |
49 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; | 48 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; |
50 | 49 |
51 // X509Certificate represents a X.509 certificate, which is comprised a | 50 // X509Certificate represents a X.509 certificate, which is comprised a |
52 // particular identity or end-entity certificate, such as an SSL server | 51 // particular identity or end-entity certificate, such as an SSL server |
53 // identity or an SSL client certificate, and zero or more intermediate | 52 // identity or an SSL client certificate, and zero or more intermediate |
54 // certificates that may be used to build a path to a root certificate. | 53 // certificates that may be used to build a path to a root certificate. |
55 class NET_EXPORT X509Certificate | 54 class NET_EXPORT X509Certificate |
56 : public base::RefCountedThreadSafe<X509Certificate> { | 55 : public base::RefCountedThreadSafe<X509Certificate> { |
57 public: | 56 public: |
58 // A handle to the certificate object in the underlying crypto library. | 57 // An OSCertHandle is a handle to a single certificate object in the |
wtc
2011/10/16 14:55:49
Nit: remove "single". Now that OSCertListHandle i
| |
59 // We assume that OSCertHandle is a pointer type on all platforms and | 58 // underlying crypto library. We assume that OSCertHandle is a pointer type |
60 // NULL is an invalid OSCertHandle. | 59 // on all platforms and that NULL represents an invalid OSCertHandle. |
61 #if defined(OS_WIN) | 60 #if defined(OS_WIN) |
62 typedef PCCERT_CONTEXT OSCertHandle; | 61 typedef PCCERT_CONTEXT OSCertHandle; |
63 #elif defined(OS_MACOSX) | 62 #elif defined(OS_MACOSX) |
64 typedef SecCertificateRef OSCertHandle; | 63 typedef SecCertificateRef OSCertHandle; |
65 #elif defined(USE_OPENSSL) | 64 #elif defined(USE_OPENSSL) |
66 typedef struct x509_st* OSCertHandle; | 65 typedef X509* OSCertHandle; |
67 #elif defined(USE_NSS) | 66 #elif defined(USE_NSS) |
68 typedef struct CERTCertificateStr* OSCertHandle; | 67 typedef struct CERTCertificateStr* OSCertHandle; |
69 #else | 68 #else |
70 // TODO(ericroman): not implemented | 69 // TODO(ericroman): not implemented |
71 typedef void* OSCertHandle; | 70 typedef void* OSCertHandle; |
72 #endif | 71 #endif |
73 | 72 |
74 typedef std::vector<OSCertHandle> OSCertHandles; | 73 typedef std::vector<OSCertHandle> OSCertHandles; |
75 | 74 |
76 // Predicate functor used in maps when X509Certificate is used as the key. | 75 // Predicate functor used in maps when X509Certificate is used as the key. |
(...skipping 263 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
340 // Does not verify that the certificate is valid, only that the certificate | 339 // Does not verify that the certificate is valid, only that the certificate |
341 // matches this host. | 340 // matches this host. |
342 // Returns true if it matches. | 341 // Returns true if it matches. |
343 bool VerifyNameMatch(const std::string& hostname) const; | 342 bool VerifyNameMatch(const std::string& hostname) const; |
344 | 343 |
345 // This method returns the DER encoded certificate. | 344 // This method returns the DER encoded certificate. |
346 // If the return value is true then the DER encoded certificate is available. | 345 // If the return value is true then the DER encoded certificate is available. |
347 // The content of the DER encoded certificate is written to |encoded|. | 346 // The content of the DER encoded certificate is written to |encoded|. |
348 bool GetDEREncoded(std::string* encoded); | 347 bool GetDEREncoded(std::string* encoded); |
349 | 348 |
349 // Returns the current OSCertHandle. | |
wtc
2011/10/16 14:55:49
Nit: "the current OSCertHandle" is not clear. How
| |
350 // Note: On Windows, CryptoAPI may return unexpected results if this handle | |
351 // is used on multiple threads. See x509_util::CreateOSCertChainForCert() in | |
352 // net/base/x509_util_win.h for more details. | |
350 OSCertHandle os_cert_handle() const { return cert_handle_; } | 353 OSCertHandle os_cert_handle() const { return cert_handle_; } |
351 | 354 |
352 // Returns true if two OSCertHandles refer to identical certificates. | 355 // Returns true if two OSCertHandles refer to identical certificates. |
353 static bool IsSameOSCert(OSCertHandle a, OSCertHandle b); | 356 static bool IsSameOSCert(OSCertHandle a, OSCertHandle b); |
354 | 357 |
355 // Creates an OS certificate handle from the BER-encoded representation. | 358 // Creates an OS certificate handle from the BER-encoded representation. |
356 // Returns NULL on failure. | 359 // Returns NULL on failure. |
357 static OSCertHandle CreateOSCertHandleFromBytes(const char* data, | 360 static OSCertHandle CreateOSCertHandleFromBytes(const char* data, |
358 int length); | 361 int length); |
359 | 362 |
(...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
493 // (Marked mutable because it's used in a const method.) | 496 // (Marked mutable because it's used in a const method.) |
494 mutable base::Lock verification_lock_; | 497 mutable base::Lock verification_lock_; |
495 #endif | 498 #endif |
496 | 499 |
497 DISALLOW_COPY_AND_ASSIGN(X509Certificate); | 500 DISALLOW_COPY_AND_ASSIGN(X509Certificate); |
498 }; | 501 }; |
499 | 502 |
500 } // namespace net | 503 } // namespace net |
501 | 504 |
502 #endif // NET_BASE_X509_CERTIFICATE_H_ | 505 #endif // NET_BASE_X509_CERTIFICATE_H_ |
OLD | NEW |