OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_X509_CERTIFICATE_H_ | 5 #ifndef NET_CERT_X509_CERTIFICATE_H_ |
6 #define NET_CERT_X509_CERTIFICATE_H_ | 6 #define NET_CERT_X509_CERTIFICATE_H_ |
7 | 7 |
8 #include <string.h> | 8 #include <string.h> |
9 | 9 |
10 #include <string> | 10 #include <string> |
11 #include <vector> | 11 #include <vector> |
12 | 12 |
13 #include "base/gtest_prod_util.h" | 13 #include "base/gtest_prod_util.h" |
14 #include "base/memory/ref_counted.h" | 14 #include "base/memory/ref_counted.h" |
15 #include "base/strings/string_piece.h" | 15 #include "base/strings/string_piece.h" |
16 #include "base/time/time.h" | 16 #include "base/time/time.h" |
17 #include "net/base/net_export.h" | 17 #include "net/base/net_export.h" |
18 #include "net/cert/cert_type.h" | 18 #include "net/cert/cert_type.h" |
19 #include "net/cert/x509_cert_types.h" | 19 #include "net/cert/x509_cert_types.h" |
20 | 20 |
21 #if defined(OS_WIN) | 21 #if defined(OS_WIN) |
22 #include <windows.h> | 22 #include <windows.h> |
23 #include <wincrypt.h> | 23 #include <wincrypt.h> |
24 #elif defined(OS_MACOSX) | 24 #elif defined(OS_MACOSX) |
25 #include <CoreFoundation/CFArray.h> | 25 #include <CoreFoundation/CFArray.h> |
26 #include <Security/SecBase.h> | 26 #include <Security/SecBase.h> |
27 | 27 |
28 #elif defined(USE_OPENSSL) | 28 #elif defined(USE_OPENSSL_CERTS) |
29 // Forward declaration; real one in <x509.h> | 29 // Forward declaration; real one in <x509.h> |
30 typedef struct x509_st X509; | 30 typedef struct x509_st X509; |
31 typedef struct x509_store_st X509_STORE; | 31 typedef struct x509_store_st X509_STORE; |
32 #elif defined(USE_NSS) | 32 #elif defined(USE_NSS) |
33 // Forward declaration; real one in <cert.h> | 33 // Forward declaration; real one in <cert.h> |
34 struct CERTCertificateStr; | 34 struct CERTCertificateStr; |
35 #endif | 35 #endif |
36 | 36 |
37 class Pickle; | 37 class Pickle; |
38 class PickleIterator; | 38 class PickleIterator; |
(...skipping 12 matching lines...) Expand all Loading... |
51 class NET_EXPORT X509Certificate | 51 class NET_EXPORT X509Certificate |
52 : public base::RefCountedThreadSafe<X509Certificate> { | 52 : public base::RefCountedThreadSafe<X509Certificate> { |
53 public: | 53 public: |
54 // An OSCertHandle is a handle to a certificate object in the underlying | 54 // An OSCertHandle is a handle to a certificate object in the underlying |
55 // crypto library. We assume that OSCertHandle is a pointer type on all | 55 // crypto library. We assume that OSCertHandle is a pointer type on all |
56 // platforms and that NULL represents an invalid OSCertHandle. | 56 // platforms and that NULL represents an invalid OSCertHandle. |
57 #if defined(OS_WIN) | 57 #if defined(OS_WIN) |
58 typedef PCCERT_CONTEXT OSCertHandle; | 58 typedef PCCERT_CONTEXT OSCertHandle; |
59 #elif defined(OS_MACOSX) | 59 #elif defined(OS_MACOSX) |
60 typedef SecCertificateRef OSCertHandle; | 60 typedef SecCertificateRef OSCertHandle; |
61 #elif defined(USE_OPENSSL) | 61 #elif defined(USE_OPENSSL_CERTS) |
62 typedef X509* OSCertHandle; | 62 typedef X509* OSCertHandle; |
63 #elif defined(USE_NSS) | 63 #elif defined(USE_NSS) |
64 typedef struct CERTCertificateStr* OSCertHandle; | 64 typedef struct CERTCertificateStr* OSCertHandle; |
65 #else | 65 #else |
66 // TODO(ericroman): not implemented | 66 // TODO(ericroman): not implemented |
67 typedef void* OSCertHandle; | 67 typedef void* OSCertHandle; |
68 #endif | 68 #endif |
69 | 69 |
70 typedef std::vector<OSCertHandle> OSCertHandles; | 70 typedef std::vector<OSCertHandle> OSCertHandles; |
71 | 71 |
(...skipping 225 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
297 // obtain its own, rather than risk thread-safety issues by sharing. | 297 // obtain its own, rather than risk thread-safety issues by sharing. |
298 // | 298 // |
299 // Because of how X509Certificate caching is implemented, attempting to | 299 // Because of how X509Certificate caching is implemented, attempting to |
300 // create an X509Certificate from the returned PCCERT_CONTEXT may result in | 300 // create an X509Certificate from the returned PCCERT_CONTEXT may result in |
301 // the original handle (and thus the originall HCERTSTORE) being returned by | 301 // the original handle (and thus the originall HCERTSTORE) being returned by |
302 // os_cert_handle(). For this reason, the returned PCCERT_CONTEXT *MUST NOT* | 302 // os_cert_handle(). For this reason, the returned PCCERT_CONTEXT *MUST NOT* |
303 // be stored in an X509Certificate. | 303 // be stored in an X509Certificate. |
304 PCCERT_CONTEXT CreateOSCertChainForCert() const; | 304 PCCERT_CONTEXT CreateOSCertChainForCert() const; |
305 #endif | 305 #endif |
306 | 306 |
307 #if defined(USE_OPENSSL) | 307 #if defined(USE_OPENSSL_CERTS) |
308 // Returns a handle to a global, in-memory certificate store. We | 308 // Returns a handle to a global, in-memory certificate store. We |
309 // use it for test code, e.g. importing the test server's certificate. | 309 // use it for test code, e.g. importing the test server's certificate. |
310 static X509_STORE* cert_store(); | 310 static X509_STORE* cert_store(); |
311 #endif | 311 #endif |
312 | 312 |
313 // Verifies that |hostname| matches this certificate. | 313 // Verifies that |hostname| matches this certificate. |
314 // Does not verify that the certificate is valid, only that the certificate | 314 // Does not verify that the certificate is valid, only that the certificate |
315 // matches this host. | 315 // matches this host. |
316 // Returns true if it matches, and updates |*common_name_fallback_used|, | 316 // Returns true if it matches, and updates |*common_name_fallback_used|, |
317 // setting it to true if a fallback to the CN was used, rather than | 317 // setting it to true if a fallback to the CN was used, rather than |
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
406 // Construct an X509Certificate from a handle to the certificate object | 406 // Construct an X509Certificate from a handle to the certificate object |
407 // in the underlying crypto library. | 407 // in the underlying crypto library. |
408 X509Certificate(OSCertHandle cert_handle, | 408 X509Certificate(OSCertHandle cert_handle, |
409 const OSCertHandles& intermediates); | 409 const OSCertHandles& intermediates); |
410 | 410 |
411 ~X509Certificate(); | 411 ~X509Certificate(); |
412 | 412 |
413 // Common object initialization code. Called by the constructors only. | 413 // Common object initialization code. Called by the constructors only. |
414 void Initialize(); | 414 void Initialize(); |
415 | 415 |
416 #if defined(USE_OPENSSL) | 416 #if defined(USE_OPENSSL_CERTS) |
417 // Resets the store returned by cert_store() to default state. Used by | 417 // Resets the store returned by cert_store() to default state. Used by |
418 // TestRootCerts to undo modifications. | 418 // TestRootCerts to undo modifications. |
419 static void ResetCertStore(); | 419 static void ResetCertStore(); |
420 #endif | 420 #endif |
421 | 421 |
422 // Verifies that |hostname| matches one of the certificate names or IP | 422 // Verifies that |hostname| matches one of the certificate names or IP |
423 // addresses supplied, based on TLS name matching rules - specifically, | 423 // addresses supplied, based on TLS name matching rules - specifically, |
424 // following http://tools.ietf.org/html/rfc6125. | 424 // following http://tools.ietf.org/html/rfc6125. |
425 // |cert_common_name| is the Subject CN, e.g. from X509Certificate::subject(). | 425 // |cert_common_name| is the Subject CN, e.g. from X509Certificate::subject(). |
426 // The members of |cert_san_dns_names| and |cert_san_ipaddrs| must be filled | 426 // The members of |cert_san_dns_names| and |cert_san_ipaddrs| must be filled |
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
485 // based on the type of the certificate. | 485 // based on the type of the certificate. |
486 std::string default_nickname_; | 486 std::string default_nickname_; |
487 #endif | 487 #endif |
488 | 488 |
489 DISALLOW_COPY_AND_ASSIGN(X509Certificate); | 489 DISALLOW_COPY_AND_ASSIGN(X509Certificate); |
490 }; | 490 }; |
491 | 491 |
492 } // namespace net | 492 } // namespace net |
493 | 493 |
494 #endif // NET_CERT_X509_CERTIFICATE_H_ | 494 #endif // NET_CERT_X509_CERTIFICATE_H_ |
OLD | NEW |