Home | History | Annotate | Download | only in ssl 
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_SSL_SSL_CERT_REQUEST_INFO_H_
      6 #define NET_SSL_SSL_CERT_REQUEST_INFO_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include "base/memory/ref_counted.h"
     12 #include "net/base/host_port_pair.h"
     13 #include "net/base/net_export.h"
     14 #include "net/ssl/ssl_client_cert_type.h"
     15 
     16 namespace net {
     17 
     18 class X509Certificate;
     19 
     20 // The SSLCertRequestInfo class represents server criteria regarding client
     21 // certificate required for a secure connection.
     22 //
     23 // In TLS 1.1, the CertificateRequest
     24 // message is defined as:
     25 //   enum {
     26 //   rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
     27 //   rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6),
     28 //   fortezza_dms_RESERVED(20), (255)
     29 //   } ClientCertificateType;
     30 //
     31 //   opaque DistinguishedName<1..2^16-1>;
     32 //
     33 //   struct {
     34 //       ClientCertificateType certificate_types<1..2^8-1>;
     35 //       DistinguishedName certificate_authorities<3..2^16-1>;
     36 //   } CertificateRequest;
     37 class NET_EXPORT SSLCertRequestInfo
     38     : public base::RefCountedThreadSafe<SSLCertRequestInfo> {
     39  public:
     40   SSLCertRequestInfo();
     41 
     42   void Reset();
     43 
     44   // The host and port of the SSL server that requested client authentication.
     45   HostPortPair host_and_port;
     46 
     47   // True if the server that issues this request was the HTTPS proxy used in
     48   // the request.  False, if the server was the origin server.
     49   bool is_proxy;
     50 
     51   // List of DER-encoded X.509 DistinguishedName of certificate authorities
     52   // allowed by the server.
     53   std::vector<std::string> cert_authorities;
     54 
     55   std::vector<SSLClientCertType> cert_key_types;
     56 
     57   // Client certificates matching the server criteria. This should be removed
     58   // soon as being tracked in http://crbug.com/166642.
     59   std::vector<scoped_refptr<X509Certificate> > client_certs;
     60 
     61  private:
     62   friend class base::RefCountedThreadSafe<SSLCertRequestInfo>;
     63 
     64   ~SSLCertRequestInfo();
     65 };
     66 
     67 }  // namespace net
     68 
     69 #endif  // NET_SSL_SSL_CERT_REQUEST_INFO_H_
     70