Refactor WebsiteSettings to operate on a SecurityInfo
[chromium-blink-merge.git] / net / cert / x509_util_nss.h
blobbb9bed955cd322842a054cc9330d93bf27bbfc4b
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_CERT_X509_UTIL_NSS_H_
6 #define NET_CERT_X509_UTIL_NSS_H_
8 #include <string>
9 #include <vector>
11 #include "base/time/time.h"
12 #include "net/base/net_export.h"
13 #include "net/cert/x509_certificate.h"
15 namespace base {
16 class PickleIterator;
19 typedef struct CERTCertificateStr CERTCertificate;
20 typedef struct CERTNameStr CERTName;
21 typedef struct PK11SlotInfoStr PK11SlotInfo;
22 typedef struct PLArenaPool PLArenaPool;
23 typedef struct SECItemStr SECItem;
25 namespace net {
27 namespace x509_util {
29 #if defined(USE_NSS_CERTS) || defined(OS_IOS)
30 // Parses the Principal attribute from |name| and outputs the result in
31 // |principal|.
32 void ParsePrincipal(CERTName* name,
33 CertPrincipal* principal);
35 // Parses the date from |der_date| and outputs the result in |result|.
36 void ParseDate(const SECItem* der_date, base::Time* result);
38 // Parses the serial number from |certificate|.
39 std::string ParseSerialNumber(const CERTCertificate* certificate);
41 // Gets the subjectAltName extension field from the certificate, if any.
42 void GetSubjectAltName(CERTCertificate* cert_handle,
43 std::vector<std::string>* dns_names,
44 std::vector<std::string>* ip_addrs);
46 // Creates all possible OS certificate handles from |data| encoded in a specific
47 // |format|. Returns an empty collection on failure.
48 X509Certificate::OSCertHandles CreateOSCertHandlesFromBytes(
49 const char* data,
50 int length,
51 X509Certificate::Format format);
53 // Reads a single certificate from |pickle_iter| and returns a platform-specific
54 // certificate handle. Returns an invalid handle, NULL, on failure.
55 X509Certificate::OSCertHandle ReadOSCertHandleFromPickle(
56 base::PickleIterator* pickle_iter);
58 // Sets |*size_bits| to be the length of the public key in bits, and sets
59 // |*type| to one of the |PublicKeyType| values. In case of
60 // |kPublicKeyTypeUnknown|, |*size_bits| will be set to 0.
61 void GetPublicKeyInfo(CERTCertificate* handle,
62 size_t* size_bits,
63 X509Certificate::PublicKeyType* type);
65 // Create a list of CERTName objects from a list of DER-encoded X.509
66 // DistinguishedName items. All objects are created in a given arena.
67 // |encoded_issuers| is the list of encoded DNs.
68 // |arena| is the arena used for all allocations.
69 // |out| will receive the result list on success.
70 // Return true on success. On failure, the caller must free the
71 // intermediate CERTName objects pushed to |out|.
72 bool GetIssuersFromEncodedList(
73 const std::vector<std::string>& issuers,
74 PLArenaPool* arena,
75 std::vector<CERTName*>* out);
77 // Returns true iff a certificate is issued by any of the issuers listed
78 // by name in |valid_issuers|.
79 // |cert_chain| is the certificate's chain.
80 // |valid_issuers| is a list of strings, where each string contains
81 // a DER-encoded X.509 Distinguished Name.
82 bool IsCertificateIssuedBy(const std::vector<CERTCertificate*>& cert_chain,
83 const std::vector<CERTName*>& valid_issuers);
85 // Generates a unique nickname for |slot|, returning |nickname| if it is
86 // already unique.
88 // Note: The nickname returned will NOT include the token name, thus the
89 // token name must be prepended if calling an NSS function that expects
90 // <token>:<nickname>.
91 // TODO(gspencer): Internationalize this: it's wrong to hard-code English.
92 std::string GetUniqueNicknameForSlot(const std::string& nickname,
93 const SECItem* subject,
94 PK11SlotInfo* slot);
95 #endif // defined(USE_NSS_CERTS) || defined(OS_IOS)
97 } // namespace x509_util
99 } // namespace net
101 #endif // NET_CERT_X509_UTIL_NSS_H_