net/cert/x509_cert_types.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_CERT_X509_CERT_TYPES_H_
   6 #define NET_CERT_X509_CERT_TYPES_H_
   7
   8 #include <string.h>
   9
  10 #include <map>
  11 #include <set>
  12 #include <string>
  13 #include <vector>
  14
  15 #include "base/logging.h"
  16 #include "base/strings/string_piece.h"
  17 #include "build/build_config.h"
  18 #include "net/base/hash_value.h"
  19 #include "net/base/net_export.h"
  20 #include "net/cert/cert_status_flags.h"
  21
  22 #if defined(OS_MACOSX) && !defined(OS_IOS)
  23 #include <Security/x509defs.h>
  24 #endif
  25
  26 namespace base {
  27 class Time;
  28 }  // namespace base
  29
  30 namespace net {
  31
  32 class X509Certificate;
  33
  34 // CertPrincipal represents the issuer or subject field of an X.509 certificate.
  35 struct NET_EXPORT CertPrincipal {
  36   CertPrincipal();
  37   explicit CertPrincipal(const std::string& name);
  38   ~CertPrincipal();
  39
  40 #if (defined(OS_MACOSX) && !defined(OS_IOS)) || defined(OS_WIN)
  41   // Parses a BER-format DistinguishedName.
  42   bool ParseDistinguishedName(const void* ber_name_data, size_t length);
  43 #endif
  44
  45 #if defined(OS_MACOSX) && !defined(OS_IOS)
  46   // Compare this CertPrincipal with |against|, returning true if they're
  47   // equal enough to be a possible match. This should NOT be used for any
  48   // security relevant decisions.
  49   // TODO(rsleevi): Remove once Mac client auth uses NSS for name comparison.
  50   bool Matches(const CertPrincipal& against) const;
  51 #endif
  52
  53   // Returns a name that can be used to represent the issuer.  It tries in this
  54   // order: CN, O and OU and returns the first non-empty one found.
  55   std::string GetDisplayName() const;
  56
  57   // The different attributes for a principal, stored in UTF-8.  They may be "".
  58   // Note that some of them can have several values.
  59
  60   std::string common_name;
  61   std::string locality_name;
  62   std::string state_or_province_name;
  63   std::string country_name;
  64
  65   std::vector<std::string> street_addresses;
  66   std::vector<std::string> organization_names;
  67   std::vector<std::string> organization_unit_names;
  68   std::vector<std::string> domain_components;
  69 };
  70
  71 #if defined(OS_MACOSX) && !defined(OS_IOS)
  72 // Compares two OIDs by value.
  73 inline bool CSSMOIDEqual(const CSSM_OID* oid1, const CSSM_OID* oid2) {
  74   return oid1->Length == oid2->Length &&
  75   (memcmp(oid1->Data, oid2->Data, oid1->Length) == 0);
  76 }
  77 #endif
  78
  79 // A list of ASN.1 date/time formats that ParseCertificateDate() supports,
  80 // encoded in the canonical forms specified in RFC 2459/3280/5280.
  81 enum CertDateFormat {
  82   // UTCTime: Format is YYMMDDHHMMSSZ
  83   CERT_DATE_FORMAT_UTC_TIME,
  84
  85   // GeneralizedTime: Format is YYYYMMDDHHMMSSZ
  86   CERT_DATE_FORMAT_GENERALIZED_TIME,
  87 };
  88
  89 // Attempts to parse |raw_date|, an ASN.1 date/time string encoded as
  90 // |format|, and writes the result into |*time|. If an invalid date is
  91 // specified, or if parsing fails, returns false, and |*time| will not be
  92 // updated.
  93 NET_EXPORT_PRIVATE bool ParseCertificateDate(const base::StringPiece& raw_date,
  94                                              CertDateFormat format,
  95                                              base::Time* time);
  96 }  // namespace net
  97
  98 #endif  // NET_CERT_X509_CERT_TYPES_H_