Add new functions to handle UPN and email addresses

net/cert/x509_util_nss.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_CERT_X509_UTIL_NSS_H_
 #define NET_CERT_X509_UTIL_NSS_H_
 
 #include <stddef.h>
 
 #include <string>
@@ skipping 22 matching lines @@
 // |principal|.
 void ParsePrincipal(CERTName* name,
                     CertPrincipal* principal);
 
 // Parses the date from |der_date| and outputs the result in |result|.
 void ParseDate(const SECItem* der_date, base::Time* result);
 
 // Parses the serial number from |certificate|.
 std::string ParseSerialNumber(const CERTCertificate* certificate);
 
-// Gets the subjectAltName extension field from the certificate, if any.
+// Gets the dNSName and iPAddress name types from the subjectAltName
+// extension of |cert_handle|, storing them in |dns_names| and
+// |ip_addrs|, respectively.
+// If no subjectAltName is present, or no names of that type are
+// present, the relevant vectors are cleared.
 void GetSubjectAltName(CERTCertificate* cert_handle,
                        std::vector<std::string>* dns_names,
                        std::vector<std::string>* ip_addrs);
 
+// Stores the values of all rfc822Name subjectAltNames from |cert_handle|
+// into |names|. If no names are present, clears |names|.
+// WARNING: This method does not validate that the rfc822Name is
+// properly encoded; it MAY contain embedded NULs or other illegal
+// characters; care should be taken to validate the well-formedness
+// before using.
+NET_EXPORT void GetRFC822SubjectAltNames(CERTCertificate* cert_handle,
+                                         std::vector<std::string>* names);
+
+// Stores the values of all Microsoft UPN subjectAltNames from |cert_handle|
+// into |names|. If no names are present, clears |names|.
+//
+// A "Microsoft UPN subjectAltName" is an OtherName value whose type-id
+// is equal to 1.3.6.1.4.1.311.20.2.3 (known as either id-ms-san-sc-logon-upn,
+// as described in RFC 4556, or as szOID_NT_PRINCIPAL_NAME, as
+// documented in Microsoft KB287547).
+// The value field is a UTF8String literal.
+// For more information:
+//   https://www.ietf.org/mail-archive/web/pkix/current/msg03145.html
+//   https://www.ietf.org/proceedings/65/slides/pkix-4/sld1.htm
+//   https://tools.ietf.org/html/rfc4556
+//
+// WARNING: This method does not validate that the name is
+// properly encoded; it MAY contain embedded NULs or other illegal
+// characters; care should be taken to validate the well-formedness
+// before using.
+NET_EXPORT void GetUPNSubjectAltNames(CERTCertificate* cert_handle,
+                                      std::vector<std::string>* names);
+
 // Creates all possible OS certificate handles from |data| encoded in a specific
 // |format|. Returns an empty collection on failure.
 X509Certificate::OSCertHandles CreateOSCertHandlesFromBytes(
     const char* data,
     size_t length,
     X509Certificate::Format format);
 
 // Reads a single certificate from |pickle_iter| and returns a platform-specific
 // certificate handle. Returns an invalid handle, NULL, on failure.
 X509Certificate::OSCertHandle ReadOSCertHandleFromPickle(
@@ skipping 36 matching lines @@
 std::string GetUniqueNicknameForSlot(const std::string& nickname,
                                      const SECItem* subject,
                                      PK11SlotInfo* slot);
 #endif  // defined(USE_NSS_CERTS) || defined(OS_IOS)
 
 } // namespace x509_util
 
 } // namespace net
 
 #endif  // NET_CERT_X509_UTIL_NSS_H_