Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(79)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/parse_certificate.cc

Issue 1923433002: Certificate path builder for new certificate verification library (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: . Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/internal/parse_certificate.h ('k') | net/cert/internal/path_builder.h » ('j') | net/cert/internal/path_builder.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/parse_certificate.h" 5 #include "net/cert/internal/parse_certificate.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "net/der/input.h" 9 #include "net/der/input.h"
10 #include "net/der/parse_values.h" 10 #include "net/der/parse_values.h"
(...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after
147 } 147 }
148 return true; 148 return true;
149 } 149 }
150 150
151 } // namespace 151 } // namespace
152 152
153 ParsedCertificate::ParsedCertificate() {} 153 ParsedCertificate::ParsedCertificate() {}
154 154
155 ParsedCertificate::~ParsedCertificate() {} 155 ParsedCertificate::~ParsedCertificate() {}
156 156
157 // XXX these "copy without reparsing" constructors are kind ugly. think about
158 // other options?
159 ParsedCertificate::ParsedCertificate(const ParsedCertificate& other,
160 const der::Input& old_data,
161 const der::Input& new_data)
162 : tbs_certificate_tlv(other.tbs_certificate_tlv, old_data, new_data),
163 signature_algorithm_tlv(other.signature_algorithm_tlv,
164 old_data,
165 new_data),
166 signature_value(
167 der::Input(other.signature_value.bytes(), old_data, new_data),
168 other.signature_value.unused_bits()) {}
169
157 ParsedTbsCertificate::ParsedTbsCertificate() {} 170 ParsedTbsCertificate::ParsedTbsCertificate() {}
158 171
159 ParsedTbsCertificate::~ParsedTbsCertificate() {} 172 ParsedTbsCertificate::~ParsedTbsCertificate() {}
160 173
174 ParsedTbsCertificate::ParsedTbsCertificate(const ParsedTbsCertificate& other,
175 const der::Input& old_data,
176 const der::Input& new_data)
177 : version(other.version),
178 serial_number(other.serial_number, old_data, new_data),
179 signature_algorithm_tlv(other.signature_algorithm_tlv,
180 old_data,
181 new_data),
182 issuer_tlv(other.issuer_tlv, old_data, new_data),
183 validity_not_before(other.validity_not_before),
184 validity_not_after(other.validity_not_after),
185 subject_tlv(other.subject_tlv, old_data, new_data),
186 spki_tlv(other.spki_tlv, old_data, new_data),
187 has_issuer_unique_id(other.has_issuer_unique_id),
188 issuer_unique_id(
189 der::Input(other.issuer_unique_id.bytes(), old_data, new_data),
190 other.issuer_unique_id.unused_bits()),
191 has_subject_unique_id(other.has_subject_unique_id),
192 subject_unique_id(
193 der::Input(other.subject_unique_id.bytes(), old_data, new_data),
194 other.subject_unique_id.unused_bits()),
195 has_extensions(other.has_extensions),
196 extensions_tlv(other.extensions_tlv, old_data, new_data) {}
197
161 bool VerifySerialNumber(const der::Input& value) { 198 bool VerifySerialNumber(const der::Input& value) {
162 bool unused_negative; 199 bool unused_negative;
163 if (!der::IsValidInteger(value, &unused_negative)) 200 if (!der::IsValidInteger(value, &unused_negative))
164 return false; 201 return false;
165 202
166 // Check if the serial number is too long per RFC 5280. 203 // Check if the serial number is too long per RFC 5280.
167 if (value.Length() > 20) 204 if (value.Length() > 20)
168 return false; 205 return false;
169 206
170 return true; 207 return true;
(...skipping 402 matching lines...) Expand 10 before | Expand all | Expand 10 after
573 // 610 //
574 // When the keyUsage extension appears in a certificate, at least 611 // When the keyUsage extension appears in a certificate, at least
575 // one of the bits MUST be set to 1. 612 // one of the bits MUST be set to 1.
576 if (BitStringIsAllZeros(*key_usage)) 613 if (BitStringIsAllZeros(*key_usage))
577 return false; 614 return false;
578 615
579 return true; 616 return true;
580 } 617 }
581 618
582 } // namespace net 619 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/internal/parse_certificate.h ('k') | net/cert/internal/path_builder.h » ('j') | net/cert/internal/path_builder.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698