Adding OCSP Parser

net/cert/ocsp_parser.h

Index: net/cert/ocsp_parser.h
diff --git a/net/cert/ocsp_parser.h b/net/cert/ocsp_parser.h
new file mode 100644
index 0000000000000000000000000000000000000000..ec51bcd13318e242d8a62b0a304168eb7f017902
--- /dev/null
+++ b/net/cert/ocsp_parser.h
@@ -0,0 +1,100 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_CERT_OCSP_PARSER_H_
+#define NET_CERT_OCSP_PARSER_H_
+
+#include <string>
+#include <vector>
+
+#include "base/memory/scoped_ptr.h"
+#include "net/cert/internal/parse_certificate.h"
+#include "net/cert/internal/signature_algorithm.h"
+#include "net/der/input.h"
+#include "net/der/parse_values.h"
+#include "net/der/parser.h"
+#include "net/der/tag.h"
+
+namespace net {
+
+namespace ct {

[Ryan Sleevi, 2015/12/30 18:55:18]

wrong namespace ;)

[svaldez, 2015/12/30 19:31:37]

Done.

+
+// 1.3.6.1.5.5.7.48.1.1 - Basic OCSP Response
+const uint8_t kOidPkixOcspBasic[] = {0x2b, 0x06, 0x01, 0x05, 0x05,

[Ryan Sleevi, 2015/12/30 18:55:18]

Don't want this in a header (will end up duplicating the storage into every TU)

[svaldez, 2015/12/30 19:31:37]

Done.

+                                     0x07, 0x30, 0x01, 0x01};
+
+enum OCSPRevocationReason {

[Ryan Sleevi, 2015/12/30 18:55:18]

Inline to single response?

[svaldez, 2015/12/30 19:31:37]

Done.

+  OCSP_REVOKE_UNSPECIFIED,
+  OCSP_REVOKE_KEY_COMPROMISE,
+  OCSP_REVOKE_CA_COMPROMISE,
+  OCSP_REVOKE_AFFILIATION_CHANGED,
+  OCSP_REVOKE_SUPERSEDED,
+  OCSP_REVOKE_CESSATION_OF_OPERATION,
+  OCSP_REVOKE_CERTIFICATE_HOLD,
+  OCSP_REVOKE_UNUSED,
+  OCSP_REVOKE_REMOVE_FROM_CRL,
+  OCSP_REVOKE_PRIVILEGE_WITHDRAWN,
+  OCSP_REVOKE_A_COMPROMISE,
+};
+
+enum OCSPCertStatus {

[Ryan Sleevi, 2015/12/30 18:55:18]

Inline to single response?

[svaldez, 2015/12/30 19:31:37]

Done.

+  OCSP_CERT_GOOD,
+  OCSP_CERT_REVOKED,
+  OCSP_CERT_UNKNOWN,
+};
+
+enum OCSPResponseStatus {

[Ryan Sleevi, 2015/12/30 18:55:18]

inline to Response

[svaldez, 2015/12/30 19:31:37]

Done.

+  OCSP_SUCCESSFUL,
+  OCSP_MALFORMED_REQUEST,
+  OCSP_INTERNAL_ERROR,
+  OCSP_TRY_LATER,
+  OCSP_SIG_REQUIRED,
+  OCSP_UNAUTHORIZED,
+};
+
+struct OCSPSingleResponse {
+  OCSPSingleResponse();
+  ~OCSPSingleResponse();
+
+  std::string cert_id;
+  OCSPCertStatus cert_status;
+  der::GeneralizedTime revocation_time;
+  OCSPRevocationReason revocation_reason;
+  der::GeneralizedTime this_update;
+  der::GeneralizedTime next_update;
+  std::vector<ParsedExtension> extensions;
+};
+
+struct OCSPResponseData {
+  OCSPResponseData();
+  ~OCSPResponseData();
+
+  uint8_t version;
+  std::string responder_id_name;
+  std::string responder_id_key;
+  der::GeneralizedTime produced_at;
+  std::vector<OCSPSingleResponse> responses;
+  std::vector<ParsedExtension> extensions;

[Ryan Sleevi, 2015/12/30 18:55:18]

Not sure if we want to fully parse these; much of the other parsing code defers
parsing substructures to be done lazily.

+};
+
+struct NET_EXPORT OCSPResponse {
+  OCSPResponse();
+  ~OCSPResponse();
+
+  OCSPResponseStatus status;
+  OCSPResponseData data;
+  scoped_ptr<SignatureAlgorithm> signature_algorithm;
+  der::BitString signature;
+  std::vector<ParsedCertificate> certs;
+};
+
+// Parses the OCSP Response.
+NET_EXPORT_PRIVATE bool ParseOCSPResponse(const std::string& ocsp_response,
+                                          OCSPResponse* response);
+
+}  // namespace ct
+
+}  // namespace net
+
+#endif  // NET_CERT_OCSP_PARSER_H_