1f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Copyright 2013 The Chromium Authors. All rights reserved.
2f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be
3f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// found in the LICENSE file.
4f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)
5f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#ifndef NET_CERT_CT_OBJECTS_EXTRACTOR_H_
6f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#define NET_CERT_CT_OBJECTS_EXTRACTOR_H_
7f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)
8f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include <string>
9f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)
10f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "net/base/net_export.h"
11f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "net/cert/x509_certificate.h"
12f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)
13f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)namespace net {
14f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)
15f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)namespace ct {
16f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)
17f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)struct LogEntry;
18f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)
19f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Extracts a SignedCertificateTimestampList that has been embedded within a
20f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// leaf cert as an X.509v3 extension with the OID 1.3.6.1.4.1.11129.2.4.2.
21f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// If the extension is present, returns true, updating |*sct_list| to contain
22f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// the encoded list, minus the DER encoding necessary for the extension.
23f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// |*sct_list| can then be further decoded with ct::DecodeSCTList
24f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)NET_EXPORT_PRIVATE bool ExtractEmbeddedSCTList(
25f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)    X509Certificate::OSCertHandle cert,
26f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)    std::string* sct_list);
27f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)
28f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Obtains a PrecertChain log entry for |leaf|, an X.509v3 certificate that
29f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// contains an X.509v3 extension with the OID 1.3.6.1.4.1.11129.2.4.2. On
30f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// success, fills |*result| with the data for a PrecertChain log entry and
31f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// returns true.
32f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// The filled |*result| should be verified using ct::CTLogVerifier::Verify
33f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Note: If |leaf| does not contain the required extension, it is treated as
34f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// a failure.
35f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)NET_EXPORT_PRIVATE bool GetPrecertLogEntry(X509Certificate::OSCertHandle leaf,
36f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)                                           X509Certificate::OSCertHandle issuer,
37f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)                                           LogEntry* result);
38f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)
39f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Obtains an X509Chain log entry for |leaf|, an X.509v3 certificate that
40f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// is not expected to contain an X.509v3 extension with the OID
41f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// 1.3.6.1.4.1.11129.2.4.2 (meaning a certificate without an embedded SCT).
42f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// On success, fills |result| with the data for an X509Chain log entry and
43f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// returns true.
44f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// The filled |*result| should be verified using ct::CTLogVerifier::Verify
45f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)NET_EXPORT_PRIVATE bool GetX509LogEntry(X509Certificate::OSCertHandle leaf,
46f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)                                        LogEntry* result);
47f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)
485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Extracts a SignedCertificateTimestampList that has been embedded within
495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// an OCSP response as an extension with the OID 1.3.6.1.4.1.11129.2.4.5.
505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// If the extension is present, and the response matches the issuer and
515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// serial number, returns true, updating |*sct_list| to contain
525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// the encoded list, minus the DER encoding necessary for the extension.
535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// |*sct_list| can then be further decoded with ct::DecodeSCTList.
545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)NET_EXPORT_PRIVATE bool ExtractSCTListFromOCSPResponse(
555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    X509Certificate::OSCertHandle issuer,
565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    const std::string& cert_serial_number,
575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    const std::string& ocsp_response,
585d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    std::string* sct_list);
595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
60f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)}  // namespace ct
61f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)
62f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)}  // namespace net
63f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)
64f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#endif  // NET_CERT_CT_OBJECTS_EXTRACTOR_H_
65