1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_CERT_CT_OBJECTS_EXTRACTOR_H_
6#define NET_CERT_CT_OBJECTS_EXTRACTOR_H_
7
8#include <string>
9
10#include "net/base/net_export.h"
11#include "net/cert/x509_certificate.h"
12
13namespace net {
14
15namespace ct {
16
17struct LogEntry;
18
19// Extracts a SignedCertificateTimestampList that has been embedded within a
20// leaf cert as an X.509v3 extension with the OID 1.3.6.1.4.1.11129.2.4.2.
21// If the extension is present, returns true, updating |*sct_list| to contain
22// the encoded list, minus the DER encoding necessary for the extension.
23// |*sct_list| can then be further decoded with ct::DecodeSCTList
24NET_EXPORT_PRIVATE bool ExtractEmbeddedSCTList(
25    X509Certificate::OSCertHandle cert,
26    std::string* sct_list);
27
28// Obtains a PrecertChain log entry for |leaf|, an X.509v3 certificate that
29// contains an X.509v3 extension with the OID 1.3.6.1.4.1.11129.2.4.2. On
30// success, fills |*result| with the data for a PrecertChain log entry and
31// returns true.
32// The filled |*result| should be verified using ct::CTLogVerifier::Verify
33// Note: If |leaf| does not contain the required extension, it is treated as
34// a failure.
35NET_EXPORT_PRIVATE bool GetPrecertLogEntry(X509Certificate::OSCertHandle leaf,
36                                           X509Certificate::OSCertHandle issuer,
37                                           LogEntry* result);
38
39// Obtains an X509Chain log entry for |leaf|, an X.509v3 certificate that
40// is not expected to contain an X.509v3 extension with the OID
41// 1.3.6.1.4.1.11129.2.4.2 (meaning a certificate without an embedded SCT).
42// On success, fills |result| with the data for an X509Chain log entry and
43// returns true.
44// The filled |*result| should be verified using ct::CTLogVerifier::Verify
45NET_EXPORT_PRIVATE bool GetX509LogEntry(X509Certificate::OSCertHandle leaf,
46                                        LogEntry* result);
47
48// Extracts a SignedCertificateTimestampList that has been embedded within
49// an OCSP response as an extension with the OID 1.3.6.1.4.1.11129.2.4.5.
50// If the extension is present, and the response matches the issuer and
51// serial number, returns true, updating |*sct_list| to contain
52// the encoded list, minus the DER encoding necessary for the extension.
53// |*sct_list| can then be further decoded with ct::DecodeSCTList.
54NET_EXPORT_PRIVATE bool ExtractSCTListFromOCSPResponse(
55    X509Certificate::OSCertHandle issuer,
56    const std::string& cert_serial_number,
57    const std::string& ocsp_response,
58    std::string* sct_list);
59
60}  // namespace ct
61
62}  // namespace net
63
64#endif  // NET_CERT_CT_OBJECTS_EXTRACTOR_H_
65