| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_X509_CERTIFICATE_H_ | 5 #ifndef NET_CERT_X509_CERTIFICATE_H_ |
| 6 #define NET_CERT_X509_CERTIFICATE_H_ | 6 #define NET_CERT_X509_CERTIFICATE_H_ |
| 7 | 7 |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 #include <string.h> | 9 #include <string.h> |
| 10 | 10 |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 73 | 73 |
| 74 enum PublicKeyType { | 74 enum PublicKeyType { |
| 75 kPublicKeyTypeUnknown, | 75 kPublicKeyTypeUnknown, |
| 76 kPublicKeyTypeRSA, | 76 kPublicKeyTypeRSA, |
| 77 kPublicKeyTypeDSA, | 77 kPublicKeyTypeDSA, |
| 78 kPublicKeyTypeECDSA, | 78 kPublicKeyTypeECDSA, |
| 79 kPublicKeyTypeDH, | 79 kPublicKeyTypeDH, |
| 80 kPublicKeyTypeECDH | 80 kPublicKeyTypeECDH |
| 81 }; | 81 }; |
| 82 | 82 |
| 83 enum SignatureHashAlgorithm { | |
| 84 kSignatureHashAlgorithmMd2, | |
| 85 kSignatureHashAlgorithmMd4, | |
| 86 kSignatureHashAlgorithmMd5, | |
| 87 kSignatureHashAlgorithmSha1, | |
| 88 kSignatureHashAlgorithmOther, | |
| 89 }; | |
| 90 | |
| 91 enum Format { | 83 enum Format { |
| 92 // The data contains a single DER-encoded certificate, or a PEM-encoded | 84 // The data contains a single DER-encoded certificate, or a PEM-encoded |
| 93 // DER certificate with the PEM encoding block name of "CERTIFICATE". | 85 // DER certificate with the PEM encoding block name of "CERTIFICATE". |
| 94 // Any subsequent blocks will be ignored. | 86 // Any subsequent blocks will be ignored. |
| 95 FORMAT_SINGLE_CERTIFICATE = 1 << 0, | 87 FORMAT_SINGLE_CERTIFICATE = 1 << 0, |
| 96 | 88 |
| 97 // The data contains a sequence of one or more PEM-encoded, DER | 89 // The data contains a sequence of one or more PEM-encoded, DER |
| 98 // certificates, with the PEM encoding block name of "CERTIFICATE". | 90 // certificates, with the PEM encoding block name of "CERTIFICATE". |
| 99 // All PEM blocks will be parsed, until the first error is encountered. | 91 // All PEM blocks will be parsed, until the first error is encountered. |
| 100 FORMAT_PEM_CERT_SEQUENCE = 1 << 1, | 92 FORMAT_PEM_CERT_SEQUENCE = 1 << 1, |
| (...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 316 // the first element. | 308 // the first element. |
| 317 bool GetPEMEncodedChain(std::vector<std::string>* pem_encoded) const; | 309 bool GetPEMEncodedChain(std::vector<std::string>* pem_encoded) const; |
| 318 | 310 |
| 319 // Sets |*size_bits| to be the length of the public key in bits, and sets | 311 // Sets |*size_bits| to be the length of the public key in bits, and sets |
| 320 // |*type| to one of the |PublicKeyType| values. In case of | 312 // |*type| to one of the |PublicKeyType| values. In case of |
| 321 // |kPublicKeyTypeUnknown|, |*size_bits| will be set to 0. | 313 // |kPublicKeyTypeUnknown|, |*size_bits| will be set to 0. |
| 322 static void GetPublicKeyInfo(OSCertHandle cert_handle, | 314 static void GetPublicKeyInfo(OSCertHandle cert_handle, |
| 323 size_t* size_bits, | 315 size_t* size_bits, |
| 324 PublicKeyType* type); | 316 PublicKeyType* type); |
| 325 | 317 |
| 326 // Returns the digest algorithm used in |cert_handle|'s signature. | |
| 327 // If the digest algorithm cannot be determined, or if it is not one | |
| 328 // of the explicitly enumerated values, kSignatureHashAlgorithmOther | |
| 329 // will be returned. | |
| 330 // NOTE: No validation of the signature is performed, and thus invalid | |
| 331 // signatures may result in seemingly meaningful values. | |
| 332 static SignatureHashAlgorithm GetSignatureHashAlgorithm( | |
| 333 OSCertHandle cert_handle); | |
| 334 | |
| 335 // Returns the OSCertHandle of this object. Because of caching, this may | 318 // Returns the OSCertHandle of this object. Because of caching, this may |
| 336 // differ from the OSCertHandle originally supplied during initialization. | 319 // differ from the OSCertHandle originally supplied during initialization. |
| 337 // Note: On Windows, CryptoAPI may return unexpected results if this handle | 320 // Note: On Windows, CryptoAPI may return unexpected results if this handle |
| 338 // is used across multiple threads. For more details, see | 321 // is used across multiple threads. For more details, see |
| 339 // CreateOSCertChainForCert(). | 322 // CreateOSCertChainForCert(). |
| 340 OSCertHandle os_cert_handle() const { return cert_handle_; } | 323 OSCertHandle os_cert_handle() const { return cert_handle_; } |
| 341 | 324 |
| 342 // Returns true if two OSCertHandles refer to identical certificates. | 325 // Returns true if two OSCertHandles refer to identical certificates. |
| 343 static bool IsSameOSCert(OSCertHandle a, OSCertHandle b); | 326 static bool IsSameOSCert(OSCertHandle a, OSCertHandle b); |
| 344 | 327 |
| (...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 465 // Untrusted intermediate certificates associated with this certificate | 448 // Untrusted intermediate certificates associated with this certificate |
| 466 // that may be needed for chain building. | 449 // that may be needed for chain building. |
| 467 OSCertHandles intermediate_ca_certs_; | 450 OSCertHandles intermediate_ca_certs_; |
| 468 | 451 |
| 469 DISALLOW_COPY_AND_ASSIGN(X509Certificate); | 452 DISALLOW_COPY_AND_ASSIGN(X509Certificate); |
| 470 }; | 453 }; |
| 471 | 454 |
| 472 } // namespace net | 455 } // namespace net |
| 473 | 456 |
| 474 #endif // NET_CERT_X509_CERTIFICATE_H_ | 457 #endif // NET_CERT_X509_CERTIFICATE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2750723002:
Check TBSCertificate.algorithm and Certificate.signatureAlgorithm for consistency when verifying ce… (Closed)
