Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(56)

Unified Diff: net/cert/x509_util_nss_certs.cc

Issue 1720653002: Add new functions to handle UPN and email addresses (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix ios build breakage Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/x509_util_nss.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/x509_util_nss_certs.cc
diff --git a/net/cert/x509_util_nss_certs.cc b/net/cert/x509_util_nss_certs.cc
index 1ec360d31e6d81d013a6ae56154826cd72840160..b0058895def32886273623811d1bb0de9bd4ab99 100644
--- a/net/cert/x509_util_nss_certs.cc
+++ b/net/cert/x509_util_nss_certs.cc
@@ -33,6 +33,10 @@ namespace net {
namespace {
+// Microsoft User Principal Name: 1.3.6.1.4.1.311.20.2.3
+const uint8_t kUpnOid[] = {0x2b, 0x6, 0x1, 0x4, 0x1,
+ 0x82, 0x37, 0x14, 0x2, 0x3};
+
// Callback for CERT_DecodeCertPackage(), used in
// CreateOSCertHandlesFromBytes().
SECStatus PR_CALLBACK
@@ -200,6 +204,74 @@ void GetSubjectAltName(CERTCertificate* cert_handle,
PORT_FreeArena(arena, PR_FALSE);
}
+void GetRFC822SubjectAltNames(CERTCertificate* cert_handle,
+ std::vector<std::string>* names) {
+ crypto::ScopedSECItem alt_name(SECITEM_AllocItem(NULL, NULL, 0));
+ DCHECK(alt_name.get());
+
+ names->clear();
+ SECStatus rv = CERT_FindCertExtension(
+ cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, alt_name.get());
+ if (rv != SECSuccess)
+ return;
+
+ crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+ DCHECK(arena.get());
+
+ CERTGeneralName* alt_name_list;
+ alt_name_list = CERT_DecodeAltNameExtension(arena.get(), alt_name.get());
+
+ CERTGeneralName* name = alt_name_list;
+ while (name) {
+ if (name->type == certRFC822Name) {
+ names->push_back(
+ std::string(reinterpret_cast<char*>(name->name.other.data),
+ name->name.other.len));
+ }
+ name = CERT_GetNextGeneralName(name);
+ if (name == alt_name_list)
+ break;
+ }
+}
+
+void GetUPNSubjectAltNames(CERTCertificate* cert_handle,
+ std::vector<std::string>* names) {
+ crypto::ScopedSECItem alt_name(SECITEM_AllocItem(NULL, NULL, 0));
+ DCHECK(alt_name.get());
+
+ names->clear();
+ SECStatus rv = CERT_FindCertExtension(
+ cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, alt_name.get());
+ if (rv != SECSuccess)
+ return;
+
+ crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+ DCHECK(arena.get());
+
+ CERTGeneralName* alt_name_list;
+ alt_name_list = CERT_DecodeAltNameExtension(arena.get(), alt_name.get());
+
+ CERTGeneralName* name = alt_name_list;
+ while (name) {
+ if (name->type == certOtherName) {
+ OtherName* on = &name->name.OthName;
+ if (on->oid.len == sizeof(kUpnOid) &&
+ memcmp(on->oid.data, kUpnOid, sizeof(kUpnOid)) == 0) {
+ SECItem decoded;
+ if (SEC_QuickDERDecodeItem(arena.get(), &decoded,
+ SEC_ASN1_GET(SEC_UTF8StringTemplate),
+ &name->name.OthName.name) == SECSuccess) {
+ names->push_back(
+ std::string(reinterpret_cast<char*>(decoded.data), decoded.len));
+ }
+ }
+ }
+ name = CERT_GetNextGeneralName(name);
+ if (name == alt_name_list)
+ break;
+ }
+}
+
X509Certificate::OSCertHandles CreateOSCertHandlesFromBytes(
const char* data,
size_t length,
« no previous file with comments | « net/cert/x509_util_nss.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698