Add support for parsing certificate formats other than raw, DER-encoded cert...

net/base/x509_certificate.h

Index: net/base/x509_certificate.h
diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h
index d6b3447d92867dfc7dd5a05cf262b7bbf8468663..7ae26046e049a2b31cbfd75ea2b9c700c3382177 100644
--- a/net/base/x509_certificate.h
+++ b/net/base/x509_certificate.h
@@ -32,6 +32,8 @@ namespace net {
 
 class CertVerifyResult;
 
+typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
+
 // X509Certificate represents an X.509 certificate used by SSL.
 class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
  public:
@@ -72,6 +74,28 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
     VERIFY_EV_CERT = 1 << 1,
   };
 
+  enum Format {
+    // The data contains a single DER-encoded certificate, or a PEM-encoded
+    // DER certificate with the PEM encoding block name of "CERTIFICATE".
+    // Any subsequent blocks will be ignored.
+    FORMAT_SINGLE_CERTIFICATE = 1 << 0,
+
+    // The data contains a sequence of one or more PEM-encoded, DER
+    // certificates, with the PEM encoding block name of "CERTIFICATE".
+    // All PEM blocks will be parsed, until the first error is encountered.
+    FORMAT_PEM_CERT_SEQUENCE = 1 << 1,
+
+    // The data contains a PKCS#7 SignedData structure, whose certificates
+    // member is to be used to initialize the certificate and intermediates.
+    // The data may further be encoded using PEM, specifying block names of
+    // either "PKCS7" or "CERTIFICATE".
+    FORMAT_PKCS7 = 1 << 2,
+
+    // Automatically detect the format.
+    FORMAT_AUTO = FORMAT_SINGLE_CERTIFICATE | FORMAT_PEM_CERT_SEQUENCE |
+                  FORMAT_PKCS7,
+  };
+
   // Create an X509Certificate from a handle to the certificate object in the
   // underlying crypto library. |source| specifies where |cert_handle| comes
   // from.  Given two certificate handles for the same certificate, our
@@ -84,7 +108,7 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
       Source source,
       const OSCertHandles& intermediates);
 
-  // Create an X509Certificate from the BER-encoded representation.
+  // Create an X509Certificate from the DER-encoded representation.
   // Returns NULL on failure.
   //
   // The returned pointer must be stored in a scoped_refptr<X509Certificate>.
@@ -99,6 +123,14 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
   static X509Certificate* CreateFromPickle(const Pickle& pickle,
                                            void** pickle_iter);
 
+  // Parses all of the certificates possible from |data|. |format| is a
+  // bit-wise OR of Format, indicating the possible formats the
+  // certificates may have been serialized as. If an error occurs, an empty
+  // collection will be returned.
+  static CertificateList CreateCertificateListFromBytes(const char* data,
+                                                        int length,
+                                                        int format);
+
   // Creates a X509Certificate from the ground up.  Used by tests that simulate
   // SSL connections.
   X509Certificate(const std::string& subject, const std::string& issuer,
@@ -203,6 +235,11 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
   static OSCertHandle CreateOSCertHandleFromBytes(const char* data,
                                                   int length);
 
+  // Creates all possible OS certificate handles from |data| encoded in a
+  // specific |format|. Returns an empty collection on failure.
+  static OSCertHandles CreateOSCertHandlesFromBytes(
+      const char* data, int length, Format format);
+
   // Duplicates (or adds a reference to) an OS certificate handle.
   static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle);