OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_X509_CERTIFICATE_H_ | 5 #ifndef NET_CERT_X509_CERTIFICATE_H_ |
6 #define NET_CERT_X509_CERTIFICATE_H_ | 6 #define NET_CERT_X509_CERTIFICATE_H_ |
7 | 7 |
8 #include <stddef.h> | 8 #include <stddef.h> |
9 #include <string.h> | 9 #include <string.h> |
10 | 10 |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
74 | 74 |
75 enum PublicKeyType { | 75 enum PublicKeyType { |
76 kPublicKeyTypeUnknown, | 76 kPublicKeyTypeUnknown, |
77 kPublicKeyTypeRSA, | 77 kPublicKeyTypeRSA, |
78 kPublicKeyTypeDSA, | 78 kPublicKeyTypeDSA, |
79 kPublicKeyTypeECDSA, | 79 kPublicKeyTypeECDSA, |
80 kPublicKeyTypeDH, | 80 kPublicKeyTypeDH, |
81 kPublicKeyTypeECDH | 81 kPublicKeyTypeECDH |
82 }; | 82 }; |
83 | 83 |
84 // Predicate functor used in maps when X509Certificate is used as the key. | |
85 class NET_EXPORT LessThan { | |
86 public: | |
87 bool operator()(const scoped_refptr<X509Certificate>& lhs, | |
88 const scoped_refptr<X509Certificate>& rhs) const; | |
89 }; | |
90 | |
91 enum Format { | 84 enum Format { |
92 // The data contains a single DER-encoded certificate, or a PEM-encoded | 85 // The data contains a single DER-encoded certificate, or a PEM-encoded |
93 // DER certificate with the PEM encoding block name of "CERTIFICATE". | 86 // DER certificate with the PEM encoding block name of "CERTIFICATE". |
94 // Any subsequent blocks will be ignored. | 87 // Any subsequent blocks will be ignored. |
95 FORMAT_SINGLE_CERTIFICATE = 1 << 0, | 88 FORMAT_SINGLE_CERTIFICATE = 1 << 0, |
96 | 89 |
97 // The data contains a sequence of one or more PEM-encoded, DER | 90 // The data contains a sequence of one or more PEM-encoded, DER |
98 // certificates, with the PEM encoding block name of "CERTIFICATE". | 91 // certificates, with the PEM encoding block name of "CERTIFICATE". |
99 // All PEM blocks will be parsed, until the first error is encountered. | 92 // All PEM blocks will be parsed, until the first error is encountered. |
100 FORMAT_PEM_CERT_SEQUENCE = 1 << 1, | 93 FORMAT_PEM_CERT_SEQUENCE = 1 << 1, |
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
206 const CertPrincipal& issuer() const { return issuer_; } | 199 const CertPrincipal& issuer() const { return issuer_; } |
207 | 200 |
208 // Time period during which the certificate is valid. More precisely, this | 201 // Time period during which the certificate is valid. More precisely, this |
209 // certificate is invalid before the |valid_start| date and invalid after | 202 // certificate is invalid before the |valid_start| date and invalid after |
210 // the |valid_expiry| date. | 203 // the |valid_expiry| date. |
211 // If we were unable to parse either date from the certificate (or if the cert | 204 // If we were unable to parse either date from the certificate (or if the cert |
212 // lacks either date), the date will be null (i.e., is_null() will be true). | 205 // lacks either date), the date will be null (i.e., is_null() will be true). |
213 const base::Time& valid_start() const { return valid_start_; } | 206 const base::Time& valid_start() const { return valid_start_; } |
214 const base::Time& valid_expiry() const { return valid_expiry_; } | 207 const base::Time& valid_expiry() const { return valid_expiry_; } |
215 | 208 |
216 // The fingerprint of this certificate. | |
217 const SHA1HashValue& fingerprint() const { return fingerprint_; } | |
218 | |
219 // The fingerprint of the intermediate CA certificates. | |
220 const SHA1HashValue& ca_fingerprint() const { | |
221 return ca_fingerprint_; | |
222 } | |
223 | |
224 // Gets the DNS names in the certificate. Pursuant to RFC 2818, Section 3.1 | 209 // Gets the DNS names in the certificate. Pursuant to RFC 2818, Section 3.1 |
225 // Server Identity, if the certificate has a subjectAltName extension of | 210 // Server Identity, if the certificate has a subjectAltName extension of |
226 // type dNSName, this method gets the DNS names in that extension. | 211 // type dNSName, this method gets the DNS names in that extension. |
227 // Otherwise, it gets the common name in the subject field. | 212 // Otherwise, it gets the common name in the subject field. |
228 void GetDNSNames(std::vector<std::string>* dns_names) const; | 213 void GetDNSNames(std::vector<std::string>* dns_names) const; |
229 | 214 |
230 // Gets the subjectAltName extension field from the certificate, if any. | 215 // Gets the subjectAltName extension field from the certificate, if any. |
231 // For future extension; currently this only returns those name types that | 216 // For future extension; currently this only returns those name types that |
232 // are required for HTTP certificate name verification - see VerifyHostname. | 217 // are required for HTTP certificate name verification - see VerifyHostname. |
233 // Unrequired parameters may be passed as NULL. | 218 // Unrequired parameters may be passed as NULL. |
(...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
378 static OSCertHandles CreateOSCertHandlesFromBytes(const char* data, | 363 static OSCertHandles CreateOSCertHandlesFromBytes(const char* data, |
379 size_t length, | 364 size_t length, |
380 Format format); | 365 Format format); |
381 | 366 |
382 // Duplicates (or adds a reference to) an OS certificate handle. | 367 // Duplicates (or adds a reference to) an OS certificate handle. |
383 static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle); | 368 static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle); |
384 | 369 |
385 // Frees (or releases a reference to) an OS certificate handle. | 370 // Frees (or releases a reference to) an OS certificate handle. |
386 static void FreeOSCertHandle(OSCertHandle cert_handle); | 371 static void FreeOSCertHandle(OSCertHandle cert_handle); |
387 | 372 |
388 // Calculates the SHA-1 fingerprint of the certificate. Returns an empty | |
389 // (all zero) fingerprint on failure. | |
390 // | |
391 // For calculating fingerprints, prefer SHA-1 for performance when indexing, | |
392 // but callers should use IsSameOSCert() before assuming two certificates are | |
393 // the same. | |
394 static SHA1HashValue CalculateFingerprint(OSCertHandle cert_handle); | |
395 | |
396 // Calculates the SHA-256 fingerprint of the certificate. Returns an empty | 373 // Calculates the SHA-256 fingerprint of the certificate. Returns an empty |
397 // (all zero) fingerprint on failure. | 374 // (all zero) fingerprint on failure. |
398 static SHA256HashValue CalculateFingerprint256(OSCertHandle cert_handle); | 375 static SHA256HashValue CalculateFingerprint256(OSCertHandle cert_handle); |
399 | 376 |
400 // Calculates the SHA-1 fingerprint of the intermediate CA certificates. | |
401 // Returns an empty (all zero) fingerprint on failure. | |
402 // | |
403 // See SHA-1 caveat on CalculateFingerprint(). | |
404 static SHA1HashValue CalculateCAFingerprint( | |
405 const OSCertHandles& intermediates); | |
406 | |
407 // Calculates the SHA-256 fingerprint of the intermediate CA certificates. | 377 // Calculates the SHA-256 fingerprint of the intermediate CA certificates. |
408 // Returns an empty (all zero) fingerprint on failure. | 378 // Returns an empty (all zero) fingerprint on failure. |
409 // | |
410 // As part of the cross-platform implementation of this function, it currently | |
411 // copies the certificate bytes into local variables which makes it | |
412 // potentially slower than implementing it directly for each platform. For | |
413 // now, the expected consumers are not performance critical, but if | |
414 // performance is a concern going forward, it may warrant implementing this on | |
415 // a per-platform basis. | |
416 static SHA256HashValue CalculateCAFingerprint256( | 379 static SHA256HashValue CalculateCAFingerprint256( |
417 const OSCertHandles& intermediates); | 380 const OSCertHandles& intermediates); |
418 | 381 |
419 // Calculates the SHA-256 fingerprint for the complete chain, including the | 382 // Calculates the SHA-256 fingerprint for the complete chain, including the |
420 // leaf certificate and all intermediate CA certificates. Returns an empty | 383 // leaf certificate and all intermediate CA certificates. Returns an empty |
421 // (all zero) fingerprint on failure. | 384 // (all zero) fingerprint on failure. |
422 static SHA256HashValue CalculateChainFingerprint256( | 385 static SHA256HashValue CalculateChainFingerprint256( |
423 OSCertHandle leaf, | 386 OSCertHandle leaf, |
424 const OSCertHandles& intermediates); | 387 const OSCertHandles& intermediates); |
425 | 388 |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
487 | 450 |
488 // The issuer of the certificate. | 451 // The issuer of the certificate. |
489 CertPrincipal issuer_; | 452 CertPrincipal issuer_; |
490 | 453 |
491 // This certificate is not valid before |valid_start_| | 454 // This certificate is not valid before |valid_start_| |
492 base::Time valid_start_; | 455 base::Time valid_start_; |
493 | 456 |
494 // This certificate is not valid after |valid_expiry_| | 457 // This certificate is not valid after |valid_expiry_| |
495 base::Time valid_expiry_; | 458 base::Time valid_expiry_; |
496 | 459 |
497 // The fingerprint of this certificate. | |
498 SHA1HashValue fingerprint_; | |
499 | |
500 // The fingerprint of the intermediate CA certificates. | |
501 SHA1HashValue ca_fingerprint_; | |
502 | |
503 // The serial number of this certificate, DER encoded. | 460 // The serial number of this certificate, DER encoded. |
504 std::string serial_number_; | 461 std::string serial_number_; |
505 | 462 |
506 // A handle to the certificate object in the underlying crypto library. | 463 // A handle to the certificate object in the underlying crypto library. |
507 OSCertHandle cert_handle_; | 464 OSCertHandle cert_handle_; |
508 | 465 |
509 // Untrusted intermediate certificates associated with this certificate | 466 // Untrusted intermediate certificates associated with this certificate |
510 // that may be needed for chain building. | 467 // that may be needed for chain building. |
511 OSCertHandles intermediate_ca_certs_; | 468 OSCertHandles intermediate_ca_certs_; |
512 | 469 |
513 #if defined(USE_NSS_CERTS) | 470 #if defined(USE_NSS_CERTS) |
514 // This stores any default nickname that has been set on the certificate | 471 // This stores any default nickname that has been set on the certificate |
515 // at creation time with CreateFromBytesWithNickname. | 472 // at creation time with CreateFromBytesWithNickname. |
516 // If this is empty, then GetDefaultNickname will return a generated name | 473 // If this is empty, then GetDefaultNickname will return a generated name |
517 // based on the type of the certificate. | 474 // based on the type of the certificate. |
518 std::string default_nickname_; | 475 std::string default_nickname_; |
519 #endif | 476 #endif |
520 | 477 |
521 DISALLOW_COPY_AND_ASSIGN(X509Certificate); | 478 DISALLOW_COPY_AND_ASSIGN(X509Certificate); |
522 }; | 479 }; |
523 | 480 |
524 } // namespace net | 481 } // namespace net |
525 | 482 |
526 #endif // NET_CERT_X509_CERTIFICATE_H_ | 483 #endif // NET_CERT_X509_CERTIFICATE_H_ |
OLD | NEW |