OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_X509_CERTIFICATE_H_ | 5 #ifndef NET_BASE_X509_CERTIFICATE_H_ |
6 #define NET_BASE_X509_CERTIFICATE_H_ | 6 #define NET_BASE_X509_CERTIFICATE_H_ |
7 | 7 |
8 #include <string.h> | 8 #include <string.h> |
9 | 9 |
10 #include <string> | 10 #include <string> |
(...skipping 14 matching lines...) Expand all Loading... |
25 // Forward declaration; real one in <cert.h> | 25 // Forward declaration; real one in <cert.h> |
26 struct CERTCertificateStr; | 26 struct CERTCertificateStr; |
27 #endif | 27 #endif |
28 | 28 |
29 class Pickle; | 29 class Pickle; |
30 | 30 |
31 namespace net { | 31 namespace net { |
32 | 32 |
33 class CertVerifyResult; | 33 class CertVerifyResult; |
34 | 34 |
| 35 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; |
| 36 |
35 // X509Certificate represents an X.509 certificate used by SSL. | 37 // X509Certificate represents an X.509 certificate used by SSL. |
36 class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { | 38 class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { |
37 public: | 39 public: |
38 // A handle to the certificate object in the underlying crypto library. | 40 // A handle to the certificate object in the underlying crypto library. |
39 // We assume that OSCertHandle is a pointer type on all platforms and | 41 // We assume that OSCertHandle is a pointer type on all platforms and |
40 // NULL is an invalid OSCertHandle. | 42 // NULL is an invalid OSCertHandle. |
41 #if defined(OS_WIN) | 43 #if defined(OS_WIN) |
42 typedef PCCERT_CONTEXT OSCertHandle; | 44 typedef PCCERT_CONTEXT OSCertHandle; |
43 #elif defined(OS_MACOSX) | 45 #elif defined(OS_MACOSX) |
44 typedef SecCertificateRef OSCertHandle; | 46 typedef SecCertificateRef OSCertHandle; |
(...skipping 20 matching lines...) Expand all Loading... |
65 SOURCE_LONE_CERT_IMPORT = 1, // From importing a certificate without | 67 SOURCE_LONE_CERT_IMPORT = 1, // From importing a certificate without |
66 // its intermediate CA certificates. | 68 // its intermediate CA certificates. |
67 SOURCE_FROM_NETWORK = 2, // From the network. | 69 SOURCE_FROM_NETWORK = 2, // From the network. |
68 }; | 70 }; |
69 | 71 |
70 enum VerifyFlags { | 72 enum VerifyFlags { |
71 VERIFY_REV_CHECKING_ENABLED = 1 << 0, | 73 VERIFY_REV_CHECKING_ENABLED = 1 << 0, |
72 VERIFY_EV_CERT = 1 << 1, | 74 VERIFY_EV_CERT = 1 << 1, |
73 }; | 75 }; |
74 | 76 |
| 77 enum Format { |
| 78 // The data contains a single DER-encoded certificate, or a PEM-encoded |
| 79 // DER certificate with the PEM encoding block name of "CERTIFICATE". |
| 80 // Any subsequent blocks will be ignored. |
| 81 FORMAT_SINGLE_CERTIFICATE = 1 << 0, |
| 82 |
| 83 // The data contains a sequence of one or more PEM-encoded, DER |
| 84 // certificates, with the PEM encoding block name of "CERTIFICATE". |
| 85 // All PEM blocks will be parsed, until the first error is encountered. |
| 86 FORMAT_PEM_CERT_SEQUENCE = 1 << 1, |
| 87 |
| 88 // The data contains a PKCS#7 SignedData structure, whose certificates |
| 89 // member is to be used to initialize the certificate and intermediates. |
| 90 // The data may further be encoded using PEM, specifying block names of |
| 91 // either "PKCS7" or "CERTIFICATE". |
| 92 FORMAT_PKCS7 = 1 << 2, |
| 93 |
| 94 // Automatically detect the format. |
| 95 FORMAT_AUTO = FORMAT_SINGLE_CERTIFICATE | FORMAT_PEM_CERT_SEQUENCE | |
| 96 FORMAT_PKCS7, |
| 97 }; |
| 98 |
75 // Create an X509Certificate from a handle to the certificate object in the | 99 // Create an X509Certificate from a handle to the certificate object in the |
76 // underlying crypto library. |source| specifies where |cert_handle| comes | 100 // underlying crypto library. |source| specifies where |cert_handle| comes |
77 // from. Given two certificate handles for the same certificate, our | 101 // from. Given two certificate handles for the same certificate, our |
78 // certificate cache prefers the handle from the network because our HTTP | 102 // certificate cache prefers the handle from the network because our HTTP |
79 // cache isn't caching the corresponding intermediate CA certificates yet | 103 // cache isn't caching the corresponding intermediate CA certificates yet |
80 // (http://crbug.com/7065). | 104 // (http://crbug.com/7065). |
81 // The list of intermediate certificates is ignored under NSS (i.e. Linux.) | 105 // The list of intermediate certificates is ignored under NSS (i.e. Linux.) |
82 // The returned pointer must be stored in a scoped_refptr<X509Certificate>. | 106 // The returned pointer must be stored in a scoped_refptr<X509Certificate>. |
83 static X509Certificate* CreateFromHandle(OSCertHandle cert_handle, | 107 static X509Certificate* CreateFromHandle(OSCertHandle cert_handle, |
84 Source source, | 108 Source source, |
85 const OSCertHandles& intermediates); | 109 const OSCertHandles& intermediates); |
86 | 110 |
87 // Create an X509Certificate from the BER-encoded representation. | 111 // Create an X509Certificate from the DER-encoded representation. |
88 // Returns NULL on failure. | 112 // Returns NULL on failure. |
89 // | 113 // |
90 // The returned pointer must be stored in a scoped_refptr<X509Certificate>. | 114 // The returned pointer must be stored in a scoped_refptr<X509Certificate>. |
91 static X509Certificate* CreateFromBytes(const char* data, int length); | 115 static X509Certificate* CreateFromBytes(const char* data, int length); |
92 | 116 |
93 // Create an X509Certificate from the representation stored in the given | 117 // Create an X509Certificate from the representation stored in the given |
94 // pickle. The data for this object is found relative to the given | 118 // pickle. The data for this object is found relative to the given |
95 // pickle_iter, which should be passed to the pickle's various Read* methods. | 119 // pickle_iter, which should be passed to the pickle's various Read* methods. |
96 // Returns NULL on failure. | 120 // Returns NULL on failure. |
97 // | 121 // |
98 // The returned pointer must be stored in a scoped_refptr<X509Certificate>. | 122 // The returned pointer must be stored in a scoped_refptr<X509Certificate>. |
99 static X509Certificate* CreateFromPickle(const Pickle& pickle, | 123 static X509Certificate* CreateFromPickle(const Pickle& pickle, |
100 void** pickle_iter); | 124 void** pickle_iter); |
101 | 125 |
| 126 // Parses all of the certificates possible from |data|. |format| is a |
| 127 // bit-wise OR of Format, indicating the possible formats the |
| 128 // certificates may have been serialized as. If an error occurs, an empty |
| 129 // collection will be returned. |
| 130 static CertificateList CreateCertificateListFromBytes(const char* data, |
| 131 int length, |
| 132 int format); |
| 133 |
102 // Creates a X509Certificate from the ground up. Used by tests that simulate | 134 // Creates a X509Certificate from the ground up. Used by tests that simulate |
103 // SSL connections. | 135 // SSL connections. |
104 X509Certificate(const std::string& subject, const std::string& issuer, | 136 X509Certificate(const std::string& subject, const std::string& issuer, |
105 base::Time start_date, base::Time expiration_date); | 137 base::Time start_date, base::Time expiration_date); |
106 | 138 |
107 // Appends a representation of this object to the given pickle. | 139 // Appends a representation of this object to the given pickle. |
108 void Persist(Pickle* pickle); | 140 void Persist(Pickle* pickle); |
109 | 141 |
110 // The subject of the certificate. For HTTPS server certificates, this | 142 // The subject of the certificate. For HTTPS server certificates, this |
111 // represents the web server. The common name of the subject should match | 143 // represents the web server. The common name of the subject should match |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
196 OSCertHandle os_cert_handle() const { return cert_handle_; } | 228 OSCertHandle os_cert_handle() const { return cert_handle_; } |
197 | 229 |
198 // Returns true if two OSCertHandles refer to identical certificates. | 230 // Returns true if two OSCertHandles refer to identical certificates. |
199 static bool IsSameOSCert(OSCertHandle a, OSCertHandle b); | 231 static bool IsSameOSCert(OSCertHandle a, OSCertHandle b); |
200 | 232 |
201 // Creates an OS certificate handle from the BER-encoded representation. | 233 // Creates an OS certificate handle from the BER-encoded representation. |
202 // Returns NULL on failure. | 234 // Returns NULL on failure. |
203 static OSCertHandle CreateOSCertHandleFromBytes(const char* data, | 235 static OSCertHandle CreateOSCertHandleFromBytes(const char* data, |
204 int length); | 236 int length); |
205 | 237 |
| 238 // Creates all possible OS certificate handles from |data| encoded in a |
| 239 // specific |format|. Returns an empty collection on failure. |
| 240 static OSCertHandles CreateOSCertHandlesFromBytes( |
| 241 const char* data, int length, Format format); |
| 242 |
206 // Duplicates (or adds a reference to) an OS certificate handle. | 243 // Duplicates (or adds a reference to) an OS certificate handle. |
207 static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle); | 244 static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle); |
208 | 245 |
209 // Frees (or releases a reference to) an OS certificate handle. | 246 // Frees (or releases a reference to) an OS certificate handle. |
210 static void FreeOSCertHandle(OSCertHandle cert_handle); | 247 static void FreeOSCertHandle(OSCertHandle cert_handle); |
211 | 248 |
212 private: | 249 private: |
213 friend class base::RefCountedThreadSafe<X509Certificate>; | 250 friend class base::RefCountedThreadSafe<X509Certificate>; |
214 FRIEND_TEST(X509CertificateTest, Cache); | 251 FRIEND_TEST(X509CertificateTest, Cache); |
215 FRIEND_TEST(X509CertificateTest, IntermediateCertificates); | 252 FRIEND_TEST(X509CertificateTest, IntermediateCertificates); |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
264 | 301 |
265 // Where the certificate comes from. | 302 // Where the certificate comes from. |
266 Source source_; | 303 Source source_; |
267 | 304 |
268 DISALLOW_COPY_AND_ASSIGN(X509Certificate); | 305 DISALLOW_COPY_AND_ASSIGN(X509Certificate); |
269 }; | 306 }; |
270 | 307 |
271 } // namespace net | 308 } // namespace net |
272 | 309 |
273 #endif // NET_BASE_X509_CERTIFICATE_H_ | 310 #endif // NET_BASE_X509_CERTIFICATE_H_ |
OLD | NEW |