mirror of
https://github.com/klzgrad/naiveproxy.git
synced 2024-11-28 08:16:09 +03:00
167 lines
7.2 KiB
C++
167 lines
7.2 KiB
C++
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#ifndef NET_CERT_X509_UTIL_NSS_H_
|
|
#define NET_CERT_X509_UTIL_NSS_H_
|
|
|
|
#include <stddef.h>
|
|
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
#include "net/base/net_export.h"
|
|
#include "net/cert/cert_type.h"
|
|
#include "net/cert/scoped_nss_types.h"
|
|
#include "net/cert/x509_certificate.h"
|
|
|
|
typedef struct CERTCertificateStr CERTCertificate;
|
|
typedef struct CERTNameStr CERTName;
|
|
typedef struct PK11SlotInfoStr PK11SlotInfo;
|
|
typedef struct SECItemStr SECItem;
|
|
|
|
namespace net {
|
|
|
|
namespace x509_util {
|
|
|
|
// Returns true if two certificate handles refer to identical certificates.
|
|
NET_EXPORT bool IsSameCertificate(CERTCertificate* a, CERTCertificate* b);
|
|
NET_EXPORT bool IsSameCertificate(CERTCertificate* a, const X509Certificate* b);
|
|
NET_EXPORT bool IsSameCertificate(const X509Certificate* a, CERTCertificate* b);
|
|
|
|
// Returns a CERTCertificate handle from the DER-encoded representation. The
|
|
// returned value may reference an already existing CERTCertificate object.
|
|
// Returns NULL on failure.
|
|
NET_EXPORT ScopedCERTCertificate
|
|
CreateCERTCertificateFromBytes(const uint8_t* data, size_t length);
|
|
|
|
// Returns a CERTCertificate handle from |cert|. The returned value may
|
|
// reference an already existing CERTCertificate object. Returns NULL on
|
|
// failure.
|
|
NET_EXPORT ScopedCERTCertificate
|
|
CreateCERTCertificateFromX509Certificate(const X509Certificate* cert);
|
|
|
|
// Returns a vector of CERTCertificates corresponding to |cert| and its
|
|
// intermediates (if any). Returns an empty vector on failure.
|
|
NET_EXPORT ScopedCERTCertificateList
|
|
CreateCERTCertificateListFromX509Certificate(const X509Certificate* cert);
|
|
|
|
// Specify behavior if an intermediate certificate fails CERTCertificate
|
|
// parsing. kFail means the function should return a failure result
|
|
// immediately. kIgnore means the invalid intermediate is not added to the
|
|
// output container.
|
|
enum class InvalidIntermediateBehavior { kFail, kIgnore };
|
|
|
|
// Returns a vector of CERTCertificates corresponding to |cert| and its
|
|
// intermediates (if any). Returns an empty vector if the certificate could not
|
|
// be converted. |invalid_intermediate_behavior| specifies behavior if
|
|
// intermediates of |cert| could not be converted.
|
|
NET_EXPORT ScopedCERTCertificateList
|
|
CreateCERTCertificateListFromX509Certificate(
|
|
const X509Certificate* cert,
|
|
InvalidIntermediateBehavior invalid_intermediate_behavior);
|
|
|
|
// Parses all of the certificates possible from |data|. |format| is a
|
|
// bit-wise OR of X509Certificate::Format, indicating the possible formats the
|
|
// certificates may have been serialized as. If an error occurs, an empty
|
|
// collection will be returned.
|
|
NET_EXPORT ScopedCERTCertificateList
|
|
CreateCERTCertificateListFromBytes(const char* data, size_t length, int format);
|
|
|
|
// Increments the refcount of |cert| and returns a handle for that reference.
|
|
NET_EXPORT ScopedCERTCertificate DupCERTCertificate(CERTCertificate* cert);
|
|
|
|
// Increments the refcount of each element in |cerst| and returns a list of
|
|
// handles for them.
|
|
NET_EXPORT ScopedCERTCertificateList
|
|
DupCERTCertificateList(const ScopedCERTCertificateList& certs);
|
|
|
|
// Creates an X509Certificate from |cert|, with intermediates from |chain|.
|
|
// Returns NULL on failure.
|
|
NET_EXPORT scoped_refptr<X509Certificate>
|
|
CreateX509CertificateFromCERTCertificate(
|
|
CERTCertificate* cert,
|
|
const std::vector<CERTCertificate*>& chain);
|
|
|
|
// Creates an X509Certificate with non-standard parsing options.
|
|
// Do not use without consulting //net owners.
|
|
NET_EXPORT scoped_refptr<X509Certificate>
|
|
CreateX509CertificateFromCERTCertificate(
|
|
CERTCertificate* cert,
|
|
const std::vector<CERTCertificate*>& chain,
|
|
X509Certificate::UnsafeCreateOptions options);
|
|
|
|
// Creates an X509Certificate from |cert|, with no intermediates.
|
|
// Returns NULL on failure.
|
|
NET_EXPORT scoped_refptr<X509Certificate>
|
|
CreateX509CertificateFromCERTCertificate(CERTCertificate* cert);
|
|
|
|
// Creates an X509Certificate for each element in |certs|.
|
|
// Returns an empty list on failure.
|
|
NET_EXPORT CertificateList CreateX509CertificateListFromCERTCertificates(
|
|
const ScopedCERTCertificateList& certs);
|
|
|
|
// Obtains the DER encoded certificate data for |cert|. On success, returns
|
|
// true and writes the DER encoded certificate to |*der_encoded|.
|
|
NET_EXPORT bool GetDEREncoded(CERTCertificate* cert, std::string* der_encoded);
|
|
|
|
// Obtains the PEM encoded certificate data for |cert|. On success, returns
|
|
// true and writes the PEM encoded certificate to |*pem_encoded|.
|
|
NET_EXPORT bool GetPEMEncoded(CERTCertificate* cert, std::string* pem_encoded);
|
|
|
|
// Stores the values of all rfc822Name subjectAltNames from |cert_handle|
|
|
// into |names|. If no names are present, clears |names|.
|
|
// WARNING: This method does not validate that the rfc822Name is
|
|
// properly encoded; it MAY contain embedded NULs or other illegal
|
|
// characters; care should be taken to validate the well-formedness
|
|
// before using.
|
|
NET_EXPORT void GetRFC822SubjectAltNames(CERTCertificate* cert_handle,
|
|
std::vector<std::string>* names);
|
|
|
|
// Stores the values of all Microsoft UPN subjectAltNames from |cert_handle|
|
|
// into |names|. If no names are present, clears |names|.
|
|
//
|
|
// A "Microsoft UPN subjectAltName" is an OtherName value whose type-id
|
|
// is equal to 1.3.6.1.4.1.311.20.2.3 (known as either id-ms-san-sc-logon-upn,
|
|
// as described in RFC 4556, or as szOID_NT_PRINCIPAL_NAME, as
|
|
// documented in Microsoft KB287547).
|
|
// The value field is a UTF8String literal.
|
|
// For more information:
|
|
// https://www.ietf.org/mail-archive/web/pkix/current/msg03145.html
|
|
// https://www.ietf.org/proceedings/65/slides/pkix-4/sld1.htm
|
|
// https://tools.ietf.org/html/rfc4556
|
|
//
|
|
// WARNING: This method does not validate that the name is
|
|
// properly encoded; it MAY contain embedded NULs or other illegal
|
|
// characters; care should be taken to validate the well-formedness
|
|
// before using.
|
|
NET_EXPORT void GetUPNSubjectAltNames(CERTCertificate* cert_handle,
|
|
std::vector<std::string>* names);
|
|
|
|
// Generates a unique nickname for |nss_cert| based on the |type| and |slot|.
|
|
NET_EXPORT std::string GetDefaultUniqueNickname(CERTCertificate* nss_cert,
|
|
CertType type,
|
|
PK11SlotInfo* slot);
|
|
|
|
// Returns a name that can be used to represent the principal. It tries in
|
|
// this order: CN, O and OU and returns the first non-empty one found.
|
|
// This mirrors net::CertPrincipal::GetDisplayName.
|
|
NET_EXPORT std::string GetCERTNameDisplayName(CERTName* name);
|
|
|
|
// Stores the notBefore and notAfter times from |cert| into |*not_before| and
|
|
// |*not_after|, returning true if successful. |not_before| or |not_after| may
|
|
// be null.
|
|
NET_EXPORT bool GetValidityTimes(CERTCertificate* cert,
|
|
base::Time* not_before,
|
|
base::Time* not_after);
|
|
|
|
// Calculates the SHA-256 fingerprint of the certificate. Returns an empty
|
|
// (all zero) fingerprint on failure.
|
|
NET_EXPORT SHA256HashValue CalculateFingerprint256(CERTCertificate* cert);
|
|
|
|
} // namespace x509_util
|
|
|
|
} // namespace net
|
|
|
|
#endif // NET_CERT_X509_UTIL_NSS_H_
|