• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2013 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_CERT_CT_OBJECTS_EXTRACTOR_H_
6 #define NET_CERT_CT_OBJECTS_EXTRACTOR_H_
7 
8 #include <string>
9 
10 #include "base/strings/string_piece.h"
11 #include "net/base/net_export.h"
12 #include "net/cert/x509_certificate.h"
13 
14 namespace net::ct {
15 
16 struct SignedEntryData;
17 
18 // Extracts a SignedCertificateTimestampList that has been embedded within a
19 // leaf cert as an X.509v3 extension with the OID 1.3.6.1.4.1.11129.2.4.2.
20 // If the extension is present, returns true, updating |*sct_list| to contain
21 // the encoded list, minus the DER encoding necessary for the extension.
22 // |*sct_list| can then be further decoded with ct::DecodeSCTList
23 NET_EXPORT_PRIVATE bool ExtractEmbeddedSCTList(const CRYPTO_BUFFER* cert,
24                                                std::string* sct_list);
25 
26 // Obtains a PrecertChain log entry for |leaf|, an X.509v3 certificate that
27 // contains an X.509v3 extension with the OID 1.3.6.1.4.1.11129.2.4.2. On
28 // success, fills |*result| with the data for a PrecertChain log entry and
29 // returns true.
30 // The filled |*result| should be verified using ct::CTLogVerifier::Verify
31 // Note: If |leaf| does not contain the required extension, it is treated as
32 // a failure.
33 NET_EXPORT_PRIVATE bool GetPrecertSignedEntry(const CRYPTO_BUFFER* leaf,
34                                               const CRYPTO_BUFFER* issuer,
35                                               SignedEntryData* result);
36 
37 // Obtains an X509Chain log entry for |leaf|, an X.509v3 certificate that
38 // is not expected to contain an X.509v3 extension with the OID
39 // 1.3.6.1.4.1.11129.2.4.2 (meaning a certificate without an embedded SCT).
40 // On success, fills |result| with the data for an X509Chain log entry and
41 // returns true.
42 // The filled |*result| should be verified using ct::CTLogVerifier::Verify
43 NET_EXPORT_PRIVATE bool GetX509SignedEntry(const CRYPTO_BUFFER* leaf,
44                                            SignedEntryData* result);
45 
46 // Extracts a SignedCertificateTimestampList that has been embedded within
47 // an OCSP response as an extension with the OID 1.3.6.1.4.1.11129.2.4.5.
48 // If the extension is present, and the response matches the issuer and
49 // serial number, returns true, updating |*sct_list| to contain
50 // the encoded list, minus the DER encoding necessary for the extension.
51 // |*sct_list| can then be further decoded with ct::DecodeSCTList.
52 NET_EXPORT_PRIVATE bool ExtractSCTListFromOCSPResponse(
53     const CRYPTO_BUFFER* issuer,
54     const std::string& cert_serial_number,
55     base::StringPiece ocsp_response,
56     std::string* sct_list);
57 
58 }  // namespace net::ct
59 
60 #endif  // NET_CERT_CT_OBJECTS_EXTRACTOR_H_
61