net/cert/x509_util_nss.h - Issue 1720653002: Add new functions to handle UPN and email addresses

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/x509_util_nss.h

Issue 1720653002: Add new functions to handle UPN and email addresses (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: fix ios build breakage Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/x509_util_nss.h

diff --git a/net/cert/x509_util_nss.h b/net/cert/x509_util_nss.h

index 55e562effbab95875f4fb9cd76099c0977d8a83b..11e34dafdc25c0c94d4d7e3951ee252d1ad27a60 100644

--- a/net/cert/x509_util_nss.h

+++ b/net/cert/x509_util_nss.h

@@ -40,11 +40,44 @@ void ParseDate(const SECItem* der_date, base::Time* result);

// Parses the serial number from |certificate|.

std::string ParseSerialNumber(const CERTCertificate* certificate);

-// Gets the subjectAltName extension field from the certificate, if any.

+// Gets the dNSName and iPAddress name types from the subjectAltName

+// extension of |cert_handle|, storing them in |dns_names| and

+// |ip_addrs|, respectively.

+// If no subjectAltName is present, or no names of that type are

+// present, the relevant vectors are cleared.

void GetSubjectAltName(CERTCertificate* cert_handle,

std::vector<std::string>* dns_names,

std::vector<std::string>* ip_addrs);

+// Stores the values of all rfc822Name subjectAltNames from |cert_handle|

+// into |names|. If no names are present, clears |names|.

+// WARNING: This method does not validate that the rfc822Name is

+// properly encoded; it MAY contain embedded NULs or other illegal

+// characters; care should be taken to validate the well-formedness

+// before using.

+NET_EXPORT void GetRFC822SubjectAltNames(CERTCertificate* cert_handle,

+ std::vector<std::string>* names);

+// Stores the values of all Microsoft UPN subjectAltNames from |cert_handle|

+// into |names|. If no names are present, clears |names|.

+//

+// A "Microsoft UPN subjectAltName" is an OtherName value whose type-id

+// is equal to 1.3.6.1.4.1.311.20.2.3 (known as either id-ms-san-sc-logon-upn,

+// as described in RFC 4556, or as szOID_NT_PRINCIPAL_NAME, as

+// documented in Microsoft KB287547).

+// The value field is a UTF8String literal.

+// For more information:

+// https://www.ietf.org/mail-archive/web/pkix/current/msg03145.html

+// https://www.ietf.org/proceedings/65/slides/pkix-4/sld1.htm

+// https://tools.ietf.org/html/rfc4556

+//

+// WARNING: This method does not validate that the name is

+// properly encoded; it MAY contain embedded NULs or other illegal

+// characters; care should be taken to validate the well-formedness

+// before using.

+NET_EXPORT void GetUPNSubjectAltNames(CERTCertificate* cert_handle,

+ std::vector<std::string>* names);

// Creates all possible OS certificate handles from |data| encoded in a specific

// |format|. Returns an empty collection on failure.

X509Certificate::OSCertHandles CreateOSCertHandlesFromBytes(

« no previous file with comments | « net/cert/x509_certificate_unittest.cc ('k') | net/cert/x509_util_nss_certs.cc » ('j') | no next file with comments »