| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_X509_CERTIFICATE_H_ | 5 #ifndef NET_CERT_X509_CERTIFICATE_H_ |
| 6 #define NET_CERT_X509_CERTIFICATE_H_ | 6 #define NET_CERT_X509_CERTIFICATE_H_ |
| 7 | 7 |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <string> | 10 #include <string> |
| 11 #include <vector> | 11 #include <vector> |
| 12 | 12 |
| 13 #include "base/gtest_prod_util.h" | 13 #include "base/gtest_prod_util.h" |
| 14 #include "base/memory/ref_counted.h" | 14 #include "base/memory/ref_counted.h" |
| 15 #include "base/strings/string_piece.h" | 15 #include "base/strings/string_piece.h" |
| 16 #include "base/time/time.h" | 16 #include "base/time/time.h" |
| 17 #include "net/base/net_export.h" | 17 #include "net/base/net_export.h" |
| 18 #include "net/cert/cert_type.h" | 18 #include "net/cert/cert_type.h" |
| 19 #include "net/cert/x509_cert_types.h" | 19 #include "net/cert/x509_cert_types.h" |
| 20 | 20 |
| 21 #if defined(OS_WIN) | 21 #if defined(OS_WIN) |
| 22 #include <windows.h> | 22 #include <windows.h> |
| 23 #include <wincrypt.h> | 23 #include <wincrypt.h> |
| 24 #elif defined(OS_MACOSX) | 24 #elif defined(OS_MACOSX) |
| 25 #include <CoreFoundation/CFArray.h> | 25 #include <CoreFoundation/CFArray.h> |
| 26 #include <Security/SecBase.h> | 26 #include <Security/SecBase.h> |
| 27 | 27 |
| 28 #elif defined(USE_OPENSSL) | 28 #elif defined(USE_OPENSSL_CERTS) |
| 29 // Forward declaration; real one in <x509.h> | 29 // Forward declaration; real one in <x509.h> |
| 30 typedef struct x509_st X509; | 30 typedef struct x509_st X509; |
| 31 typedef struct x509_store_st X509_STORE; | 31 typedef struct x509_store_st X509_STORE; |
| 32 #elif defined(USE_NSS) | 32 #elif defined(USE_NSS) |
| 33 // Forward declaration; real one in <cert.h> | 33 // Forward declaration; real one in <cert.h> |
| 34 struct CERTCertificateStr; | 34 struct CERTCertificateStr; |
| 35 #endif | 35 #endif |
| 36 | 36 |
| 37 class Pickle; | 37 class Pickle; |
| 38 class PickleIterator; | 38 class PickleIterator; |
| (...skipping 12 matching lines...) Expand all Loading... |
| 51 class NET_EXPORT X509Certificate | 51 class NET_EXPORT X509Certificate |
| 52 : public base::RefCountedThreadSafe<X509Certificate> { | 52 : public base::RefCountedThreadSafe<X509Certificate> { |
| 53 public: | 53 public: |
| 54 // An OSCertHandle is a handle to a certificate object in the underlying | 54 // An OSCertHandle is a handle to a certificate object in the underlying |
| 55 // crypto library. We assume that OSCertHandle is a pointer type on all | 55 // crypto library. We assume that OSCertHandle is a pointer type on all |
| 56 // platforms and that NULL represents an invalid OSCertHandle. | 56 // platforms and that NULL represents an invalid OSCertHandle. |
| 57 #if defined(OS_WIN) | 57 #if defined(OS_WIN) |
| 58 typedef PCCERT_CONTEXT OSCertHandle; | 58 typedef PCCERT_CONTEXT OSCertHandle; |
| 59 #elif defined(OS_MACOSX) | 59 #elif defined(OS_MACOSX) |
| 60 typedef SecCertificateRef OSCertHandle; | 60 typedef SecCertificateRef OSCertHandle; |
| 61 #elif defined(USE_OPENSSL) | 61 #elif defined(USE_OPENSSL_CERTS) |
| 62 typedef X509* OSCertHandle; | 62 typedef X509* OSCertHandle; |
| 63 #elif defined(USE_NSS) | 63 #elif defined(USE_NSS) |
| 64 typedef struct CERTCertificateStr* OSCertHandle; | 64 typedef struct CERTCertificateStr* OSCertHandle; |
| 65 #else | 65 #else |
| 66 // TODO(ericroman): not implemented | 66 // TODO(ericroman): not implemented |
| 67 typedef void* OSCertHandle; | 67 typedef void* OSCertHandle; |
| 68 #endif | 68 #endif |
| 69 | 69 |
| 70 typedef std::vector<OSCertHandle> OSCertHandles; | 70 typedef std::vector<OSCertHandle> OSCertHandles; |
| 71 | 71 |
| (...skipping 225 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 297 // obtain its own, rather than risk thread-safety issues by sharing. | 297 // obtain its own, rather than risk thread-safety issues by sharing. |
| 298 // | 298 // |
| 299 // Because of how X509Certificate caching is implemented, attempting to | 299 // Because of how X509Certificate caching is implemented, attempting to |
| 300 // create an X509Certificate from the returned PCCERT_CONTEXT may result in | 300 // create an X509Certificate from the returned PCCERT_CONTEXT may result in |
| 301 // the original handle (and thus the originall HCERTSTORE) being returned by | 301 // the original handle (and thus the originall HCERTSTORE) being returned by |
| 302 // os_cert_handle(). For this reason, the returned PCCERT_CONTEXT *MUST NOT* | 302 // os_cert_handle(). For this reason, the returned PCCERT_CONTEXT *MUST NOT* |
| 303 // be stored in an X509Certificate. | 303 // be stored in an X509Certificate. |
| 304 PCCERT_CONTEXT CreateOSCertChainForCert() const; | 304 PCCERT_CONTEXT CreateOSCertChainForCert() const; |
| 305 #endif | 305 #endif |
| 306 | 306 |
| 307 #if defined(USE_OPENSSL) | 307 #if defined(USE_OPENSSL_CERTS) |
| 308 // Returns a handle to a global, in-memory certificate store. We | 308 // Returns a handle to a global, in-memory certificate store. We |
| 309 // use it for test code, e.g. importing the test server's certificate. | 309 // use it for test code, e.g. importing the test server's certificate. |
| 310 static X509_STORE* cert_store(); | 310 static X509_STORE* cert_store(); |
| 311 #endif | 311 #endif |
| 312 | 312 |
| 313 // Verifies that |hostname| matches this certificate. | 313 // Verifies that |hostname| matches this certificate. |
| 314 // Does not verify that the certificate is valid, only that the certificate | 314 // Does not verify that the certificate is valid, only that the certificate |
| 315 // matches this host. | 315 // matches this host. |
| 316 // Returns true if it matches, and updates |*common_name_fallback_used|, | 316 // Returns true if it matches, and updates |*common_name_fallback_used|, |
| 317 // setting it to true if a fallback to the CN was used, rather than | 317 // setting it to true if a fallback to the CN was used, rather than |
| (...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 406 // Construct an X509Certificate from a handle to the certificate object | 406 // Construct an X509Certificate from a handle to the certificate object |
| 407 // in the underlying crypto library. | 407 // in the underlying crypto library. |
| 408 X509Certificate(OSCertHandle cert_handle, | 408 X509Certificate(OSCertHandle cert_handle, |
| 409 const OSCertHandles& intermediates); | 409 const OSCertHandles& intermediates); |
| 410 | 410 |
| 411 ~X509Certificate(); | 411 ~X509Certificate(); |
| 412 | 412 |
| 413 // Common object initialization code. Called by the constructors only. | 413 // Common object initialization code. Called by the constructors only. |
| 414 void Initialize(); | 414 void Initialize(); |
| 415 | 415 |
| 416 #if defined(USE_OPENSSL) | 416 #if defined(USE_OPENSSL_CERTS) |
| 417 // Resets the store returned by cert_store() to default state. Used by | 417 // Resets the store returned by cert_store() to default state. Used by |
| 418 // TestRootCerts to undo modifications. | 418 // TestRootCerts to undo modifications. |
| 419 static void ResetCertStore(); | 419 static void ResetCertStore(); |
| 420 #endif | 420 #endif |
| 421 | 421 |
| 422 // Verifies that |hostname| matches one of the certificate names or IP | 422 // Verifies that |hostname| matches one of the certificate names or IP |
| 423 // addresses supplied, based on TLS name matching rules - specifically, | 423 // addresses supplied, based on TLS name matching rules - specifically, |
| 424 // following http://tools.ietf.org/html/rfc6125. | 424 // following http://tools.ietf.org/html/rfc6125. |
| 425 // |cert_common_name| is the Subject CN, e.g. from X509Certificate::subject(). | 425 // |cert_common_name| is the Subject CN, e.g. from X509Certificate::subject(). |
| 426 // The members of |cert_san_dns_names| and |cert_san_ipaddrs| must be filled | 426 // The members of |cert_san_dns_names| and |cert_san_ipaddrs| must be filled |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 485 // based on the type of the certificate. | 485 // based on the type of the certificate. |
| 486 std::string default_nickname_; | 486 std::string default_nickname_; |
| 487 #endif | 487 #endif |
| 488 | 488 |
| 489 DISALLOW_COPY_AND_ASSIGN(X509Certificate); | 489 DISALLOW_COPY_AND_ASSIGN(X509Certificate); |
| 490 }; | 490 }; |
| 491 | 491 |
| 492 } // namespace net | 492 } // namespace net |
| 493 | 493 |
| 494 #endif // NET_CERT_X509_CERTIFICATE_H_ | 494 #endif // NET_CERT_X509_CERTIFICATE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 206453002:
Introduce USE_OPENSSL_CERTS for certificate handling. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master