Index: net/base/x509_certificate.h |
diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h |
index d6b3447d92867dfc7dd5a05cf262b7bbf8468663..7ae26046e049a2b31cbfd75ea2b9c700c3382177 100644 |
--- a/net/base/x509_certificate.h |
+++ b/net/base/x509_certificate.h |
@@ -32,6 +32,8 @@ namespace net { |
class CertVerifyResult; |
+typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; |
+ |
// X509Certificate represents an X.509 certificate used by SSL. |
class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { |
public: |
@@ -72,6 +74,28 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { |
VERIFY_EV_CERT = 1 << 1, |
}; |
+ enum Format { |
+ // The data contains a single DER-encoded certificate, or a PEM-encoded |
+ // DER certificate with the PEM encoding block name of "CERTIFICATE". |
+ // Any subsequent blocks will be ignored. |
+ FORMAT_SINGLE_CERTIFICATE = 1 << 0, |
+ |
+ // The data contains a sequence of one or more PEM-encoded, DER |
+ // certificates, with the PEM encoding block name of "CERTIFICATE". |
+ // All PEM blocks will be parsed, until the first error is encountered. |
+ FORMAT_PEM_CERT_SEQUENCE = 1 << 1, |
+ |
+ // The data contains a PKCS#7 SignedData structure, whose certificates |
+ // member is to be used to initialize the certificate and intermediates. |
+ // The data may further be encoded using PEM, specifying block names of |
+ // either "PKCS7" or "CERTIFICATE". |
+ FORMAT_PKCS7 = 1 << 2, |
+ |
+ // Automatically detect the format. |
+ FORMAT_AUTO = FORMAT_SINGLE_CERTIFICATE | FORMAT_PEM_CERT_SEQUENCE | |
+ FORMAT_PKCS7, |
+ }; |
+ |
// Create an X509Certificate from a handle to the certificate object in the |
// underlying crypto library. |source| specifies where |cert_handle| comes |
// from. Given two certificate handles for the same certificate, our |
@@ -84,7 +108,7 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { |
Source source, |
const OSCertHandles& intermediates); |
- // Create an X509Certificate from the BER-encoded representation. |
+ // Create an X509Certificate from the DER-encoded representation. |
// Returns NULL on failure. |
// |
// The returned pointer must be stored in a scoped_refptr<X509Certificate>. |
@@ -99,6 +123,14 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { |
static X509Certificate* CreateFromPickle(const Pickle& pickle, |
void** pickle_iter); |
+ // Parses all of the certificates possible from |data|. |format| is a |
+ // bit-wise OR of Format, indicating the possible formats the |
+ // certificates may have been serialized as. If an error occurs, an empty |
+ // collection will be returned. |
+ static CertificateList CreateCertificateListFromBytes(const char* data, |
+ int length, |
+ int format); |
+ |
// Creates a X509Certificate from the ground up. Used by tests that simulate |
// SSL connections. |
X509Certificate(const std::string& subject, const std::string& issuer, |
@@ -203,6 +235,11 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { |
static OSCertHandle CreateOSCertHandleFromBytes(const char* data, |
int length); |
+ // Creates all possible OS certificate handles from |data| encoded in a |
+ // specific |format|. Returns an empty collection on failure. |
+ static OSCertHandles CreateOSCertHandlesFromBytes( |
+ const char* data, int length, Format format); |
+ |
// Duplicates (or adds a reference to) an OS certificate handle. |
static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle); |