1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_SSL_SSL_CERT_REQUEST_INFO_H_
6#define NET_SSL_SSL_CERT_REQUEST_INFO_H_
7
8#include <string>
9#include <vector>
10
11#include "base/memory/ref_counted.h"
12#include "net/base/host_port_pair.h"
13#include "net/base/net_export.h"
14#include "net/ssl/ssl_client_cert_type.h"
15
16namespace net {
17
18class X509Certificate;
19
20// The SSLCertRequestInfo class represents server criteria regarding client
21// certificate required for a secure connection.
22//
23// In TLS 1.1, the CertificateRequest
24// message is defined as:
25//   enum {
26//   rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
27//   rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6),
28//   fortezza_dms_RESERVED(20), (255)
29//   } ClientCertificateType;
30//
31//   opaque DistinguishedName<1..2^16-1>;
32//
33//   struct {
34//       ClientCertificateType certificate_types<1..2^8-1>;
35//       DistinguishedName certificate_authorities<3..2^16-1>;
36//   } CertificateRequest;
37class NET_EXPORT SSLCertRequestInfo
38    : public base::RefCountedThreadSafe<SSLCertRequestInfo> {
39 public:
40  SSLCertRequestInfo();
41
42  void Reset();
43
44  // The host and port of the SSL server that requested client authentication.
45  HostPortPair host_and_port;
46
47  // True if the server that issues this request was the HTTPS proxy used in
48  // the request.  False, if the server was the origin server.
49  bool is_proxy;
50
51  // List of DER-encoded X.509 DistinguishedName of certificate authorities
52  // allowed by the server.
53  std::vector<std::string> cert_authorities;
54
55  std::vector<SSLClientCertType> cert_key_types;
56
57  // Client certificates matching the server criteria. This should be removed
58  // soon as being tracked in http://crbug.com/166642.
59  std::vector<scoped_refptr<X509Certificate> > client_certs;
60
61 private:
62  friend class base::RefCountedThreadSafe<SSLCertRequestInfo>;
63
64  ~SSLCertRequestInfo();
65};
66
67}  // namespace net
68
69#endif  // NET_SSL_SSL_CERT_REQUEST_INFO_H_
70