1 // Copyright 2011 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_SSL_SSL_CERT_REQUEST_INFO_H_ 6 #define NET_SSL_SSL_CERT_REQUEST_INFO_H_ 7 8 #include <cstdint> 9 #include <string> 10 #include <vector> 11 12 #include "base/memory/ref_counted.h" 13 #include "net/base/host_port_pair.h" 14 #include "net/base/net_export.h" 15 16 namespace net { 17 18 // The SSLCertRequestInfo class represents server criteria regarding client 19 // certificate required for a secure connection. 20 // 21 // In TLS 1.1, the CertificateRequest 22 // message is defined as: 23 // enum { 24 // rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), 25 // rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6), 26 // fortezza_dms_RESERVED(20), (255) 27 // } ClientCertificateType; 28 // 29 // opaque DistinguishedName<1..2^16-1>; 30 // 31 // struct { 32 // ClientCertificateType certificate_types<1..2^8-1>; 33 // DistinguishedName certificate_authorities<0..2^16-1>; 34 // } CertificateRequest; 35 class NET_EXPORT SSLCertRequestInfo 36 : public base::RefCountedThreadSafe<SSLCertRequestInfo> { 37 public: 38 SSLCertRequestInfo(); 39 40 void Reset(); 41 42 // The host and port of the SSL server that requested client authentication. 43 HostPortPair host_and_port; 44 45 // True if the server that issues this request was the HTTPS proxy used in 46 // the request. False, if the server was the origin server. 47 bool is_proxy = false; 48 49 // List of DER-encoded X.509 DistinguishedName of certificate authorities 50 // allowed by the server. 51 std::vector<std::string> cert_authorities; 52 53 // List of signature algorithms (using TLS 1.3 SignatureScheme constants) 54 // advertised as supported by the server. 55 std::vector<uint16_t> signature_algorithms; 56 57 private: 58 friend class base::RefCountedThreadSafe<SSLCertRequestInfo>; 59 60 ~SSLCertRequestInfo(); 61 }; 62 63 } // namespace net 64 65 #endif // NET_SSL_SSL_CERT_REQUEST_INFO_H_ 66