Home | History | Annotate | Download | only in ssl 
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_SSL_SSL_CERT_REQUEST_INFO_H_
      6 #define NET_SSL_SSL_CERT_REQUEST_INFO_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include "base/memory/ref_counted.h"
     12 #include "net/base/net_export.h"
     13 #include "net/ssl/ssl_client_cert_type.h"
     14 
     15 namespace net {
     16 
     17 class X509Certificate;
     18 
     19 // The SSLCertRequestInfo class represents server criteria regarding client
     20 // certificate required for a secure connection.
     21 //
     22 // In TLS 1.1, the CertificateRequest
     23 // message is defined as:
     24 //   enum {
     25 //   rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
     26 //   rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6),
     27 //   fortezza_dms_RESERVED(20), (255)
     28 //   } ClientCertificateType;
     29 //
     30 //   opaque DistinguishedName<1..2^16-1>;
     31 //
     32 //   struct {
     33 //       ClientCertificateType certificate_types<1..2^8-1>;
     34 //       DistinguishedName certificate_authorities<3..2^16-1>;
     35 //   } CertificateRequest;
     36 class NET_EXPORT SSLCertRequestInfo
     37     : public base::RefCountedThreadSafe<SSLCertRequestInfo> {
     38  public:
     39   SSLCertRequestInfo();
     40 
     41   void Reset();
     42 
     43   // The host and port of the SSL server that requested client authentication.
     44   std::string host_and_port;
     45 
     46   // True if the server that issues this request was the HTTPS proxy used in
     47   // the request.  False, if the server was the origin server.
     48   bool is_proxy;
     49 
     50   // List of DER-encoded X.509 DistinguishedName of certificate authorities
     51   // allowed by the server.
     52   std::vector<std::string> cert_authorities;
     53 
     54   std::vector<SSLClientCertType> cert_key_types;
     55 
     56   // Client certificates matching the server criteria. This should be removed
     57   // soon as being tracked in http://crbug.com/166642.
     58   std::vector<scoped_refptr<X509Certificate> > client_certs;
     59 
     60  private:
     61   friend class base::RefCountedThreadSafe<SSLCertRequestInfo>;
     62 
     63   ~SSLCertRequestInfo();
     64 };
     65 
     66 }  // namespace net
     67 
     68 #endif  // NET_SSL_SSL_CERT_REQUEST_INFO_H_
     69