1// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef NET_SSL_SSL_CERT_REQUEST_INFO_H_ 6#define NET_SSL_SSL_CERT_REQUEST_INFO_H_ 7 8#include <string> 9#include <vector> 10 11#include "base/memory/ref_counted.h" 12#include "net/base/host_port_pair.h" 13#include "net/base/net_export.h" 14#include "net/ssl/ssl_client_cert_type.h" 15 16namespace net { 17 18class X509Certificate; 19 20// The SSLCertRequestInfo class represents server criteria regarding client 21// certificate required for a secure connection. 22// 23// In TLS 1.1, the CertificateRequest 24// message is defined as: 25// enum { 26// rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), 27// rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6), 28// fortezza_dms_RESERVED(20), (255) 29// } ClientCertificateType; 30// 31// opaque DistinguishedName<1..2^16-1>; 32// 33// struct { 34// ClientCertificateType certificate_types<1..2^8-1>; 35// DistinguishedName certificate_authorities<3..2^16-1>; 36// } CertificateRequest; 37class NET_EXPORT SSLCertRequestInfo 38 : public base::RefCountedThreadSafe<SSLCertRequestInfo> { 39 public: 40 SSLCertRequestInfo(); 41 42 void Reset(); 43 44 // The host and port of the SSL server that requested client authentication. 45 HostPortPair host_and_port; 46 47 // True if the server that issues this request was the HTTPS proxy used in 48 // the request. False, if the server was the origin server. 49 bool is_proxy; 50 51 // List of DER-encoded X.509 DistinguishedName of certificate authorities 52 // allowed by the server. 53 std::vector<std::string> cert_authorities; 54 55 std::vector<SSLClientCertType> cert_key_types; 56 57 // Client certificates matching the server criteria. This should be removed 58 // soon as being tracked in http://crbug.com/166642. 59 std::vector<scoped_refptr<X509Certificate> > client_certs; 60 61 private: 62 friend class base::RefCountedThreadSafe<SSLCertRequestInfo>; 63 64 ~SSLCertRequestInfo(); 65}; 66 67} // namespace net 68 69#endif // NET_SSL_SSL_CERT_REQUEST_INFO_H_ 70