Chromium Code Reviews Chromium Code Reviews
Issue 9415040:
Refactor TransportSecurityState. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_BASE_X509_CERTIFICATE_H_ | 5 #ifndef NET_BASE_X509_CERTIFICATE_H_ |
| 6 #define NET_BASE_X509_CERTIFICATE_H_ | 6 #define NET_BASE_X509_CERTIFICATE_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <string.h> | 9 #include <string.h> |
| 10 | 10 |
| (...skipping 29 matching lines...) Expand all Loading... | |
| 40 | 40 |
| 41 namespace crypto { | 41 namespace crypto { |
| 42 class RSAPrivateKey; | 42 class RSAPrivateKey; |
| 43 } // namespace crypto | 43 } // namespace crypto |
| 44 | 44 |
| 45 namespace net { | 45 namespace net { |
| 46 | 46 |
| 47 class CRLSet; | 47 class CRLSet; |
| 48 class CertVerifyResult; | 48 class CertVerifyResult; |
| 49 | 49 |
| 50 // In the future there will be a generic Fingerprint type, with at least two | |
| 51 // implementations: SHA1 and SHA256. See http://crbug.com/117914. Until that | |
| 52 // work is done (in a separate patch) this typedef bridges the gap. | |
| 53 typedef SHA1Fingerprint Fingerprint; | |
| 54 | |
| 55 typedef std::vector<Fingerprint> FingerprintVector; | |
|
Ryan Sleevi
2012/03/28 00:50:32
Both of these belong in x509_cert_types.h.
palmer
2012/04/10 23:25:51
Done.
| |
| 56 | |
| 50 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; | 57 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; |
| 51 | 58 |
| 52 // X509Certificate represents a X.509 certificate, which is comprised a | 59 // X509Certificate represents a X.509 certificate, which is comprised a |
| 53 // particular identity or end-entity certificate, such as an SSL server | 60 // particular identity or end-entity certificate, such as an SSL server |
| 54 // identity or an SSL client certificate, and zero or more intermediate | 61 // identity or an SSL client certificate, and zero or more intermediate |
| 55 // certificates that may be used to build a path to a root certificate. | 62 // certificates that may be used to build a path to a root certificate. |
| 56 class NET_EXPORT X509Certificate | 63 class NET_EXPORT X509Certificate |
| 57 : public base::RefCountedThreadSafe<X509Certificate> { | 64 : public base::RefCountedThreadSafe<X509Certificate> { |
| 58 public: | 65 public: |
| 59 // An OSCertHandle is a handle to a certificate object in the underlying | 66 // An OSCertHandle is a handle to a certificate object in the underlying |
| (...skipping 153 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 213 // 1. Encryption without authentication and thus vulnerable to | 220 // 1. Encryption without authentication and thus vulnerable to |
| 214 // man-in-the-middle attacks. | 221 // man-in-the-middle attacks. |
| 215 // 2. Self-signed certificates cannot be revoked. | 222 // 2. Self-signed certificates cannot be revoked. |
| 216 // | 223 // |
| 217 // Use this certificate only after the above risks are acknowledged. | 224 // Use this certificate only after the above risks are acknowledged. |
| 218 static X509Certificate* CreateSelfSigned(crypto::RSAPrivateKey* key, | 225 static X509Certificate* CreateSelfSigned(crypto::RSAPrivateKey* key, |
| 219 const std::string& subject, | 226 const std::string& subject, |
| 220 uint32 serial_number, | 227 uint32 serial_number, |
| 221 base::TimeDelta valid_duration); | 228 base::TimeDelta valid_duration); |
| 222 | 229 |
| 230 // Parses |cert|'s Subject Public Key Info structure, hashes it, | |
|
Ryan Sleevi
2012/03/28 00:50:32
nit:
// Compute the SHA1Fingerprint of the Subjec
palmer
2012/04/10 23:25:51
Done.
| |
| 231 // populates |fingerprint|, and returns true. Returns false if there are | |
| 232 // any parse errors. | |
| 233 static bool GetPublicKeyHash(const OSCertHandle& cert, | |
| 234 SHA1Fingerprint* fingerprint); | |
| 235 | |
| 223 // Appends a representation of this object to the given pickle. | 236 // Appends a representation of this object to the given pickle. |
| 224 void Persist(Pickle* pickle); | 237 void Persist(Pickle* pickle); |
| 225 | 238 |
| 226 // The serial number, DER encoded, possibly including a leading 00 byte. | 239 // The serial number, DER encoded, possibly including a leading 00 byte. |
| 227 const std::string& serial_number() const { return serial_number_; } | 240 const std::string& serial_number() const { return serial_number_; } |
| 228 | 241 |
| 229 // The subject of the certificate. For HTTPS server certificates, this | 242 // The subject of the certificate. For HTTPS server certificates, this |
| 230 // represents the web server. The common name of the subject should match | 243 // represents the web server. The common name of the subject should match |
| 231 // the host name of the web server. | 244 // the host name of the web server. |
| 232 const CertPrincipal& subject() const { return subject_; } | 245 const CertPrincipal& subject() const { return subject_; } |
| (...skipping 278 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 511 // based on the type of the certificate. | 524 // based on the type of the certificate. |
| 512 std::string default_nickname_; | 525 std::string default_nickname_; |
| 513 #endif | 526 #endif |
| 514 | 527 |
| 515 DISALLOW_COPY_AND_ASSIGN(X509Certificate); | 528 DISALLOW_COPY_AND_ASSIGN(X509Certificate); |
| 516 }; | 529 }; |
| 517 | 530 |
| 518 } // namespace net | 531 } // namespace net |
| 519 | 532 |
| 520 #endif // NET_BASE_X509_CERTIFICATE_H_ | 533 #endif // NET_BASE_X509_CERTIFICATE_H_ |
| OLD | NEW |
