Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(218)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/name_constraints.h

Issue 1685023002: Fix API mismatch between NameConstraints::IsPermittedCert's subjectAltName param and ParseExtension. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@name-constraints-directorynameparsing
Patch Set: updated comments Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/cert/internal/name_constraints.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_CERT_INTERNAL_NAME_CONSTRAINTS_H_ 5 #ifndef NET_CERT_INTERNAL_NAME_CONSTRAINTS_H_
6 #define NET_CERT_INTERNAL_NAME_CONSTRAINTS_H_ 6 #define NET_CERT_INTERNAL_NAME_CONSTRAINTS_H_
7 7
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include <vector> 10 #include <vector>
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after
79 // the OCTET STRING tag). |is_critical| should be true if the extension was 79 // the OCTET STRING tag). |is_critical| should be true if the extension was
80 // marked critical. Returns nullptr if parsing the the extension failed. 80 // marked critical. Returns nullptr if parsing the the extension failed.
81 // The object lifetime is not bound to the lifetime of |extension_value| data. 81 // The object lifetime is not bound to the lifetime of |extension_value| data.
82 static scoped_ptr<NameConstraints> CreateFromDer( 82 static scoped_ptr<NameConstraints> CreateFromDer(
83 const der::Input& extension_value, 83 const der::Input& extension_value,
84 bool is_critical); 84 bool is_critical);
85 85
86 // Tests if a certificate is allowed by the name constraints. 86 // Tests if a certificate is allowed by the name constraints.
87 // |subject_rdn_sequence| should be the DER-encoded value of the subject's 87 // |subject_rdn_sequence| should be the DER-encoded value of the subject's
88 // RDNSequence (not including Sequence tag), and may be an empty ASN.1 88 // RDNSequence (not including Sequence tag), and may be an empty ASN.1
89 // sequence. |subject_alt_name_extnvalue_tlv| should be the extnValue of the 89 // sequence. |subject_alt_name_tlv| should be the extnValue of the
90 // subjectAltName extension (including the OCTET STRING tag & length), or 90 // subjectAltName extension (not including the OCTET STRING tag & length). If
91 // empty if the cert did not have a subjectAltName extension. 91 // the cert did not have a subjectAltName extension, |has_subject_alt_name|
92 // should be false and |subject_alt_name_tlv| should be empty.
92 // Note that this method does not check hostname or IP address in commonName, 93 // Note that this method does not check hostname or IP address in commonName,
93 // which is deprecated (crbug.com/308330). 94 // which is deprecated (crbug.com/308330).
94 bool IsPermittedCert(const der::Input& subject_rdn_sequence, 95 bool IsPermittedCert(const der::Input& subject_rdn_sequence,
95 const der::Input& subject_alt_name_extnvalue_tlv) const; 96 bool has_subject_alt_name,
97 const der::Input& subject_alt_name_tlv) const;
96 98
97 // Returns true if the ASCII hostname |name| is permitted. 99 // Returns true if the ASCII hostname |name| is permitted.
98 // |name| may be a wildcard hostname (starts with "*."). Eg, "*.bar.com" 100 // |name| may be a wildcard hostname (starts with "*."). Eg, "*.bar.com"
99 // would not be permitted if "bar.com" is permitted and "foo.bar.com" is 101 // would not be permitted if "bar.com" is permitted and "foo.bar.com" is
100 // excluded, while "*.baz.com" would only be permitted if "baz.com" is 102 // excluded, while "*.baz.com" would only be permitted if "baz.com" is
101 // permitted. 103 // permitted.
102 bool IsPermittedDNSName(const std::string& name) const; 104 bool IsPermittedDNSName(const std::string& name) const;
103 105
104 // Returns true if the directoryName |name_rdn_sequence| is permitted. 106 // Returns true if the directoryName |name_rdn_sequence| is permitted.
105 // |name_rdn_sequence| should be the DER-encoded RDNSequence value (not 107 // |name_rdn_sequence| should be the DER-encoded RDNSequence value (not
(...skipping 23 matching lines...) Expand all
129 bool Parse(const der::Input& extension_value, 131 bool Parse(const der::Input& extension_value,
130 bool is_critical) WARN_UNUSED_RESULT; 132 bool is_critical) WARN_UNUSED_RESULT;
131 133
132 GeneralNames permitted_subtrees_; 134 GeneralNames permitted_subtrees_;
133 GeneralNames excluded_subtrees_; 135 GeneralNames excluded_subtrees_;
134 }; 136 };
135 137
136 } // namespace net 138 } // namespace net
137 139
138 #endif // NET_CERT_INTERNAL_NAME_CONSTRAINTS_H_ 140 #endif // NET_CERT_INTERNAL_NAME_CONSTRAINTS_H_
OLDNEW
« no previous file with comments | « no previous file | net/cert/internal/name_constraints.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698