| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_X509_CERTIFICATE_H_ | 5 #ifndef NET_CERT_X509_CERTIFICATE_H_ |
| 6 #define NET_CERT_X509_CERTIFICATE_H_ | 6 #define NET_CERT_X509_CERTIFICATE_H_ |
| 7 | 7 |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 #include <string.h> | 9 #include <string.h> |
| 10 | 10 |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 74 | 74 |
| 75 enum PublicKeyType { | 75 enum PublicKeyType { |
| 76 kPublicKeyTypeUnknown, | 76 kPublicKeyTypeUnknown, |
| 77 kPublicKeyTypeRSA, | 77 kPublicKeyTypeRSA, |
| 78 kPublicKeyTypeDSA, | 78 kPublicKeyTypeDSA, |
| 79 kPublicKeyTypeECDSA, | 79 kPublicKeyTypeECDSA, |
| 80 kPublicKeyTypeDH, | 80 kPublicKeyTypeDH, |
| 81 kPublicKeyTypeECDH | 81 kPublicKeyTypeECDH |
| 82 }; | 82 }; |
| 83 | 83 |
| 84 // Predicate functor used in maps when X509Certificate is used as the key. | |
| 85 class NET_EXPORT LessThan { | |
| 86 public: | |
| 87 bool operator()(const scoped_refptr<X509Certificate>& lhs, | |
| 88 const scoped_refptr<X509Certificate>& rhs) const; | |
| 89 }; | |
| 90 | |
| 91 enum Format { | 84 enum Format { |
| 92 // The data contains a single DER-encoded certificate, or a PEM-encoded | 85 // The data contains a single DER-encoded certificate, or a PEM-encoded |
| 93 // DER certificate with the PEM encoding block name of "CERTIFICATE". | 86 // DER certificate with the PEM encoding block name of "CERTIFICATE". |
| 94 // Any subsequent blocks will be ignored. | 87 // Any subsequent blocks will be ignored. |
| 95 FORMAT_SINGLE_CERTIFICATE = 1 << 0, | 88 FORMAT_SINGLE_CERTIFICATE = 1 << 0, |
| 96 | 89 |
| 97 // The data contains a sequence of one or more PEM-encoded, DER | 90 // The data contains a sequence of one or more PEM-encoded, DER |
| 98 // certificates, with the PEM encoding block name of "CERTIFICATE". | 91 // certificates, with the PEM encoding block name of "CERTIFICATE". |
| 99 // All PEM blocks will be parsed, until the first error is encountered. | 92 // All PEM blocks will be parsed, until the first error is encountered. |
| 100 FORMAT_PEM_CERT_SEQUENCE = 1 << 1, | 93 FORMAT_PEM_CERT_SEQUENCE = 1 << 1, |
| (...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 206 const CertPrincipal& issuer() const { return issuer_; } | 199 const CertPrincipal& issuer() const { return issuer_; } |
| 207 | 200 |
| 208 // Time period during which the certificate is valid. More precisely, this | 201 // Time period during which the certificate is valid. More precisely, this |
| 209 // certificate is invalid before the |valid_start| date and invalid after | 202 // certificate is invalid before the |valid_start| date and invalid after |
| 210 // the |valid_expiry| date. | 203 // the |valid_expiry| date. |
| 211 // If we were unable to parse either date from the certificate (or if the cert | 204 // If we were unable to parse either date from the certificate (or if the cert |
| 212 // lacks either date), the date will be null (i.e., is_null() will be true). | 205 // lacks either date), the date will be null (i.e., is_null() will be true). |
| 213 const base::Time& valid_start() const { return valid_start_; } | 206 const base::Time& valid_start() const { return valid_start_; } |
| 214 const base::Time& valid_expiry() const { return valid_expiry_; } | 207 const base::Time& valid_expiry() const { return valid_expiry_; } |
| 215 | 208 |
| 216 // The fingerprint of this certificate. | |
| 217 const SHA1HashValue& fingerprint() const { return fingerprint_; } | |
| 218 | |
| 219 // The fingerprint of the intermediate CA certificates. | |
| 220 const SHA1HashValue& ca_fingerprint() const { | |
| 221 return ca_fingerprint_; | |
| 222 } | |
| 223 | |
| 224 // Gets the DNS names in the certificate. Pursuant to RFC 2818, Section 3.1 | 209 // Gets the DNS names in the certificate. Pursuant to RFC 2818, Section 3.1 |
| 225 // Server Identity, if the certificate has a subjectAltName extension of | 210 // Server Identity, if the certificate has a subjectAltName extension of |
| 226 // type dNSName, this method gets the DNS names in that extension. | 211 // type dNSName, this method gets the DNS names in that extension. |
| 227 // Otherwise, it gets the common name in the subject field. | 212 // Otherwise, it gets the common name in the subject field. |
| 228 void GetDNSNames(std::vector<std::string>* dns_names) const; | 213 void GetDNSNames(std::vector<std::string>* dns_names) const; |
| 229 | 214 |
| 230 // Gets the subjectAltName extension field from the certificate, if any. | 215 // Gets the subjectAltName extension field from the certificate, if any. |
| 231 // For future extension; currently this only returns those name types that | 216 // For future extension; currently this only returns those name types that |
| 232 // are required for HTTP certificate name verification - see VerifyHostname. | 217 // are required for HTTP certificate name verification - see VerifyHostname. |
| 233 // Unrequired parameters may be passed as NULL. | 218 // Unrequired parameters may be passed as NULL. |
| (...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 378 static OSCertHandles CreateOSCertHandlesFromBytes(const char* data, | 363 static OSCertHandles CreateOSCertHandlesFromBytes(const char* data, |
| 379 size_t length, | 364 size_t length, |
| 380 Format format); | 365 Format format); |
| 381 | 366 |
| 382 // Duplicates (or adds a reference to) an OS certificate handle. | 367 // Duplicates (or adds a reference to) an OS certificate handle. |
| 383 static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle); | 368 static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle); |
| 384 | 369 |
| 385 // Frees (or releases a reference to) an OS certificate handle. | 370 // Frees (or releases a reference to) an OS certificate handle. |
| 386 static void FreeOSCertHandle(OSCertHandle cert_handle); | 371 static void FreeOSCertHandle(OSCertHandle cert_handle); |
| 387 | 372 |
| 388 // Calculates the SHA-1 fingerprint of the certificate. Returns an empty | |
| 389 // (all zero) fingerprint on failure. | |
| 390 // | |
| 391 // For calculating fingerprints, prefer SHA-1 for performance when indexing, | |
| 392 // but callers should use IsSameOSCert() before assuming two certificates are | |
| 393 // the same. | |
| 394 static SHA1HashValue CalculateFingerprint(OSCertHandle cert_handle); | |
| 395 | |
| 396 // Calculates the SHA-256 fingerprint of the certificate. Returns an empty | 373 // Calculates the SHA-256 fingerprint of the certificate. Returns an empty |
| 397 // (all zero) fingerprint on failure. | 374 // (all zero) fingerprint on failure. |
| 398 static SHA256HashValue CalculateFingerprint256(OSCertHandle cert_handle); | 375 static SHA256HashValue CalculateFingerprint256(OSCertHandle cert_handle); |
| 399 | 376 |
| 400 // Calculates the SHA-1 fingerprint of the intermediate CA certificates. | |
| 401 // Returns an empty (all zero) fingerprint on failure. | |
| 402 // | |
| 403 // See SHA-1 caveat on CalculateFingerprint(). | |
| 404 static SHA1HashValue CalculateCAFingerprint( | |
| 405 const OSCertHandles& intermediates); | |
| 406 | |
| 407 // Calculates the SHA-256 fingerprint of the intermediate CA certificates. | 377 // Calculates the SHA-256 fingerprint of the intermediate CA certificates. |
| 408 // Returns an empty (all zero) fingerprint on failure. | 378 // Returns an empty (all zero) fingerprint on failure. |
| 409 // | |
| 410 // As part of the cross-platform implementation of this function, it currently | |
| 411 // copies the certificate bytes into local variables which makes it | |
| 412 // potentially slower than implementing it directly for each platform. For | |
| 413 // now, the expected consumers are not performance critical, but if | |
| 414 // performance is a concern going forward, it may warrant implementing this on | |
| 415 // a per-platform basis. | |
| 416 static SHA256HashValue CalculateCAFingerprint256( | 379 static SHA256HashValue CalculateCAFingerprint256( |
| 417 const OSCertHandles& intermediates); | 380 const OSCertHandles& intermediates); |
| 418 | 381 |
| 419 // Calculates the SHA-256 fingerprint for the complete chain, including the | 382 // Calculates the SHA-256 fingerprint for the complete chain, including the |
| 420 // leaf certificate and all intermediate CA certificates. Returns an empty | 383 // leaf certificate and all intermediate CA certificates. Returns an empty |
| 421 // (all zero) fingerprint on failure. | 384 // (all zero) fingerprint on failure. |
| 422 static SHA256HashValue CalculateChainFingerprint256( | 385 static SHA256HashValue CalculateChainFingerprint256( |
| 423 OSCertHandle leaf, | 386 OSCertHandle leaf, |
| 424 const OSCertHandles& intermediates); | 387 const OSCertHandles& intermediates); |
| 425 | 388 |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 487 | 450 |
| 488 // The issuer of the certificate. | 451 // The issuer of the certificate. |
| 489 CertPrincipal issuer_; | 452 CertPrincipal issuer_; |
| 490 | 453 |
| 491 // This certificate is not valid before |valid_start_| | 454 // This certificate is not valid before |valid_start_| |
| 492 base::Time valid_start_; | 455 base::Time valid_start_; |
| 493 | 456 |
| 494 // This certificate is not valid after |valid_expiry_| | 457 // This certificate is not valid after |valid_expiry_| |
| 495 base::Time valid_expiry_; | 458 base::Time valid_expiry_; |
| 496 | 459 |
| 497 // The fingerprint of this certificate. | |
| 498 SHA1HashValue fingerprint_; | |
| 499 | |
| 500 // The fingerprint of the intermediate CA certificates. | |
| 501 SHA1HashValue ca_fingerprint_; | |
| 502 | |
| 503 // The serial number of this certificate, DER encoded. | 460 // The serial number of this certificate, DER encoded. |
| 504 std::string serial_number_; | 461 std::string serial_number_; |
| 505 | 462 |
| 506 // A handle to the certificate object in the underlying crypto library. | 463 // A handle to the certificate object in the underlying crypto library. |
| 507 OSCertHandle cert_handle_; | 464 OSCertHandle cert_handle_; |
| 508 | 465 |
| 509 // Untrusted intermediate certificates associated with this certificate | 466 // Untrusted intermediate certificates associated with this certificate |
| 510 // that may be needed for chain building. | 467 // that may be needed for chain building. |
| 511 OSCertHandles intermediate_ca_certs_; | 468 OSCertHandles intermediate_ca_certs_; |
| 512 | 469 |
| 513 #if defined(USE_NSS_CERTS) | 470 #if defined(USE_NSS_CERTS) |
| 514 // This stores any default nickname that has been set on the certificate | 471 // This stores any default nickname that has been set on the certificate |
| 515 // at creation time with CreateFromBytesWithNickname. | 472 // at creation time with CreateFromBytesWithNickname. |
| 516 // If this is empty, then GetDefaultNickname will return a generated name | 473 // If this is empty, then GetDefaultNickname will return a generated name |
| 517 // based on the type of the certificate. | 474 // based on the type of the certificate. |
| 518 std::string default_nickname_; | 475 std::string default_nickname_; |
| 519 #endif | 476 #endif |
| 520 | 477 |
| 521 DISALLOW_COPY_AND_ASSIGN(X509Certificate); | 478 DISALLOW_COPY_AND_ASSIGN(X509Certificate); |
| 522 }; | 479 }; |
| 523 | 480 |
| 524 } // namespace net | 481 } // namespace net |
| 525 | 482 |
| 526 #endif // NET_CERT_X509_CERTIFICATE_H_ | 483 #endif // NET_CERT_X509_CERTIFICATE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2000503002:
Remove the fingerprint and ca_fingerprint from X509Certificate (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@move_cache