net/cert/internal/parse_certificate.cc - Issue 1285593003: Add parsing code for TBSCertificate's "validity" field.

Side by Side Diff: net/cert/internal/parse_certificate.cc

Issue 1285593003: Add parsing code for TBSCertificate's "validity" field. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@cert_parsing

Patch Set: rebase and fix a comment Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « net/cert/internal/parse_certificate.h ('k') | net/cert/internal/parse_certificate_unittest.cc » ('j') | net/data/parse_certificate_unittest/tbs_v3_extensions.pem » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/internal/parse_certificate.h"	5 #include "net/cert/internal/parse_certificate.h"

6	6

7 #include "net/der/input.h"	7 #include "net/der/input.h"

8 #include "net/der/parse_values.h"	8 #include "net/der/parse_values.h"

9 #include "net/der/parser.h"	9 #include "net/der/parser.h"

10	10

(...skipping 85 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
96 if (!der::IsValidInteger(value, &unused_negative))	96 if (!der::IsValidInteger(value, &unused_negative))

97 return false;	97 return false;

98	98

99 // Check if the serial number is too long per RFC 5280.	99 // Check if the serial number is too long per RFC 5280.

100 if (value.Length() > 20)	100 if (value.Length() > 20)

101 return false;	101 return false;

102	102

103 return true;	103 return true;

104 }	104 }

105	105

	106 // Consumes a "Time" value (as defined by RFC 5280) from \|parser\|. On success

	107 // writes the result to \|*out\| and returns true. On failure no guarantees are

	108 // made about the state of \|parser\|.

	109 //

	110 // From RFC 5280:

	111 //

	112 // Time ::= CHOICE {

	113 // utcTime UTCTime,

	114 // generalTime GeneralizedTime }

	115 WARN_UNUSED_RESULT bool ReadTime(der::Parser* parser,

	116 der::GeneralizedTime* out) {

	117 der::Input value;

	118 der::Tag tag;

	119

	120 if (!parser->ReadTagAndValue(&tag, &value))

	121 return false;

	122

	123 if (tag == der::kUtcTime)

	124 return der::ParseUTCTime(value, out);

	125

	126 if (tag == der::kGeneralizedTime)

	127 return der::ParseGeneralizedTime(value, out);

	128

	129 // Unrecognized tag.

	130 return false;

	131 }

	132

	133 // Parses a DER-encoded "Validity" as specified by RFC 5280. Returns true on

	134 // success and sets the results in \|not_before\| and \|not_after\|:

	135 //

	136 // Validity ::= SEQUENCE {

	137 // notBefore Time,

	138 // notAfter Time }

	139 //

	140 // Note that upon success it is NOT guaranteed that \|not_before <= not_after\|.

	141 bool ParseValidity(const der::Input& validity_tlv,

	142 der::GeneralizedTime* not_before,

	143 der::GeneralizedTime* not_after) {

	144 der::Parser parser(validity_tlv);

	145

	146 // Validity ::= SEQUENCE {

	147 der::Parser validity_parser;

	148 if (!parser.ReadSequence(&validity_parser))

	149 return false;

	150

	151 // notBefore Time,

	152 if (!ReadTime(&validity_parser, not_before))

	153 return false;

	154

	155 // notAfter Time }

	156 if (!ReadTime(&validity_parser, not_after))

	157 return false;

	158

	159 // By definition the input was a single Validity sequence, so there shouldn't

	160 // be unconsumed data.

	161 if (parser.HasMore())

	162 return false;

	163

	164 // The Validity type does not have an extension point.

	165 if (validity_parser.HasMore())

	166 return false;

	167

	168 // Note that RFC 5280 doesn't require notBefore to be <=

	169 // notAfter, so that will not be considered a "parsing" error here. Instead it

	170 // will be considered an expired certificate later when testing against the

	171 // current timestamp.

	172 return true;

	173 }

	174

106 } // namespace	175 } // namespace

107	176

108 ParsedTbsCertificate::ParsedTbsCertificate() {}	177 ParsedTbsCertificate::ParsedTbsCertificate() {}

109	178

110 ParsedTbsCertificate::~ParsedTbsCertificate() {}	179 ParsedTbsCertificate::~ParsedTbsCertificate() {}

111	180

112 bool ParseCertificate(const der::Input& certificate_tlv,	181 bool ParseCertificate(const der::Input& certificate_tlv,

113 ParsedCertificate* out) {	182 ParsedCertificate* out) {

114 der::Parser parser(certificate_tlv);	183 der::Parser parser(certificate_tlv);

115	184

(...skipping 78 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
194	263

195 // signature AlgorithmIdentifier,	264 // signature AlgorithmIdentifier,

196 if (!ReadSequenceTLV(&tbs_parser, &out->signature_algorithm_tlv))	265 if (!ReadSequenceTLV(&tbs_parser, &out->signature_algorithm_tlv))

197 return false;	266 return false;

198	267

199 // issuer Name,	268 // issuer Name,

200 if (!ReadSequenceTLV(&tbs_parser, &out->issuer_tlv))	269 if (!ReadSequenceTLV(&tbs_parser, &out->issuer_tlv))

201 return false;	270 return false;

202	271

203 // validity Validity,	272 // validity Validity,

204 if (!ReadSequenceTLV(&tbs_parser, &out->validity_tlv))	273 der::Input validity_tlv;

	274 if (!tbs_parser.ReadRawTLV(&validity_tlv))

205 return false;	275 return false;

	276 if (!ParseValidity(validity_tlv, &out->validity_not_before,

	277 &out->validity_not_after)) {

	278 return false;

	279 }

206	280

207 // subject Name,	281 // subject Name,

208 if (!ReadSequenceTLV(&tbs_parser, &out->subject_tlv))	282 if (!ReadSequenceTLV(&tbs_parser, &out->subject_tlv))

209 return false;	283 return false;

210	284

211 // subjectPublicKeyInfo SubjectPublicKeyInfo,	285 // subjectPublicKeyInfo SubjectPublicKeyInfo,

212 if (!ReadSequenceTLV(&tbs_parser, &out->spki_tlv))	286 if (!ReadSequenceTLV(&tbs_parser, &out->spki_tlv))

213 return false;	287 return false;

214	288

215 // issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,	289 // issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,

(...skipping 57 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
273	347

274 // By definition the input was a single TBSCertificate, so there shouldn't be	348 // By definition the input was a single TBSCertificate, so there shouldn't be

275 // unconsumed data.	349 // unconsumed data.

276 if (parser.HasMore())	350 if (parser.HasMore())

277 return false;	351 return false;

278	352

279 return true;	353 return true;

280 }	354 }

281	355

282 } // namespace net	356 } // namespace net

OLD	NEW