15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2011 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#ifndef NET_CERT_X509_UTIL_NSS_H_ 6c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define NET_CERT_X509_UTIL_NSS_H_ 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <string> 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <vector> 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "base/time/time.h" 12c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/base/net_export.h" 13c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/x509_certificate.h" 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class PickleIterator; 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct CERTCertificateStr CERTCertificate; 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct CERTNameStr CERTName; 1990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)typedef struct PK11SlotInfoStr PK11SlotInfo; 202a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)typedef struct PLArenaPool PLArenaPool; 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct SECItemStr SECItem; 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace net { 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace x509_util { 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(USE_NSS) || defined(OS_IOS) 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Parses the Principal attribute from |name| and outputs the result in 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// |principal|. 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void ParsePrincipal(CERTName* name, 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CertPrincipal* principal); 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Parses the date from |der_date| and outputs the result in |result|. 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void ParseDate(const SECItem* der_date, base::Time* result); 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Parses the serial number from |certificate|. 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)std::string ParseSerialNumber(const CERTCertificate* certificate); 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Gets the subjectAltName extension field from the certificate, if any. 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void GetSubjectAltName(CERTCertificate* cert_handle, 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::vector<std::string>* dns_names, 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::vector<std::string>* ip_addrs); 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Creates all possible OS certificate handles from |data| encoded in a specific 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// |format|. Returns an empty collection on failure. 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)X509Certificate::OSCertHandles CreateOSCertHandlesFromBytes( 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char* data, 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int length, 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) X509Certificate::Format format); 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Reads a single certificate from |pickle_iter| and returns a platform-specific 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// certificate handle. Returns an invalid handle, NULL, on failure. 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)X509Certificate::OSCertHandle ReadOSCertHandleFromPickle( 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PickleIterator* pickle_iter); 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Sets |*size_bits| to be the length of the public key in bits, and sets 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// |*type| to one of the |PublicKeyType| values. In case of 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// |kPublicKeyTypeUnknown|, |*size_bits| will be set to 0. 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void GetPublicKeyInfo(CERTCertificate* handle, 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) size_t* size_bits, 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) X509Certificate::PublicKeyType* type); 622a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 632a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Create a list of CERTName objects from a list of DER-encoded X.509 642a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// DistinguishedName items. All objects are created in a given arena. 652a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// |encoded_issuers| is the list of encoded DNs. 662a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// |arena| is the arena used for all allocations. 672a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// |out| will receive the result list on success. 682a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Return true on success. On failure, the caller must free the 692a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// intermediate CERTName objects pushed to |out|. 702a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)bool GetIssuersFromEncodedList( 712a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const std::vector<std::string>& issuers, 722a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) PLArenaPool* arena, 732a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) std::vector<CERTName*>* out); 742a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 752a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Returns true iff a certificate is issued by any of the issuers listed 762a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// by name in |valid_issuers|. 772a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// |cert_chain| is the certificate's chain. 782a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// |valid_issuers| is a list of strings, where each string contains 792a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// a DER-encoded X.509 Distinguished Name. 802a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)bool IsCertificateIssuedBy(const std::vector<CERTCertificate*>& cert_chain, 812a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const std::vector<CERTName*>& valid_issuers); 822a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 8390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)// Generates a unique nickname for |slot|, returning |nickname| if it is 8490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)// already unique. 8590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)// 8690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)// Note: The nickname returned will NOT include the token name, thus the 8790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)// token name must be prepended if calling an NSS function that expects 8890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)// <token>:<nickname>. 8990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)// TODO(gspencer): Internationalize this: it's wrong to hard-code English. 9090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)std::string GetUniqueNicknameForSlot(const std::string& nickname, 9190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const SECItem* subject, 9290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) PK11SlotInfo* slot); 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif // defined(USE_NSS) || defined(OS_IOS) 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace x509_util 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace net 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 99c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#endif // NET_CERT_X509_UTIL_NSS_H_ 100