1// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_COMMON_NET_X509_CERTIFICATE_MODEL_H_ 6#define CHROME_COMMON_NET_X509_CERTIFICATE_MODEL_H_ 7#pragma once 8 9#include "net/base/cert_database.h" 10#include "net/base/cert_type.h" 11#include "net/base/x509_certificate.h" 12 13// This namespace defines a set of functions to be used in UI-related bits of 14// X509 certificates. It decouples the UI from the underlying crypto library 15// (currently NSS or OpenSSL - in development). 16// This is currently only used by linux, as mac / windows use their own native 17// certificate viewers and crypto libraries. 18namespace x509_certificate_model { 19 20std::string GetCertNameOrNickname( 21 net::X509Certificate::OSCertHandle cert_handle); 22 23std::string GetNickname(net::X509Certificate::OSCertHandle cert_handle); 24 25std::string GetTokenName(net::X509Certificate::OSCertHandle cert_handle); 26 27std::string GetVersion(net::X509Certificate::OSCertHandle cert_handle); 28 29net::CertType GetType(net::X509Certificate::OSCertHandle cert_handle); 30 31std::string GetEmailAddress(net::X509Certificate::OSCertHandle cert_handle); 32 33void GetUsageStrings( 34 net::X509Certificate::OSCertHandle cert_handle, 35 std::vector<std::string>* usages); 36 37std::string GetKeyUsageString(net::X509Certificate::OSCertHandle cert_handle); 38 39std::string GetSerialNumberHexified( 40 net::X509Certificate::OSCertHandle cert_handle, 41 const std::string& alternative_text); 42 43std::string GetIssuerCommonName( 44 net::X509Certificate::OSCertHandle cert_handle, 45 const std::string& alternative_text); 46 47std::string GetIssuerOrgName( 48 net::X509Certificate::OSCertHandle cert_handle, 49 const std::string& alternative_text); 50 51std::string GetIssuerOrgUnitName( 52 net::X509Certificate::OSCertHandle cert_handle, 53 const std::string& alternative_text); 54 55std::string GetSubjectOrgName( 56 net::X509Certificate::OSCertHandle cert_handle, 57 const std::string& alternative_text); 58 59std::string GetSubjectOrgUnitName( 60 net::X509Certificate::OSCertHandle cert_handle, 61 const std::string& alternative_text); 62 63std::string GetSubjectCommonName( 64 net::X509Certificate::OSCertHandle cert_handle, 65 const std::string& alternative_text); 66 67bool GetTimes(net::X509Certificate::OSCertHandle cert_handle, 68 base::Time* issued, base::Time* expires); 69 70std::string GetTitle(net::X509Certificate::OSCertHandle cert_handle); 71std::string GetIssuerName(net::X509Certificate::OSCertHandle cert_handle); 72std::string GetSubjectName(net::X509Certificate::OSCertHandle cert_handle); 73 74void GetEmailAddresses(net::X509Certificate::OSCertHandle cert_handle, 75 std::vector<std::string>* email_addresses); 76 77void GetNicknameStringsFromCertList(const net::CertificateList& certs, 78 const std::string& cert_expired, 79 const std::string& cert_not_yet_valid, 80 std::vector<std::string>* nick_names); 81 82// Returns the PKCS#11 attribute CKA_ID for a certificate as an upper-case 83// hex string, or the empty string if none is found. 84std::string GetPkcs11Id(net::X509Certificate::OSCertHandle cert_handle); 85 86struct Extension { 87 std::string name; 88 std::string value; 89}; 90 91typedef std::vector<Extension> Extensions; 92 93void GetExtensions( 94 const std::string& critical_label, 95 const std::string& non_critical_label, 96 net::X509Certificate::OSCertHandle cert_handle, 97 Extensions* extensions); 98 99// Hash a certificate using the given algorithm, return the result as a 100// colon-seperated hex string. 101std::string HashCertSHA256(net::X509Certificate::OSCertHandle cert_handle); 102std::string HashCertSHA1(net::X509Certificate::OSCertHandle cert_handle); 103 104// For host values, if they contain IDN Punycode-encoded A-labels, this will 105// return a string suitable for display that contains both the original and the 106// decoded U-label form. Otherwise, the string will be returned as is. 107std::string ProcessIDN(const std::string& input); 108 109void GetCertChainFromCert(net::X509Certificate::OSCertHandle cert_handle, 110 net::X509Certificate::OSCertHandles* cert_handles); 111void DestroyCertChain(net::X509Certificate::OSCertHandles* cert_handles); 112 113std::string GetDerString(net::X509Certificate::OSCertHandle cert_handle); 114std::string GetCMSString(const net::X509Certificate::OSCertHandles& cert_chain, 115 size_t start, size_t end); 116 117std::string ProcessSecAlgorithmSignature( 118 net::X509Certificate::OSCertHandle cert_handle); 119std::string ProcessSecAlgorithmSubjectPublicKey( 120 net::X509Certificate::OSCertHandle cert_handle); 121std::string ProcessSecAlgorithmSignatureWrap( 122 net::X509Certificate::OSCertHandle cert_handle); 123 124std::string ProcessSubjectPublicKeyInfo( 125 net::X509Certificate::OSCertHandle cert_handle); 126 127std::string ProcessRawBitsSignatureWrap( 128 net::X509Certificate::OSCertHandle cert_handle); 129 130void RegisterDynamicOids(); 131 132// Format a buffer as |hex_separator| separated string, with 16 bytes on each 133// line separated using |line_separator|. 134std::string ProcessRawBytesWithSeparators(const unsigned char* data, 135 size_t data_length, 136 char hex_separator, 137 char line_separator); 138 139// Format a buffer as a space separated string, with 16 bytes on each line. 140std::string ProcessRawBytes(const unsigned char* data, 141 size_t data_length); 142 143#if defined(USE_NSS) 144// Format a buffer as a space separated string, with 16 bytes on each line. 145// |data_length| is the length in bits. 146std::string ProcessRawBits(const unsigned char* data, 147 size_t data_length); 148#endif // USE_NSS 149 150} // namespace x509_certificate_model 151 152#endif // CHROME_COMMON_NET_X509_CERTIFICATE_MODEL_H_ 153