1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_CERT_X509_UTIL_NSS_H_
6 #define NET_CERT_X509_UTIL_NSS_H_
11 #include "base/time/time.h"
12 #include "net/base/net_export.h"
13 #include "net/cert/x509_certificate.h"
17 typedef struct CERTCertificateStr CERTCertificate
;
18 typedef struct CERTNameStr CERTName
;
19 typedef struct PK11SlotInfoStr PK11SlotInfo
;
20 typedef struct PLArenaPool PLArenaPool
;
21 typedef struct SECItemStr SECItem
;
27 #if defined(USE_NSS_CERTS) || defined(OS_IOS)
28 // Parses the Principal attribute from |name| and outputs the result in
30 void ParsePrincipal(CERTName
* name
,
31 CertPrincipal
* principal
);
33 // Parses the date from |der_date| and outputs the result in |result|.
34 void ParseDate(const SECItem
* der_date
, base::Time
* result
);
36 // Parses the serial number from |certificate|.
37 std::string
ParseSerialNumber(const CERTCertificate
* certificate
);
39 // Gets the subjectAltName extension field from the certificate, if any.
40 void GetSubjectAltName(CERTCertificate
* cert_handle
,
41 std::vector
<std::string
>* dns_names
,
42 std::vector
<std::string
>* ip_addrs
);
44 // Creates all possible OS certificate handles from |data| encoded in a specific
45 // |format|. Returns an empty collection on failure.
46 X509Certificate::OSCertHandles
CreateOSCertHandlesFromBytes(
49 X509Certificate::Format format
);
51 // Reads a single certificate from |pickle_iter| and returns a platform-specific
52 // certificate handle. Returns an invalid handle, NULL, on failure.
53 X509Certificate::OSCertHandle
ReadOSCertHandleFromPickle(
54 PickleIterator
* pickle_iter
);
56 // Sets |*size_bits| to be the length of the public key in bits, and sets
57 // |*type| to one of the |PublicKeyType| values. In case of
58 // |kPublicKeyTypeUnknown|, |*size_bits| will be set to 0.
59 void GetPublicKeyInfo(CERTCertificate
* handle
,
61 X509Certificate::PublicKeyType
* type
);
63 // Create a list of CERTName objects from a list of DER-encoded X.509
64 // DistinguishedName items. All objects are created in a given arena.
65 // |encoded_issuers| is the list of encoded DNs.
66 // |arena| is the arena used for all allocations.
67 // |out| will receive the result list on success.
68 // Return true on success. On failure, the caller must free the
69 // intermediate CERTName objects pushed to |out|.
70 bool GetIssuersFromEncodedList(
71 const std::vector
<std::string
>& issuers
,
73 std::vector
<CERTName
*>* out
);
75 // Returns true iff a certificate is issued by any of the issuers listed
76 // by name in |valid_issuers|.
77 // |cert_chain| is the certificate's chain.
78 // |valid_issuers| is a list of strings, where each string contains
79 // a DER-encoded X.509 Distinguished Name.
80 bool IsCertificateIssuedBy(const std::vector
<CERTCertificate
*>& cert_chain
,
81 const std::vector
<CERTName
*>& valid_issuers
);
83 // Generates a unique nickname for |slot|, returning |nickname| if it is
86 // Note: The nickname returned will NOT include the token name, thus the
87 // token name must be prepended if calling an NSS function that expects
88 // <token>:<nickname>.
89 // TODO(gspencer): Internationalize this: it's wrong to hard-code English.
90 std::string
GetUniqueNicknameForSlot(const std::string
& nickname
,
91 const SECItem
* subject
,
93 #endif // defined(USE_NSS_CERTS) || defined(OS_IOS)
95 } // namespace x509_util
99 #endif // NET_CERT_X509_UTIL_NSS_H_