| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef NET_BASE_X509_CERT_TYPES_H_ | |
| 6 #define NET_BASE_X509_CERT_TYPES_H_ | |
| 7 | |
| 8 #include <string.h> | |
| 9 | |
| 10 #include <set> | |
| 11 #include <string> | |
| 12 #include <vector> | |
| 13 | |
| 14 #include "base/logging.h" | |
| 15 #include "base/string_piece.h" | |
| 16 #include "build/build_config.h" | |
| 17 #include "net/base/hash_value.h" | |
| 18 #include "net/base/net_export.h" | |
| 19 | |
| 20 #if defined(OS_MACOSX) && !defined(OS_IOS) | |
| 21 #include <Security/x509defs.h> | |
| 22 #endif | |
| 23 | |
| 24 namespace base { | |
| 25 class Time; | |
| 26 } // namespace base | |
| 27 | |
| 28 namespace net { | |
| 29 | |
| 30 class X509Certificate; | |
| 31 | |
| 32 // CertPrincipal represents the issuer or subject field of an X.509 certificate. | |
| 33 struct NET_EXPORT CertPrincipal { | |
| 34 CertPrincipal(); | |
| 35 explicit CertPrincipal(const std::string& name); | |
| 36 ~CertPrincipal(); | |
| 37 | |
| 38 #if (defined(OS_MACOSX) && !defined(OS_IOS)) || defined(OS_WIN) | |
| 39 // Parses a BER-format DistinguishedName. | |
| 40 bool ParseDistinguishedName(const void* ber_name_data, size_t length); | |
| 41 #endif | |
| 42 | |
| 43 #if defined(OS_MACOSX) | |
| 44 // Compare this CertPrincipal with |against|, returning true if they're | |
| 45 // equal enough to be a possible match. This should NOT be used for any | |
| 46 // security relevant decisions. | |
| 47 // TODO(rsleevi): Remove once Mac client auth uses NSS for name comparison. | |
| 48 bool Matches(const CertPrincipal& against) const; | |
| 49 #endif | |
| 50 | |
| 51 // Returns a name that can be used to represent the issuer. It tries in this | |
| 52 // order: CN, O and OU and returns the first non-empty one found. | |
| 53 std::string GetDisplayName() const; | |
| 54 | |
| 55 // The different attributes for a principal, stored in UTF-8. They may be "". | |
| 56 // Note that some of them can have several values. | |
| 57 | |
| 58 std::string common_name; | |
| 59 std::string locality_name; | |
| 60 std::string state_or_province_name; | |
| 61 std::string country_name; | |
| 62 | |
| 63 std::vector<std::string> street_addresses; | |
| 64 std::vector<std::string> organization_names; | |
| 65 std::vector<std::string> organization_unit_names; | |
| 66 std::vector<std::string> domain_components; | |
| 67 }; | |
| 68 | |
| 69 // This class is useful for maintaining policies about which certificates are | |
| 70 // permitted or forbidden for a particular purpose. | |
| 71 class NET_EXPORT CertPolicy { | |
| 72 public: | |
| 73 // The judgments this policy can reach. | |
| 74 enum Judgment { | |
| 75 // We don't have policy information for this certificate. | |
| 76 UNKNOWN, | |
| 77 | |
| 78 // This certificate is allowed. | |
| 79 ALLOWED, | |
| 80 | |
| 81 // This certificate is denied. | |
| 82 DENIED, | |
| 83 }; | |
| 84 | |
| 85 CertPolicy(); | |
| 86 ~CertPolicy(); | |
| 87 | |
| 88 // Returns the judgment this policy makes about this certificate. | |
| 89 Judgment Check(X509Certificate* cert) const; | |
| 90 | |
| 91 // Causes the policy to allow this certificate. | |
| 92 void Allow(X509Certificate* cert); | |
| 93 | |
| 94 // Causes the policy to deny this certificate. | |
| 95 void Deny(X509Certificate* cert); | |
| 96 | |
| 97 // Returns true if this policy has allowed at least one certificate. | |
| 98 bool HasAllowedCert() const; | |
| 99 | |
| 100 // Returns true if this policy has denied at least one certificate. | |
| 101 bool HasDeniedCert() const; | |
| 102 | |
| 103 private: | |
| 104 // The set of fingerprints of allowed certificates. | |
| 105 std::set<SHA1HashValue, SHA1HashValueLessThan> allowed_; | |
| 106 | |
| 107 // The set of fingerprints of denied certificates. | |
| 108 std::set<SHA1HashValue, SHA1HashValueLessThan> denied_; | |
| 109 }; | |
| 110 | |
| 111 #if defined(OS_MACOSX) && !defined(OS_IOS) | |
| 112 // Compares two OIDs by value. | |
| 113 inline bool CSSMOIDEqual(const CSSM_OID* oid1, const CSSM_OID* oid2) { | |
| 114 return oid1->Length == oid2->Length && | |
| 115 (memcmp(oid1->Data, oid2->Data, oid1->Length) == 0); | |
| 116 } | |
| 117 #endif | |
| 118 | |
| 119 // A list of ASN.1 date/time formats that ParseCertificateDate() supports, | |
| 120 // encoded in the canonical forms specified in RFC 2459/3280/5280. | |
| 121 enum CertDateFormat { | |
| 122 // UTCTime: Format is YYMMDDHHMMSSZ | |
| 123 CERT_DATE_FORMAT_UTC_TIME, | |
| 124 | |
| 125 // GeneralizedTime: Format is YYYYMMDDHHMMSSZ | |
| 126 CERT_DATE_FORMAT_GENERALIZED_TIME, | |
| 127 }; | |
| 128 | |
| 129 // Attempts to parse |raw_date|, an ASN.1 date/time string encoded as | |
| 130 // |format|, and writes the result into |*time|. If an invalid date is | |
| 131 // specified, or if parsing fails, returns false, and |*time| will not be | |
| 132 // updated. | |
| 133 bool ParseCertificateDate(const base::StringPiece& raw_date, | |
| 134 CertDateFormat format, | |
| 135 base::Time* time); | |
| 136 } // namespace net | |
| 137 | |
| 138 #endif // NET_BASE_X509_CERT_TYPES_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 13006020:
net: extract net/cert out of net/base (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src