Chromium Code Reviews Chromium Code Reviews
Issue 8566056:
This applies GUIDs to certificate and key nicknames when (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_BASE_X509_CERTIFICATE_H_ | 5 #ifndef NET_BASE_X509_CERTIFICATE_H_ |
| 6 #define NET_BASE_X509_CERTIFICATE_H_ | 6 #define NET_BASE_X509_CERTIFICATE_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <string.h> | 9 #include <string.h> |
| 10 | 10 |
| (...skipping 13 matching lines...) Expand all Loading... | |
| 24 #elif defined(OS_MACOSX) | 24 #elif defined(OS_MACOSX) |
| 25 #include <CoreFoundation/CFArray.h> | 25 #include <CoreFoundation/CFArray.h> |
| 26 #include <Security/SecBase.h> | 26 #include <Security/SecBase.h> |
| 27 | 27 |
| 28 #include "base/synchronization/lock.h" | 28 #include "base/synchronization/lock.h" |
| 29 #elif defined(USE_OPENSSL) | 29 #elif defined(USE_OPENSSL) |
| 30 // Forward declaration; real one in <x509.h> | 30 // Forward declaration; real one in <x509.h> |
| 31 typedef struct x509_st X509; | 31 typedef struct x509_st X509; |
| 32 typedef struct x509_store_st X509_STORE; | 32 typedef struct x509_store_st X509_STORE; |
| 33 #elif defined(USE_NSS) | 33 #elif defined(USE_NSS) |
| 34 #include "net/base/cert_type.h" | |
|
wtc
2011/12/08 00:07:43
Remove this #include.
Greg Spencer (Chromium)
2011/12/09 18:51:38
Done.
| |
| 34 // Forward declaration; real one in <cert.h> | 35 // Forward declaration; real one in <cert.h> |
| 35 struct CERTCertificateStr; | 36 struct CERTCertificateStr; |
| 36 #endif | 37 #endif |
| 37 | 38 |
| 38 class Pickle; | 39 class Pickle; |
| 39 | 40 |
| 40 namespace crypto { | 41 namespace crypto { |
| 41 class StringPiece; | 42 class StringPiece; |
| 42 class RSAPrivateKey; | 43 class RSAPrivateKey; |
| 43 } // namespace crypto | 44 } // namespace crypto |
| (...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 140 // scoped_refptr<X509Certificate>. | 141 // scoped_refptr<X509Certificate>. |
| 141 static X509Certificate* CreateFromDERCertChain( | 142 static X509Certificate* CreateFromDERCertChain( |
| 142 const std::vector<base::StringPiece>& der_certs); | 143 const std::vector<base::StringPiece>& der_certs); |
| 143 | 144 |
| 144 // Create an X509Certificate from the DER-encoded representation. | 145 // Create an X509Certificate from the DER-encoded representation. |
| 145 // Returns NULL on failure. | 146 // Returns NULL on failure. |
| 146 // | 147 // |
| 147 // The returned pointer must be stored in a scoped_refptr<X509Certificate>. | 148 // The returned pointer must be stored in a scoped_refptr<X509Certificate>. |
| 148 static X509Certificate* CreateFromBytes(const char* data, int length); | 149 static X509Certificate* CreateFromBytes(const char* data, int length); |
| 149 | 150 |
| 151 #if defined(USE_NSS) | |
| 152 // Create an X509Certificate from the DER-encoded representation. | |
| 153 // |nickname| can be NULL if an auto-generated nickname is desired. | |
| 154 // Returns NULL on failure. | |
| 155 // This function differs from CreateFromBytesWithNickname in that it takes a | |
|
wtc
2011/12/08 00:07:43
Typo: CreateFromBytesWithNickname => CreateFromByt
Greg Spencer (Chromium)
2011/12/09 18:51:38
Done.
| |
| 156 // nickname that will be used to set the PKCS#11 CKA_LABEL attribute on the | |
| 157 // created certificate. NSS is the only certificate store that supports | |
| 158 // nicknames. | |
|
wtc
2011/12/08 00:07:43
"NSS is the only certificate store that supports n
Greg Spencer (Chromium)
2011/12/09 18:51:38
I removed that statement from the comment.
| |
| 159 // The returned pointer must be stored in a scoped_refptr<X509Certificate>. | |
| 160 static X509Certificate* CreateFromBytesWithNickname(const char* data, | |
| 161 int length, | |
| 162 const char* nickname); | |
| 163 #endif | |
| 164 | |
| 150 // Create an X509Certificate from the representation stored in the given | 165 // Create an X509Certificate from the representation stored in the given |
| 151 // pickle. The data for this object is found relative to the given | 166 // pickle. The data for this object is found relative to the given |
| 152 // pickle_iter, which should be passed to the pickle's various Read* methods. | 167 // pickle_iter, which should be passed to the pickle's various Read* methods. |
| 153 // Returns NULL on failure. | 168 // Returns NULL on failure. |
| 154 // | 169 // |
| 155 // The returned pointer must be stored in a scoped_refptr<X509Certificate>. | 170 // The returned pointer must be stored in a scoped_refptr<X509Certificate>. |
| 156 static X509Certificate* CreateFromPickle(const Pickle& pickle, | 171 static X509Certificate* CreateFromPickle(const Pickle& pickle, |
| 157 void** pickle_iter, | 172 void** pickle_iter, |
| 158 PickleType type); | 173 PickleType type); |
| 159 | 174 |
| (...skipping 247 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 407 // Returns the OSCertHandle of this object. Because of caching, this may | 422 // Returns the OSCertHandle of this object. Because of caching, this may |
| 408 // differ from the OSCertHandle originally supplied during initialization. | 423 // differ from the OSCertHandle originally supplied during initialization. |
| 409 // Note: On Windows, CryptoAPI may return unexpected results if this handle | 424 // Note: On Windows, CryptoAPI may return unexpected results if this handle |
| 410 // is used across multiple threads. For more details, see | 425 // is used across multiple threads. For more details, see |
| 411 // CreateOSCertChainForCert(). | 426 // CreateOSCertChainForCert(). |
| 412 OSCertHandle os_cert_handle() const { return cert_handle_; } | 427 OSCertHandle os_cert_handle() const { return cert_handle_; } |
| 413 | 428 |
| 414 // Returns true if two OSCertHandles refer to identical certificates. | 429 // Returns true if two OSCertHandles refer to identical certificates. |
| 415 static bool IsSameOSCert(OSCertHandle a, OSCertHandle b); | 430 static bool IsSameOSCert(OSCertHandle a, OSCertHandle b); |
| 416 | 431 |
| 417 // Creates an OS certificate handle from the BER-encoded representation. | 432 // Creates an OS certificate handle from the DER-encoded representation. |
| 418 // Returns NULL on failure. | 433 // Returns NULL on failure. |
| 419 static OSCertHandle CreateOSCertHandleFromBytes(const char* data, | 434 static OSCertHandle CreateOSCertHandleFromBytes(const char* data, |
| 420 int length); | 435 int length); |
| 421 | 436 |
| 437 #if defined(USE_NSS) | |
| 438 // Creates an OS certificate handle from the DER-encoded representation, | |
| 439 // with the given nickname. NULL nickname will do the same thing as | |
| 440 // CreateOSCertHandleFromBytes. Returns NULL on failure. | |
| 441 static OSCertHandle CreateOSCertHandleFromBytesWithNickname( | |
| 442 const char* data, | |
| 443 int length, | |
| 444 const char* nickname); | |
| 445 #endif | |
| 446 | |
| 422 // Creates all possible OS certificate handles from |data| encoded in a | 447 // Creates all possible OS certificate handles from |data| encoded in a |
| 423 // specific |format|. Returns an empty collection on failure. | 448 // specific |format|. Returns an empty collection on failure. |
| 424 static OSCertHandles CreateOSCertHandlesFromBytes( | 449 static OSCertHandles CreateOSCertHandlesFromBytes( |
| 425 const char* data, int length, Format format); | 450 const char* data, |
| 451 int length, | |
| 452 Format format); | |
| 426 | 453 |
| 427 // Duplicates (or adds a reference to) an OS certificate handle. | 454 // Duplicates (or adds a reference to) an OS certificate handle. |
| 428 static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle); | 455 static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle); |
| 429 | 456 |
| 430 // Frees (or releases a reference to) an OS certificate handle. | 457 // Frees (or releases a reference to) an OS certificate handle. |
| 431 static void FreeOSCertHandle(OSCertHandle cert_handle); | 458 static void FreeOSCertHandle(OSCertHandle cert_handle); |
| 432 | 459 |
| 433 // Calculates the SHA-1 fingerprint of the certificate. Returns an empty | 460 // Calculates the SHA-1 fingerprint of the certificate. Returns an empty |
| 434 // (all zero) fingerprint on failure. | 461 // (all zero) fingerprint on failure. |
| 435 static SHA1Fingerprint CalculateFingerprint(OSCertHandle cert_handle); | 462 static SHA1Fingerprint CalculateFingerprint(OSCertHandle cert_handle); |
| (...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 559 // (Marked mutable because it's used in a const method.) | 586 // (Marked mutable because it's used in a const method.) |
| 560 mutable base::Lock verification_lock_; | 587 mutable base::Lock verification_lock_; |
| 561 #endif | 588 #endif |
| 562 | 589 |
| 563 DISALLOW_COPY_AND_ASSIGN(X509Certificate); | 590 DISALLOW_COPY_AND_ASSIGN(X509Certificate); |
| 564 }; | 591 }; |
| 565 | 592 |
| 566 } // namespace net | 593 } // namespace net |
| 567 | 594 |
| 568 #endif // NET_BASE_X509_CERTIFICATE_H_ | 595 #endif // NET_BASE_X509_CERTIFICATE_H_ |
| OLD | NEW |
