mirror of
https://github.com/klzgrad/naiveproxy.git
synced 2024-11-24 14:26:09 +03:00
81 lines
3.0 KiB
C++
81 lines
3.0 KiB
C++
// Copyright 2017 The Chromium Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#ifndef NET_CERT_X509_UTIL_WIN_H_
|
|
#define NET_CERT_X509_UTIL_WIN_H_
|
|
|
|
#include <memory>
|
|
#include <vector>
|
|
|
|
#include <windows.h>
|
|
|
|
#include "base/memory/ref_counted.h"
|
|
#include "crypto/wincrypt_shim.h"
|
|
#include "net/base/hash_value.h"
|
|
#include "net/base/net_export.h"
|
|
#include "net/cert/x509_certificate.h"
|
|
|
|
namespace net {
|
|
|
|
struct FreeCertContextFunctor {
|
|
void operator()(PCCERT_CONTEXT context) const {
|
|
if (context)
|
|
CertFreeCertificateContext(context);
|
|
}
|
|
};
|
|
|
|
using ScopedPCCERT_CONTEXT =
|
|
std::unique_ptr<const CERT_CONTEXT, FreeCertContextFunctor>;
|
|
|
|
namespace x509_util {
|
|
|
|
// Creates an X509Certificate representing |os_cert| with intermediates
|
|
// |os_chain|.
|
|
NET_EXPORT scoped_refptr<X509Certificate> CreateX509CertificateFromCertContexts(
|
|
PCCERT_CONTEXT os_cert,
|
|
const std::vector<PCCERT_CONTEXT>& os_chain);
|
|
// Creates an X509Certificate with non-standard parsing options.
|
|
// Do not use without consulting //net owners.
|
|
NET_EXPORT scoped_refptr<X509Certificate> CreateX509CertificateFromCertContexts(
|
|
PCCERT_CONTEXT os_cert,
|
|
const std::vector<PCCERT_CONTEXT>& os_chain,
|
|
X509Certificate::UnsafeCreateOptions options);
|
|
|
|
// Returns a new PCCERT_CONTEXT containing the certificate and its
|
|
// intermediate certificates, or NULL on failure. This function is only
|
|
// necessary if the CERT_CONTEXT.hCertStore member will be accessed or
|
|
// enumerated, which is generally true for any CryptoAPI functions involving
|
|
// certificate chains, including validation or certificate display.
|
|
//
|
|
// While the returned PCCERT_CONTEXT and its HCERTSTORE can safely be used on
|
|
// multiple threads if no further modifications happen, it is generally
|
|
// preferable for each thread that needs such a context to obtain its own,
|
|
// rather than risk thread-safety issues by sharing.
|
|
NET_EXPORT ScopedPCCERT_CONTEXT
|
|
CreateCertContextWithChain(const X509Certificate* cert);
|
|
|
|
// Specify behavior if an intermediate certificate fails CERT_CONTEXT parsing.
|
|
// kFail means the function should return a failure result immediately. kIgnore
|
|
// means the invalid intermediate is not added to the output context.
|
|
enum class InvalidIntermediateBehavior { kFail, kIgnore };
|
|
|
|
// As CreateCertContextWithChain above, but |invalid_intermediate_behavior|
|
|
// specifies behavior if intermediates of |cert| could not be converted.
|
|
NET_EXPORT ScopedPCCERT_CONTEXT CreateCertContextWithChain(
|
|
const X509Certificate* cert,
|
|
InvalidIntermediateBehavior invalid_intermediate_behavior);
|
|
|
|
// Calculates the SHA-256 fingerprint of the certificate. Returns an empty
|
|
// (all zero) fingerprint on failure.
|
|
NET_EXPORT SHA256HashValue CalculateFingerprint256(PCCERT_CONTEXT cert);
|
|
|
|
// Returns true if the certificate is self-signed.
|
|
NET_EXPORT bool IsSelfSigned(PCCERT_CONTEXT cert_handle);
|
|
|
|
} // namespace x509_util
|
|
|
|
} // namespace net
|
|
|
|
#endif // NET_CERT_X509_UTIL_WIN_H_
|