1// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_COMMON_NET_X509_CERTIFICATE_MODEL_H_ 6#define CHROME_COMMON_NET_X509_CERTIFICATE_MODEL_H_ 7 8#include "net/cert/cert_type.h" 9#include "net/cert/x509_certificate.h" 10 11// This namespace defines a set of functions to be used in UI-related bits of 12// X509 certificates. It decouples the UI from the underlying crypto library 13// (currently NSS or OpenSSL - in development). 14// This is currently only used by linux, as mac / windows use their own native 15// certificate viewers and crypto libraries. 16namespace x509_certificate_model { 17 18std::string GetCertNameOrNickname( 19 net::X509Certificate::OSCertHandle cert_handle); 20 21std::string GetNickname(net::X509Certificate::OSCertHandle cert_handle); 22 23std::string GetTokenName(net::X509Certificate::OSCertHandle cert_handle); 24 25std::string GetVersion(net::X509Certificate::OSCertHandle cert_handle); 26 27net::CertType GetType(net::X509Certificate::OSCertHandle cert_handle); 28 29std::string GetEmailAddress(net::X509Certificate::OSCertHandle cert_handle); 30 31void GetUsageStrings( 32 net::X509Certificate::OSCertHandle cert_handle, 33 std::vector<std::string>* usages); 34 35std::string GetKeyUsageString(net::X509Certificate::OSCertHandle cert_handle); 36 37std::string GetSerialNumberHexified( 38 net::X509Certificate::OSCertHandle cert_handle, 39 const std::string& alternative_text); 40 41std::string GetIssuerCommonName( 42 net::X509Certificate::OSCertHandle cert_handle, 43 const std::string& alternative_text); 44 45std::string GetIssuerOrgName( 46 net::X509Certificate::OSCertHandle cert_handle, 47 const std::string& alternative_text); 48 49std::string GetIssuerOrgUnitName( 50 net::X509Certificate::OSCertHandle cert_handle, 51 const std::string& alternative_text); 52 53std::string GetSubjectOrgName( 54 net::X509Certificate::OSCertHandle cert_handle, 55 const std::string& alternative_text); 56 57std::string GetSubjectOrgUnitName( 58 net::X509Certificate::OSCertHandle cert_handle, 59 const std::string& alternative_text); 60 61std::string GetSubjectCommonName( 62 net::X509Certificate::OSCertHandle cert_handle, 63 const std::string& alternative_text); 64 65bool GetTimes(net::X509Certificate::OSCertHandle cert_handle, 66 base::Time* issued, base::Time* expires); 67 68std::string GetTitle(net::X509Certificate::OSCertHandle cert_handle); 69std::string GetIssuerName(net::X509Certificate::OSCertHandle cert_handle); 70std::string GetSubjectName(net::X509Certificate::OSCertHandle cert_handle); 71 72void GetEmailAddresses(net::X509Certificate::OSCertHandle cert_handle, 73 std::vector<std::string>* email_addresses); 74 75void GetNicknameStringsFromCertList(const net::CertificateList& certs, 76 const std::string& cert_expired, 77 const std::string& cert_not_yet_valid, 78 std::vector<std::string>* nick_names); 79 80// Returns the PKCS#11 attribute CKA_ID for a certificate as an upper-case 81// hex string, or the empty string if none is found. 82std::string GetPkcs11Id(net::X509Certificate::OSCertHandle cert_handle); 83 84struct Extension { 85 std::string name; 86 std::string value; 87}; 88 89typedef std::vector<Extension> Extensions; 90 91void GetExtensions( 92 const std::string& critical_label, 93 const std::string& non_critical_label, 94 net::X509Certificate::OSCertHandle cert_handle, 95 Extensions* extensions); 96 97// Hash a certificate using the given algorithm, return the result as a 98// colon-seperated hex string. 99std::string HashCertSHA256(net::X509Certificate::OSCertHandle cert_handle); 100std::string HashCertSHA1(net::X509Certificate::OSCertHandle cert_handle); 101 102// For host values, if they contain IDN Punycode-encoded A-labels, this will 103// return a string suitable for display that contains both the original and the 104// decoded U-label form. Otherwise, the string will be returned as is. 105std::string ProcessIDN(const std::string& input); 106 107void GetCertChainFromCert(net::X509Certificate::OSCertHandle cert_handle, 108 net::X509Certificate::OSCertHandles* cert_handles); 109void DestroyCertChain(net::X509Certificate::OSCertHandles* cert_handles); 110 111std::string GetDerString(net::X509Certificate::OSCertHandle cert_handle); 112std::string GetCMSString(const net::X509Certificate::OSCertHandles& cert_chain, 113 size_t start, size_t end); 114 115std::string ProcessSecAlgorithmSignature( 116 net::X509Certificate::OSCertHandle cert_handle); 117std::string ProcessSecAlgorithmSubjectPublicKey( 118 net::X509Certificate::OSCertHandle cert_handle); 119std::string ProcessSecAlgorithmSignatureWrap( 120 net::X509Certificate::OSCertHandle cert_handle); 121 122std::string ProcessSubjectPublicKeyInfo( 123 net::X509Certificate::OSCertHandle cert_handle); 124 125std::string ProcessRawBitsSignatureWrap( 126 net::X509Certificate::OSCertHandle cert_handle); 127 128void RegisterDynamicOids(); 129 130// Format a buffer as |hex_separator| separated string, with 16 bytes on each 131// line separated using |line_separator|. 132std::string ProcessRawBytesWithSeparators(const unsigned char* data, 133 size_t data_length, 134 char hex_separator, 135 char line_separator); 136 137// Format a buffer as a space separated string, with 16 bytes on each line. 138std::string ProcessRawBytes(const unsigned char* data, 139 size_t data_length); 140 141#if defined(USE_NSS) 142// Format a buffer as a space separated string, with 16 bytes on each line. 143// |data_length| is the length in bits. 144std::string ProcessRawBits(const unsigned char* data, 145 size_t data_length); 146#endif // USE_NSS 147 148} // namespace x509_certificate_model 149 150#endif // CHROME_COMMON_NET_X509_CERTIFICATE_MODEL_H_ 151