• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2017 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_CERT_X509_UTIL_WIN_H_
6 #define NET_CERT_X509_UTIL_WIN_H_
7 
8 #include <windows.h>
9 
10 #include <memory>
11 #include <vector>
12 
13 #include "base/containers/span.h"
14 #include "base/memory/scoped_refptr.h"
15 #include "base/win/wincrypt_shim.h"
16 #include "crypto/scoped_capi_types.h"
17 #include "net/base/hash_value.h"
18 #include "net/base/net_export.h"
19 #include "net/cert/x509_certificate.h"
20 
21 namespace net::x509_util {
22 
23 // Returns a span containing the DER encoded certificate data for `os_cert`.
24 NET_EXPORT base::span<const uint8_t> CertContextAsSpan(PCCERT_CONTEXT os_cert);
25 
26 // Creates an X509Certificate representing |os_cert| with intermediates
27 // |os_chain|.
28 NET_EXPORT scoped_refptr<X509Certificate> CreateX509CertificateFromCertContexts(
29     PCCERT_CONTEXT os_cert,
30     const std::vector<PCCERT_CONTEXT>& os_chain);
31 // Creates an X509Certificate with non-standard parsing options.
32 // Do not use without consulting //net owners.
33 NET_EXPORT scoped_refptr<X509Certificate> CreateX509CertificateFromCertContexts(
34     PCCERT_CONTEXT os_cert,
35     const std::vector<PCCERT_CONTEXT>& os_chain,
36     X509Certificate::UnsafeCreateOptions options);
37 
38 // Returns a new PCCERT_CONTEXT containing the certificate and its
39 // intermediate certificates, or NULL on failure. This function is only
40 // necessary if the CERT_CONTEXT.hCertStore member will be accessed or
41 // enumerated, which is generally true for any CryptoAPI functions involving
42 // certificate chains, including validation or certificate display.
43 //
44 // While the returned PCCERT_CONTEXT and its HCERTSTORE can safely be used on
45 // multiple threads if no further modifications happen, it is generally
46 // preferable for each thread that needs such a context to obtain its own,
47 // rather than risk thread-safety issues by sharing.
48 NET_EXPORT crypto::ScopedPCCERT_CONTEXT CreateCertContextWithChain(
49     const X509Certificate* cert);
50 
51 // Specify behavior if an intermediate certificate fails CERT_CONTEXT parsing.
52 // kFail means the function should return a failure result immediately. kIgnore
53 // means the invalid intermediate is not added to the output context.
54 enum class InvalidIntermediateBehavior { kFail, kIgnore };
55 
56 // As CreateCertContextWithChain above, but |invalid_intermediate_behavior|
57 // specifies behavior if intermediates of |cert| could not be converted.
58 NET_EXPORT crypto::ScopedPCCERT_CONTEXT CreateCertContextWithChain(
59     const X509Certificate* cert,
60     InvalidIntermediateBehavior invalid_intermediate_behavior);
61 
62 // Calculates the SHA-256 fingerprint of the certificate.  Returns an empty
63 // (all zero) fingerprint on failure.
64 NET_EXPORT SHA256HashValue CalculateFingerprint256(PCCERT_CONTEXT cert);
65 
66 // Returns true if the certificate is self-signed.
67 NET_EXPORT bool IsSelfSigned(PCCERT_CONTEXT cert_handle);
68 
69 }  // namespace net::x509_util
70 
71 #endif  // NET_CERT_X509_UTIL_WIN_H_
72