1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_CERT_X509_UTIL_NSS_H_ 6 #define NET_CERT_X509_UTIL_NSS_H_ 7 8 #include <string> 9 #include <vector> 10 11 #include "base/time/time.h" 12 #include "net/base/net_export.h" 13 #include "net/cert/x509_certificate.h" 14 15 class PickleIterator; 16 17 typedef struct CERTCertificateStr CERTCertificate; 18 typedef struct CERTNameStr CERTName; 19 typedef struct PK11SlotInfoStr PK11SlotInfo; 20 typedef struct PLArenaPool PLArenaPool; 21 typedef struct SECItemStr SECItem; 22 23 namespace net { 24 25 namespace x509_util { 26 27 #if defined(USE_NSS) || defined(OS_IOS) 28 // Parses the Principal attribute from |name| and outputs the result in 29 // |principal|. 30 void ParsePrincipal(CERTName* name, 31 CertPrincipal* principal); 32 33 // Parses the date from |der_date| and outputs the result in |result|. 34 void ParseDate(const SECItem* der_date, base::Time* result); 35 36 // Parses the serial number from |certificate|. 37 std::string ParseSerialNumber(const CERTCertificate* certificate); 38 39 // Gets the subjectAltName extension field from the certificate, if any. 40 void GetSubjectAltName(CERTCertificate* cert_handle, 41 std::vector<std::string>* dns_names, 42 std::vector<std::string>* ip_addrs); 43 44 // Creates all possible OS certificate handles from |data| encoded in a specific 45 // |format|. Returns an empty collection on failure. 46 X509Certificate::OSCertHandles CreateOSCertHandlesFromBytes( 47 const char* data, 48 int length, 49 X509Certificate::Format format); 50 51 // Reads a single certificate from |pickle_iter| and returns a platform-specific 52 // certificate handle. Returns an invalid handle, NULL, on failure. 53 X509Certificate::OSCertHandle ReadOSCertHandleFromPickle( 54 PickleIterator* pickle_iter); 55 56 // Sets |*size_bits| to be the length of the public key in bits, and sets 57 // |*type| to one of the |PublicKeyType| values. In case of 58 // |kPublicKeyTypeUnknown|, |*size_bits| will be set to 0. 59 void GetPublicKeyInfo(CERTCertificate* handle, 60 size_t* size_bits, 61 X509Certificate::PublicKeyType* type); 62 63 // Create a list of CERTName objects from a list of DER-encoded X.509 64 // DistinguishedName items. All objects are created in a given arena. 65 // |encoded_issuers| is the list of encoded DNs. 66 // |arena| is the arena used for all allocations. 67 // |out| will receive the result list on success. 68 // Return true on success. On failure, the caller must free the 69 // intermediate CERTName objects pushed to |out|. 70 bool GetIssuersFromEncodedList( 71 const std::vector<std::string>& issuers, 72 PLArenaPool* arena, 73 std::vector<CERTName*>* out); 74 75 // Returns true iff a certificate is issued by any of the issuers listed 76 // by name in |valid_issuers|. 77 // |cert_chain| is the certificate's chain. 78 // |valid_issuers| is a list of strings, where each string contains 79 // a DER-encoded X.509 Distinguished Name. 80 bool IsCertificateIssuedBy(const std::vector<CERTCertificate*>& cert_chain, 81 const std::vector<CERTName*>& valid_issuers); 82 83 // Generates a unique nickname for |slot|, returning |nickname| if it is 84 // already unique. 85 // 86 // Note: The nickname returned will NOT include the token name, thus the 87 // token name must be prepended if calling an NSS function that expects 88 // <token>:<nickname>. 89 // TODO(gspencer): Internationalize this: it's wrong to hard-code English. 90 std::string GetUniqueNicknameForSlot(const std::string& nickname, 91 const SECItem* subject, 92 PK11SlotInfo* slot); 93 #endif // defined(USE_NSS) || defined(OS_IOS) 94 95 } // namespace x509_util 96 97 } // namespace net 98 99 #endif // NET_CERT_X509_UTIL_NSS_H_ 100
