1 // Copyright 2017 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_CERT_X509_UTIL_WIN_H_ 6 #define NET_CERT_X509_UTIL_WIN_H_ 7 8 #include <windows.h> 9 10 #include <memory> 11 #include <vector> 12 13 #include "base/memory/scoped_refptr.h" 14 #include "base/win/wincrypt_shim.h" 15 #include "crypto/scoped_capi_types.h" 16 #include "net/base/hash_value.h" 17 #include "net/base/net_export.h" 18 #include "net/cert/x509_certificate.h" 19 20 namespace net::x509_util { 21 22 // Creates an X509Certificate representing |os_cert| with intermediates 23 // |os_chain|. 24 NET_EXPORT scoped_refptr<X509Certificate> CreateX509CertificateFromCertContexts( 25 PCCERT_CONTEXT os_cert, 26 const std::vector<PCCERT_CONTEXT>& os_chain); 27 // Creates an X509Certificate with non-standard parsing options. 28 // Do not use without consulting //net owners. 29 NET_EXPORT scoped_refptr<X509Certificate> CreateX509CertificateFromCertContexts( 30 PCCERT_CONTEXT os_cert, 31 const std::vector<PCCERT_CONTEXT>& os_chain, 32 X509Certificate::UnsafeCreateOptions options); 33 34 // Returns a new PCCERT_CONTEXT containing the certificate and its 35 // intermediate certificates, or NULL on failure. This function is only 36 // necessary if the CERT_CONTEXT.hCertStore member will be accessed or 37 // enumerated, which is generally true for any CryptoAPI functions involving 38 // certificate chains, including validation or certificate display. 39 // 40 // While the returned PCCERT_CONTEXT and its HCERTSTORE can safely be used on 41 // multiple threads if no further modifications happen, it is generally 42 // preferable for each thread that needs such a context to obtain its own, 43 // rather than risk thread-safety issues by sharing. 44 NET_EXPORT crypto::ScopedPCCERT_CONTEXT CreateCertContextWithChain( 45 const X509Certificate* cert); 46 47 // Specify behavior if an intermediate certificate fails CERT_CONTEXT parsing. 48 // kFail means the function should return a failure result immediately. kIgnore 49 // means the invalid intermediate is not added to the output context. 50 enum class InvalidIntermediateBehavior { kFail, kIgnore }; 51 52 // As CreateCertContextWithChain above, but |invalid_intermediate_behavior| 53 // specifies behavior if intermediates of |cert| could not be converted. 54 NET_EXPORT crypto::ScopedPCCERT_CONTEXT CreateCertContextWithChain( 55 const X509Certificate* cert, 56 InvalidIntermediateBehavior invalid_intermediate_behavior); 57 58 // Calculates the SHA-256 fingerprint of the certificate. Returns an empty 59 // (all zero) fingerprint on failure. 60 NET_EXPORT SHA256HashValue CalculateFingerprint256(PCCERT_CONTEXT cert); 61 62 // Returns true if the certificate is self-signed. 63 NET_EXPORT bool IsSelfSigned(PCCERT_CONTEXT cert_handle); 64 65 } // namespace net::x509_util 66 67 #endif // NET_CERT_X509_UTIL_WIN_H_ 68