Add support for parsing certificate formats other than raw, DER-encoded cert...

net/base/x509_certificate.h

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_BASE_X509_CERTIFICATE_H_
 #define NET_BASE_X509_CERTIFICATE_H_
 
 #include <string.h>
 
 #include <string>
@@ skipping 14 matching lines @@
 // Forward declaration; real one in <cert.h>
 struct CERTCertificateStr;
 #endif
 
 class Pickle;
 
 namespace net {
 
 class CertVerifyResult;
 
+typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
+
 // X509Certificate represents an X.509 certificate used by SSL.
 class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
  public:
   // A handle to the certificate object in the underlying crypto library.
   // We assume that OSCertHandle is a pointer type on all platforms and
   // NULL is an invalid OSCertHandle.
 #if defined(OS_WIN)
   typedef PCCERT_CONTEXT OSCertHandle;
 #elif defined(OS_MACOSX)
   typedef SecCertificateRef OSCertHandle;
@@ skipping 20 matching lines @@
     SOURCE_LONE_CERT_IMPORT = 1,  // From importing a certificate without
                                   // its intermediate CA certificates.
     SOURCE_FROM_NETWORK = 2,      // From the network.
   };
 
   enum VerifyFlags {
     VERIFY_REV_CHECKING_ENABLED = 1 << 0,
     VERIFY_EV_CERT = 1 << 1,
   };
 
+  enum Format {
+    // The data contains a single DER-encoded certificate, or a PEM-encoded
+    // DER certificate with the PEM encoding block name of "CERTIFICATE".
+    // Any subsequent blocks will be ignored.
+    FORMAT_SINGLE_CERTIFICATE = 1 << 0,
+
+    // The data contains a sequence of one or more PEM-encoded, DER
+    // certificates, with the PEM encoding block name of "CERTIFICATE".
+    // All PEM blocks will be parsed, until the first error is encountered.
+    FORMAT_PEM_CERT_SEQUENCE = 1 << 1,
+
+    // The data contains a PKCS#7 SignedData structure, whose certificates
+    // member is to be used to initialize the certificate and intermediates.
+    // The data may further be encoded using PEM, specifying block names of
+    // either "PKCS7" or "CERTIFICATE".
+    FORMAT_PKCS7 = 1 << 2,
+
+    // Automatically detect the format.
+    FORMAT_AUTO = FORMAT_SINGLE_CERTIFICATE | FORMAT_PEM_CERT_SEQUENCE |
+                  FORMAT_PKCS7,
+  };
+
   // Create an X509Certificate from a handle to the certificate object in the
   // underlying crypto library. |source| specifies where |cert_handle| comes
   // from.  Given two certificate handles for the same certificate, our
   // certificate cache prefers the handle from the network because our HTTP
   // cache isn't caching the corresponding intermediate CA certificates yet
   // (http://crbug.com/7065).
   // The list of intermediate certificates is ignored under NSS (i.e. Linux.)
   // The returned pointer must be stored in a scoped_refptr<X509Certificate>.
   static X509Certificate* CreateFromHandle(OSCertHandle cert_handle,
       Source source,
       const OSCertHandles& intermediates);
 
-  // Create an X509Certificate from the BER-encoded representation.
+  // Create an X509Certificate from the DER-encoded representation.
   // Returns NULL on failure.
   //
   // The returned pointer must be stored in a scoped_refptr<X509Certificate>.
   static X509Certificate* CreateFromBytes(const char* data, int length);
 
   // Create an X509Certificate from the representation stored in the given
   // pickle.  The data for this object is found relative to the given
   // pickle_iter, which should be passed to the pickle's various Read* methods.
   // Returns NULL on failure.
   //
   // The returned pointer must be stored in a scoped_refptr<X509Certificate>.
   static X509Certificate* CreateFromPickle(const Pickle& pickle,
                                            void** pickle_iter);
 
+  // Parses all of the certificates possible from |data|. |format| is a
+  // bit-wise OR of Format, indicating the possible formats the
+  // certificates may have been serialized as. If an error occurs, an empty
+  // collection will be returned.
+  static CertificateList CreateCertificateListFromBytes(const char* data,
+                                                        int length,
+                                                        int format);
+
   // Creates a X509Certificate from the ground up.  Used by tests that simulate
   // SSL connections.
   X509Certificate(const std::string& subject, const std::string& issuer,
                   base::Time start_date, base::Time expiration_date);
 
   // Appends a representation of this object to the given pickle.
   void Persist(Pickle* pickle);
 
   // The subject of the certificate.  For HTTPS server certificates, this
   // represents the web server.  The common name of the subject should match
@@ skipping 84 matching lines @@
   OSCertHandle os_cert_handle() const { return cert_handle_; }
 
   // Returns true if two OSCertHandles refer to identical certificates.
   static bool IsSameOSCert(OSCertHandle a, OSCertHandle b);
 
   // Creates an OS certificate handle from the BER-encoded representation.
   // Returns NULL on failure.
   static OSCertHandle CreateOSCertHandleFromBytes(const char* data,
                                                   int length);
 
+  // Creates all possible OS certificate handles from |data| encoded in a
+  // specific |format|. Returns an empty collection on failure.
+  static OSCertHandles CreateOSCertHandlesFromBytes(
+      const char* data, int length, Format format);
+
   // Duplicates (or adds a reference to) an OS certificate handle.
   static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle);
 
   // Frees (or releases a reference to) an OS certificate handle.
   static void FreeOSCertHandle(OSCertHandle cert_handle);
 
  private:
   friend class base::RefCountedThreadSafe<X509Certificate>;
   FRIEND_TEST(X509CertificateTest, Cache);
   FRIEND_TEST(X509CertificateTest, IntermediateCertificates);
@@ skipping 48 matching lines @@
 
   // Where the certificate comes from.
   Source source_;
 
   DISALLOW_COPY_AND_ASSIGN(X509Certificate);
 };
 
 }  // namespace net
 
 #endif  // NET_BASE_X509_CERTIFICATE_H_