OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/internal/parse_certificate.h" | 5 #include "net/cert/internal/parse_certificate.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
| 9 #include "base/strings/string_util.h" |
9 #include "net/der/input.h" | 10 #include "net/der/input.h" |
10 #include "net/der/parse_values.h" | 11 #include "net/der/parse_values.h" |
11 #include "net/der/parser.h" | 12 #include "net/der/parser.h" |
12 | 13 |
13 namespace net { | 14 namespace net { |
14 | 15 |
15 namespace { | 16 namespace { |
16 | 17 |
17 // Returns true if |input| is a SEQUENCE and nothing else. | 18 // Returns true if |input| is a SEQUENCE and nothing else. |
18 WARN_UNUSED_RESULT bool IsSequenceTLV(const der::Input& input) { | 19 WARN_UNUSED_RESULT bool IsSequenceTLV(const der::Input& input) { |
(...skipping 439 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
458 der::Input ExtKeyUsageOid() { | 459 der::Input ExtKeyUsageOid() { |
459 // From RFC 5280: | 460 // From RFC 5280: |
460 // | 461 // |
461 // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } | 462 // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } |
462 // | 463 // |
463 // In dotted notation: 2.5.29.37 | 464 // In dotted notation: 2.5.29.37 |
464 static const uint8_t oid[] = {0x55, 0x1d, 0x25}; | 465 static const uint8_t oid[] = {0x55, 0x1d, 0x25}; |
465 return der::Input(oid); | 466 return der::Input(oid); |
466 } | 467 } |
467 | 468 |
| 469 der::Input AuthorityInfoAccessOid() { |
| 470 // From RFC 5280: |
| 471 // |
| 472 // id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } |
| 473 // |
| 474 // In dotted notation: 1.3.6.1.5.5.7.1.1 |
| 475 static const uint8_t oid[] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01}; |
| 476 return der::Input(oid); |
| 477 } |
| 478 |
| 479 der::Input AdCaIssuersOid() { |
| 480 // From RFC 5280: |
| 481 // |
| 482 // id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } |
| 483 // |
| 484 // In dotted notation: 1.3.6.1.5.5.7.48.2 |
| 485 static const uint8_t oid[] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02}; |
| 486 return der::Input(oid); |
| 487 } |
| 488 |
| 489 der::Input AdOcspOid() { |
| 490 // From RFC 5280: |
| 491 // |
| 492 // id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } |
| 493 // |
| 494 // In dotted notation: 1.3.6.1.5.5.7.48.1 |
| 495 static const uint8_t oid[] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01}; |
| 496 return der::Input(oid); |
| 497 } |
| 498 |
468 NET_EXPORT bool ParseExtensions( | 499 NET_EXPORT bool ParseExtensions( |
469 const der::Input& extensions_tlv, | 500 const der::Input& extensions_tlv, |
470 std::map<der::Input, ParsedExtension>* extensions) { | 501 std::map<der::Input, ParsedExtension>* extensions) { |
471 der::Parser parser(extensions_tlv); | 502 der::Parser parser(extensions_tlv); |
472 | 503 |
473 // Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension | 504 // Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension |
474 der::Parser extensions_parser; | 505 der::Parser extensions_parser; |
475 if (!parser.ReadSequence(&extensions_parser)) | 506 if (!parser.ReadSequence(&extensions_parser)) |
476 return false; | 507 return false; |
477 | 508 |
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
583 // RFC 5280 section 4.2.1.3: | 614 // RFC 5280 section 4.2.1.3: |
584 // | 615 // |
585 // When the keyUsage extension appears in a certificate, at least | 616 // When the keyUsage extension appears in a certificate, at least |
586 // one of the bits MUST be set to 1. | 617 // one of the bits MUST be set to 1. |
587 if (BitStringIsAllZeros(*key_usage)) | 618 if (BitStringIsAllZeros(*key_usage)) |
588 return false; | 619 return false; |
589 | 620 |
590 return true; | 621 return true; |
591 } | 622 } |
592 | 623 |
| 624 bool ParseAuthorityInfoAccess( |
| 625 const der::Input& authority_info_access_tlv, |
| 626 std::vector<base::StringPiece>* out_ca_issuers_uris, |
| 627 std::vector<base::StringPiece>* out_ocsp_uris) { |
| 628 der::Parser parser(authority_info_access_tlv); |
| 629 |
| 630 out_ca_issuers_uris->clear(); |
| 631 out_ocsp_uris->clear(); |
| 632 |
| 633 // AuthorityInfoAccessSyntax ::= |
| 634 // SEQUENCE SIZE (1..MAX) OF AccessDescription |
| 635 der::Parser sequence_parser; |
| 636 if (!parser.ReadSequence(&sequence_parser)) |
| 637 return false; |
| 638 if (!sequence_parser.HasMore()) |
| 639 return false; |
| 640 |
| 641 while (sequence_parser.HasMore()) { |
| 642 // AccessDescription ::= SEQUENCE { |
| 643 der::Parser access_description_sequence_parser; |
| 644 if (!sequence_parser.ReadSequence(&access_description_sequence_parser)) |
| 645 return false; |
| 646 |
| 647 // accessMethod OBJECT IDENTIFIER, |
| 648 der::Input access_method_oid; |
| 649 if (!access_description_sequence_parser.ReadTag(der::kOid, |
| 650 &access_method_oid)) |
| 651 return false; |
| 652 |
| 653 // accessLocation GeneralName } |
| 654 der::Tag access_location_tag; |
| 655 der::Input access_location_value; |
| 656 if (!access_description_sequence_parser.ReadTagAndValue( |
| 657 &access_location_tag, &access_location_value)) |
| 658 return false; |
| 659 |
| 660 // GeneralName ::= CHOICE { |
| 661 if (access_location_tag == der::ContextSpecificPrimitive(6)) { |
| 662 // uniformResourceIdentifier [6] IA5String, |
| 663 base::StringPiece uri = access_location_value.AsStringPiece(); |
| 664 if (!base::IsStringASCII(uri)) |
| 665 return false; |
| 666 |
| 667 if (access_method_oid == AdCaIssuersOid()) |
| 668 out_ca_issuers_uris->push_back(uri); |
| 669 else if (access_method_oid == AdOcspOid()) |
| 670 out_ocsp_uris->push_back(uri); |
| 671 } |
| 672 } |
| 673 |
| 674 return true; |
| 675 } |
| 676 |
593 } // namespace net | 677 } // namespace net |
OLD | NEW |