1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_CERT_X509_CERT_TYPES_H_ 6 #define NET_CERT_X509_CERT_TYPES_H_ 7 8 #include <string.h> 9 10 #include <map> 11 #include <set> 12 #include <string> 13 #include <vector> 14 15 #include "base/logging.h" 16 #include "base/strings/string_piece.h" 17 #include "build/build_config.h" 18 #include "net/base/hash_value.h" 19 #include "net/base/net_export.h" 20 #include "net/cert/cert_status_flags.h" 21 22 #if defined(OS_MACOSX) && !defined(OS_IOS) 23 #include <Security/x509defs.h> 24 #endif 25 26 namespace base { 27 class Time; 28 } // namespace base 29 30 namespace net { 31 32 class X509Certificate; 33 34 // CertPrincipal represents the issuer or subject field of an X.509 certificate. 35 struct NET_EXPORT CertPrincipal { 36 CertPrincipal(); 37 explicit CertPrincipal(const std::string& name); 38 ~CertPrincipal(); 39 40 #if (defined(OS_MACOSX) && !defined(OS_IOS)) || defined(OS_WIN) 41 // Parses a BER-format DistinguishedName. 42 bool ParseDistinguishedName(const void* ber_name_data, size_t length); 43 #endif 44 45 #if defined(OS_MACOSX) && !defined(OS_IOS) 46 // Compare this CertPrincipal with |against|, returning true if they're 47 // equal enough to be a possible match. This should NOT be used for any 48 // security relevant decisions. 49 // TODO(rsleevi): Remove once Mac client auth uses NSS for name comparison. 50 bool Matches(const CertPrincipal& against) const; 51 #endif 52 53 // Returns a name that can be used to represent the issuer. It tries in this 54 // order: CN, O and OU and returns the first non-empty one found. 55 std::string GetDisplayName() const; 56 57 // The different attributes for a principal, stored in UTF-8. They may be "". 58 // Note that some of them can have several values. 59 60 std::string common_name; 61 std::string locality_name; 62 std::string state_or_province_name; 63 std::string country_name; 64 65 std::vector<std::string> street_addresses; 66 std::vector<std::string> organization_names; 67 std::vector<std::string> organization_unit_names; 68 std::vector<std::string> domain_components; 69 }; 70 71 #if defined(OS_MACOSX) && !defined(OS_IOS) 72 // Compares two OIDs by value. 73 inline bool CSSMOIDEqual(const CSSM_OID* oid1, const CSSM_OID* oid2) { 74 return oid1->Length == oid2->Length && 75 (memcmp(oid1->Data, oid2->Data, oid1->Length) == 0); 76 } 77 #endif 78 79 // A list of ASN.1 date/time formats that ParseCertificateDate() supports, 80 // encoded in the canonical forms specified in RFC 2459/3280/5280. 81 enum CertDateFormat { 82 // UTCTime: Format is YYMMDDHHMMSSZ 83 CERT_DATE_FORMAT_UTC_TIME, 84 85 // GeneralizedTime: Format is YYYYMMDDHHMMSSZ 86 CERT_DATE_FORMAT_GENERALIZED_TIME, 87 }; 88 89 // Attempts to parse |raw_date|, an ASN.1 date/time string encoded as 90 // |format|, and writes the result into |*time|. If an invalid date is 91 // specified, or if parsing fails, returns false, and |*time| will not be 92 // updated. 93 NET_EXPORT_PRIVATE bool ParseCertificateDate(const base::StringPiece& raw_date, 94 CertDateFormat format, 95 base::Time* time); 96 } // namespace net 97 98 #endif // NET_CERT_X509_CERT_TYPES_H_ 99