OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_ | 5 #ifndef NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_ |
6 #define NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_ | 6 #define NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <map> | 10 #include <map> |
11 | 11 |
12 #include "base/compiler_specific.h" | 12 #include "base/compiler_specific.h" |
13 #include "net/base/net_export.h" | 13 #include "net/base/net_export.h" |
14 #include "net/der/input.h" | 14 #include "net/der/input.h" |
15 #include "net/der/parse_values.h" | 15 #include "net/der/parse_values.h" |
16 | 16 |
17 namespace net { | 17 namespace net { |
18 | 18 |
19 struct ParsedCertificate; | 19 struct ParsedCertificate; |
20 struct ParsedTbsCertificate; | 20 struct ParsedTbsCertificate; |
21 | 21 |
| 22 // Returns true if the given serial number (CertificateSerialNumber in RFC 5280) |
| 23 // is valid: |
| 24 // |
| 25 // CertificateSerialNumber ::= INTEGER |
| 26 // |
| 27 // The input to this function is the (unverified) value octets of the INTEGER. |
| 28 // This function will verify that: |
| 29 // |
| 30 // * The octets are a valid DER-encoding of an INTEGER (for instance, minimal |
| 31 // encoding length). |
| 32 // |
| 33 // * No more than 20 octets are used. |
| 34 // |
| 35 // Note that it DOES NOT reject non-positive values (zero or negative). |
| 36 // |
| 37 // For reference, here is what RFC 5280 section 4.1.2.2 says: |
| 38 // |
| 39 // Given the uniqueness requirements above, serial numbers can be |
| 40 // expected to contain long integers. Certificate users MUST be able to |
| 41 // handle serialNumber values up to 20 octets. Conforming CAs MUST NOT |
| 42 // use serialNumber values longer than 20 octets. |
| 43 // |
| 44 // Note: Non-conforming CAs may issue certificates with serial numbers |
| 45 // that are negative or zero. Certificate users SHOULD be prepared to |
| 46 // gracefully handle such certificates. |
| 47 bool VerifySerialNumber(const der::Input& value) WARN_UNUSED_RESULT; |
| 48 |
22 // Parses a DER-encoded "Certificate" as specified by RFC 5280. Returns true on | 49 // Parses a DER-encoded "Certificate" as specified by RFC 5280. Returns true on |
23 // success and sets the results in |out|. | 50 // success and sets the results in |out|. |
24 // | 51 // |
25 // Note that on success |out| aliases data from the input |certificate_tlv|. | 52 // Note that on success |out| aliases data from the input |certificate_tlv|. |
26 // Hence the fields of the ParsedCertificate are only valid as long as | 53 // Hence the fields of the ParsedCertificate are only valid as long as |
27 // |certificate_tlv| remains valid. | 54 // |certificate_tlv| remains valid. |
28 // | 55 // |
29 // On failure |out| has an undefined state. Some of its fields may have been | 56 // On failure |out| has an undefined state. Some of its fields may have been |
30 // updated during parsing, whereas others may not have been changed. | 57 // updated during parsing, whereas others may not have been changed. |
31 // | 58 // |
(...skipping 332 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
364 // be set. | 391 // be set. |
365 // | 392 // |
366 // To test if a particular key usage is set, call, e.g.: | 393 // To test if a particular key usage is set, call, e.g.: |
367 // key_usage->AssertsBit(KEY_USAGE_BIT_DIGITAL_SIGNATURE); | 394 // key_usage->AssertsBit(KEY_USAGE_BIT_DIGITAL_SIGNATURE); |
368 NET_EXPORT bool ParseKeyUsage(const der::Input& key_usage_tlv, | 395 NET_EXPORT bool ParseKeyUsage(const der::Input& key_usage_tlv, |
369 der::BitString* key_usage) WARN_UNUSED_RESULT; | 396 der::BitString* key_usage) WARN_UNUSED_RESULT; |
370 | 397 |
371 } // namespace net | 398 } // namespace net |
372 | 399 |
373 #endif // NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_ | 400 #endif // NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_ |
OLD | NEW |