OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_SSL_CERT_REQUEST_INFO_H_ | 5 #ifndef NET_BASE_SSL_CERT_REQUEST_INFO_H_ |
6 #define NET_BASE_SSL_CERT_REQUEST_INFO_H_ | 6 #define NET_BASE_SSL_CERT_REQUEST_INFO_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/memory/ref_counted.h" | 11 #include "base/memory/ref_counted.h" |
12 #include "net/base/net_export.h" | 12 #include "net/base/net_export.h" |
13 #include "net/base/ssl_client_cert_type.h" | |
13 | 14 |
14 namespace net { | 15 namespace net { |
15 | 16 |
16 class X509Certificate; | 17 class X509Certificate; |
17 | 18 |
18 // The SSLCertRequestInfo class contains the info that allows a user to | 19 // The SSLCertRequestInfo class contains the info that allows a user to |
19 // select a certificate to send to the SSL server for client authentication. | 20 // select a certificate to send to the SSL server for client authentication. |
20 class NET_EXPORT SSLCertRequestInfo | 21 class NET_EXPORT SSLCertRequestInfo |
21 : public base::RefCountedThreadSafe<SSLCertRequestInfo> { | 22 : public base::RefCountedThreadSafe<SSLCertRequestInfo> { |
22 public: | 23 public: |
23 SSLCertRequestInfo(); | 24 SSLCertRequestInfo(); |
24 | 25 |
25 void Reset(); | 26 void Reset(); |
26 | 27 |
27 // The host and port of the SSL server that requested client authentication. | 28 // The host and port of the SSL server that requested client authentication. |
28 std::string host_and_port; | 29 std::string host_and_port; |
29 | 30 |
30 // True if the server that issues this request was the HTTPS proxy used in | 31 // True if the server that issues this request was the HTTPS proxy used in |
31 // the request. False, if the server was the origin server. | 32 // the request. False, if the server was the origin server. |
32 bool is_proxy; | 33 bool is_proxy; |
33 | 34 |
35 // True if |client_certs| is always empty because it is not possible | |
36 // to generate the list of compatible client certificates before | |
37 // prompting the user. This happens on Android. In this case, the values | |
38 // of |valid_cas| and |valid_key_types| must be used instead. | |
39 bool no_client_certs; | |
wtc1
2012/12/15 00:56:18
(I didn't read the previous discussions in this co
digit1
2012/12/18 15:19:15
Yes, this is now the plan, first patch to achieve
| |
40 | |
34 // A list of client certificates that match the server's criteria in the | 41 // A list of client certificates that match the server's criteria in the |
35 // SSL CertificateRequest message. In TLS 1.0, the CertificateRequest | 42 // SSL CertificateRequest message. In TLS 1.0, the CertificateRequest |
36 // message is defined as: | 43 // message is defined as: |
37 // enum { | 44 // enum { |
38 // rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), | 45 // rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), |
39 // (255) | 46 // (255) |
40 // } ClientCertificateType; | 47 // } ClientCertificateType; |
41 // | 48 // |
42 // opaque DistinguishedName<1..2^16-1>; | 49 // opaque DistinguishedName<1..2^16-1>; |
43 // | 50 // |
44 // struct { | 51 // struct { |
45 // ClientCertificateType certificate_types<1..2^8-1>; | 52 // ClientCertificateType certificate_types<1..2^8-1>; |
46 // DistinguishedName certificate_authorities<3..2^16-1>; | 53 // DistinguishedName certificate_authorities<3..2^16-1>; |
47 // } CertificateRequest; | 54 // } CertificateRequest; |
48 std::vector<scoped_refptr<X509Certificate> > client_certs; | 55 std::vector<scoped_refptr<X509Certificate> > client_certs; |
49 | 56 |
57 #if defined(USE_OPENSSL) | |
58 // The list of valid certificate authorities the server recognizes. | |
59 // Each item is a DER-encoded X.509 DistinguishedName. | |
60 std::vector<std::string> valid_cas; | |
61 | |
62 // The list of certificate signing key types that the server | |
63 // supports. | |
64 std::vector<SSLClientCertType> valid_key_types; | |
wtc1
2012/12/15 00:56:18
I suggest using the names from the TLS protocol (s
digit1
2012/12/18 15:19:15
I agree, I wasn't really satisfied with these name
| |
65 #endif | |
66 | |
50 private: | 67 private: |
51 friend class base::RefCountedThreadSafe<SSLCertRequestInfo>; | 68 friend class base::RefCountedThreadSafe<SSLCertRequestInfo>; |
52 | 69 |
53 ~SSLCertRequestInfo(); | 70 ~SSLCertRequestInfo(); |
54 }; | 71 }; |
55 | 72 |
56 } // namespace net | 73 } // namespace net |
57 | 74 |
58 #endif // NET_BASE_SSL_CERT_REQUEST_INFO_H_ | 75 #endif // NET_BASE_SSL_CERT_REQUEST_INFO_H_ |
OLD | NEW |