OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_X509_CERTIFICATE_H_ | 5 #ifndef NET_BASE_X509_CERTIFICATE_H_ |
6 #define NET_BASE_X509_CERTIFICATE_H_ | 6 #define NET_BASE_X509_CERTIFICATE_H_ |
7 | 7 |
8 #include <string.h> | 8 #include <string.h> |
9 | 9 |
10 #include <string> | 10 #include <string> |
(...skipping 14 matching lines...) Expand all Loading... |
25 // Forward declaration; real one in <cert.h> | 25 // Forward declaration; real one in <cert.h> |
26 struct CERTCertificateStr; | 26 struct CERTCertificateStr; |
27 #endif | 27 #endif |
28 | 28 |
29 class Pickle; | 29 class Pickle; |
30 | 30 |
31 namespace net { | 31 namespace net { |
32 | 32 |
33 class CertVerifyResult; | 33 class CertVerifyResult; |
34 | 34 |
35 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; | |
36 | |
37 // X509Certificate represents an X.509 certificate used by SSL. | 35 // X509Certificate represents an X.509 certificate used by SSL. |
38 class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { | 36 class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { |
39 public: | 37 public: |
40 // A handle to the certificate object in the underlying crypto library. | 38 // A handle to the certificate object in the underlying crypto library. |
41 // We assume that OSCertHandle is a pointer type on all platforms and | 39 // We assume that OSCertHandle is a pointer type on all platforms and |
42 // NULL is an invalid OSCertHandle. | 40 // NULL is an invalid OSCertHandle. |
43 #if defined(OS_WIN) | 41 #if defined(OS_WIN) |
44 typedef PCCERT_CONTEXT OSCertHandle; | 42 typedef PCCERT_CONTEXT OSCertHandle; |
45 #elif defined(OS_MACOSX) | 43 #elif defined(OS_MACOSX) |
46 typedef SecCertificateRef OSCertHandle; | 44 typedef SecCertificateRef OSCertHandle; |
(...skipping 20 matching lines...) Expand all Loading... |
67 SOURCE_LONE_CERT_IMPORT = 1, // From importing a certificate without | 65 SOURCE_LONE_CERT_IMPORT = 1, // From importing a certificate without |
68 // its intermediate CA certificates. | 66 // its intermediate CA certificates. |
69 SOURCE_FROM_NETWORK = 2, // From the network. | 67 SOURCE_FROM_NETWORK = 2, // From the network. |
70 }; | 68 }; |
71 | 69 |
72 enum VerifyFlags { | 70 enum VerifyFlags { |
73 VERIFY_REV_CHECKING_ENABLED = 1 << 0, | 71 VERIFY_REV_CHECKING_ENABLED = 1 << 0, |
74 VERIFY_EV_CERT = 1 << 1, | 72 VERIFY_EV_CERT = 1 << 1, |
75 }; | 73 }; |
76 | 74 |
77 enum Format { | |
78 // The data contains a single DER-encoded certificate, or a PEM-encoded | |
79 // DER certificate with the PEM encoding block name of "CERTIFICATE". | |
80 // Any subsequent blocks will be ignored. | |
81 FORMAT_DER = 1 << 0, | |
82 | |
83 // The data contains a sequence of one or more PEM-encoded, DER | |
84 // certificates, with the PEM encoding block name of "CERTIFICATE". | |
85 // All PEM blocks will be parsed, until the first error is encountered. | |
86 FORMAT_PEM = 1 << 1, | |
87 | |
88 // The data contains a PKCS#7 SignedData structure, whose certificates | |
89 // member is to be used to initialize the certificate and intermediates. | |
90 // The data my further be encoding using PEM, specifying block names of | |
91 // either "PKCS7" or "CERTIFICATE". | |
92 FORMAT_PKCS7 = 1 << 2, | |
93 | |
94 // Automatically detect the format. | |
95 FORMAT_AUTO = FORMAT_DER | FORMAT_PEM | FORMAT_PKCS7, | |
96 }; | |
97 | |
98 // Create an X509Certificate from a handle to the certificate object in the | 75 // Create an X509Certificate from a handle to the certificate object in the |
99 // underlying crypto library. |source| specifies where |cert_handle| comes | 76 // underlying crypto library. |source| specifies where |cert_handle| comes |
100 // from. Given two certificate handles for the same certificate, our | 77 // from. Given two certificate handles for the same certificate, our |
101 // certificate cache prefers the handle from the network because our HTTP | 78 // certificate cache prefers the handle from the network because our HTTP |
102 // cache isn't caching the corresponding intermediate CA certificates yet | 79 // cache isn't caching the corresponding intermediate CA certificates yet |
103 // (http://crbug.com/7065). | 80 // (http://crbug.com/7065). |
104 // The list of intermediate certificates is ignored under NSS (i.e. Linux.) | 81 // The list of intermediate certificates is ignored under NSS (i.e. Linux.) |
105 // The returned pointer must be stored in a scoped_refptr<X509Certificate>. | 82 // The returned pointer must be stored in a scoped_refptr<X509Certificate>. |
106 static X509Certificate* CreateFromHandle(OSCertHandle cert_handle, | 83 static X509Certificate* CreateFromHandle(OSCertHandle cert_handle, |
107 Source source, | 84 Source source, |
108 const OSCertHandles& intermediates); | 85 const OSCertHandles& intermediates); |
109 | 86 |
110 // Create an X509Certificate from the DER-encoded representation. | 87 // Create an X509Certificate from the BER-encoded representation. |
111 // Returns NULL on failure. | 88 // Returns NULL on failure. |
112 // | 89 // |
113 // The returned pointer must be stored in a scoped_refptr<X509Certificate>. | 90 // The returned pointer must be stored in a scoped_refptr<X509Certificate>. |
114 static X509Certificate* CreateFromBytes(const char* data, int length); | 91 static X509Certificate* CreateFromBytes(const char* data, int length); |
115 | 92 |
116 // Create an X509Certificate from the representation stored in the given | 93 // Create an X509Certificate from the representation stored in the given |
117 // pickle. The data for this object is found relative to the given | 94 // pickle. The data for this object is found relative to the given |
118 // pickle_iter, which should be passed to the pickle's various Read* methods. | 95 // pickle_iter, which should be passed to the pickle's various Read* methods. |
119 // Returns NULL on failure. | 96 // Returns NULL on failure. |
120 // | 97 // |
121 // The returned pointer must be stored in a scoped_refptr<X509Certificate>. | 98 // The returned pointer must be stored in a scoped_refptr<X509Certificate>. |
122 static X509Certificate* CreateFromPickle(const Pickle& pickle, | 99 static X509Certificate* CreateFromPickle(const Pickle& pickle, |
123 void** pickle_iter); | 100 void** pickle_iter); |
124 | 101 |
125 // Parses all of the certificates possible from |data|. |format| is a | |
126 // bit-wise OR of Format, indicating the possible formats the | |
127 // certificates may have been serialized as. If an error occurs, an empty | |
128 // collection will be returned. | |
129 static CertificateList CreateCertificateListFromBytes(const char* data, | |
130 int length, | |
131 int format); | |
132 | |
133 // Creates a X509Certificate from the ground up. Used by tests that simulate | 102 // Creates a X509Certificate from the ground up. Used by tests that simulate |
134 // SSL connections. | 103 // SSL connections. |
135 X509Certificate(const std::string& subject, const std::string& issuer, | 104 X509Certificate(const std::string& subject, const std::string& issuer, |
136 base::Time start_date, base::Time expiration_date); | 105 base::Time start_date, base::Time expiration_date); |
137 | 106 |
138 // Appends a representation of this object to the given pickle. | 107 // Appends a representation of this object to the given pickle. |
139 void Persist(Pickle* pickle); | 108 void Persist(Pickle* pickle); |
140 | 109 |
141 // The subject of the certificate. For HTTPS server certificates, this | 110 // The subject of the certificate. For HTTPS server certificates, this |
142 // represents the web server. The common name of the subject should match | 111 // represents the web server. The common name of the subject should match |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
227 OSCertHandle os_cert_handle() const { return cert_handle_; } | 196 OSCertHandle os_cert_handle() const { return cert_handle_; } |
228 | 197 |
229 // Returns true if two OSCertHandles refer to identical certificates. | 198 // Returns true if two OSCertHandles refer to identical certificates. |
230 static bool IsSameOSCert(OSCertHandle a, OSCertHandle b); | 199 static bool IsSameOSCert(OSCertHandle a, OSCertHandle b); |
231 | 200 |
232 // Creates an OS certificate handle from the BER-encoded representation. | 201 // Creates an OS certificate handle from the BER-encoded representation. |
233 // Returns NULL on failure. | 202 // Returns NULL on failure. |
234 static OSCertHandle CreateOSCertHandleFromBytes(const char* data, | 203 static OSCertHandle CreateOSCertHandleFromBytes(const char* data, |
235 int length); | 204 int length); |
236 | 205 |
237 // Creates all possible OS certificate handles from |data| encoded in a | |
238 // specific |format|. Returns an empty collection on failure. | |
239 static OSCertHandles CreateOSCertHandlesFromBytes( | |
240 const char* data, int length, Format format); | |
241 | |
242 // Duplicates (or adds a reference to) an OS certificate handle. | 206 // Duplicates (or adds a reference to) an OS certificate handle. |
243 static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle); | 207 static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle); |
244 | 208 |
245 // Frees (or releases a reference to) an OS certificate handle. | 209 // Frees (or releases a reference to) an OS certificate handle. |
246 static void FreeOSCertHandle(OSCertHandle cert_handle); | 210 static void FreeOSCertHandle(OSCertHandle cert_handle); |
247 | 211 |
248 private: | 212 private: |
249 friend class base::RefCountedThreadSafe<X509Certificate>; | 213 friend class base::RefCountedThreadSafe<X509Certificate>; |
250 FRIEND_TEST(X509CertificateTest, Cache); | 214 FRIEND_TEST(X509CertificateTest, Cache); |
251 FRIEND_TEST(X509CertificateTest, IntermediateCertificates); | 215 FRIEND_TEST(X509CertificateTest, IntermediateCertificates); |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
300 | 264 |
301 // Where the certificate comes from. | 265 // Where the certificate comes from. |
302 Source source_; | 266 Source source_; |
303 | 267 |
304 DISALLOW_COPY_AND_ASSIGN(X509Certificate); | 268 DISALLOW_COPY_AND_ASSIGN(X509Certificate); |
305 }; | 269 }; |
306 | 270 |
307 } // namespace net | 271 } // namespace net |
308 | 272 |
309 #endif // NET_BASE_X509_CERTIFICATE_H_ | 273 #endif // NET_BASE_X509_CERTIFICATE_H_ |
OLD | NEW |