net/ssl/ssl_cert_request_info.h

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SSL_SSL_CERT_REQUEST_INFO_H_
   6 #define NET_SSL_SSL_CERT_REQUEST_INFO_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/memory/ref_counted.h"
  12 #include "net/base/host_port_pair.h"
  13 #include "net/base/net_export.h"
  14 #include "net/ssl/ssl_client_cert_type.h"
  15
  16 namespace net {
  17
  18 class X509Certificate;
  19
  20 // The SSLCertRequestInfo class represents server criteria regarding client
  21 // certificate required for a secure connection.
  22 //
  23 // In TLS 1.1, the CertificateRequest
  24 // message is defined as:
  25 //   enum {
  26 //   rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
  27 //   rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6),
  28 //   fortezza_dms_RESERVED(20), (255)
  29 //   } ClientCertificateType;
  30 //
  31 //   opaque DistinguishedName<1..2^16-1>;
  32 //
  33 //   struct {
  34 //       ClientCertificateType certificate_types<1..2^8-1>;
  35 //       DistinguishedName certificate_authorities<3..2^16-1>;
  36 //   } CertificateRequest;
  37 class NET_EXPORT SSLCertRequestInfo
  38     : public base::RefCountedThreadSafe<SSLCertRequestInfo> {
  39  public:
  40   SSLCertRequestInfo();
  41
  42   void Reset();
  43
  44   // The host and port of the SSL server that requested client authentication.
  45   HostPortPair host_and_port;
  46
  47   // True if the server that issues this request was the HTTPS proxy used in
  48   // the request.  False, if the server was the origin server.
  49   bool is_proxy;
  50
  51   // List of DER-encoded X.509 DistinguishedName of certificate authorities
  52   // allowed by the server.
  53   std::vector<std::string> cert_authorities;
  54
  55   std::vector<SSLClientCertType> cert_key_types;
  56
  57   // Client certificates matching the server criteria. This should be removed
  58   // soon as being tracked in http://crbug.com/166642.
  59   std::vector<scoped_refptr<X509Certificate> > client_certs;
  60
  61  private:
  62   friend class base::RefCountedThreadSafe<SSLCertRequestInfo>;
  63
  64   ~SSLCertRequestInfo();
  65 };
  66
  67 }  // namespace net
  68
  69 #endif  // NET_SSL_SSL_CERT_REQUEST_INFO_H_