OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_ | 5 #ifndef NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_ |
6 #define NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_ | 6 #define NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <map> | 10 #include <map> |
| 11 #include <vector> |
11 | 12 |
12 #include "base/compiler_specific.h" | 13 #include "base/compiler_specific.h" |
13 #include "net/base/net_export.h" | 14 #include "net/base/net_export.h" |
14 #include "net/der/input.h" | 15 #include "net/der/input.h" |
15 #include "net/der/parse_values.h" | 16 #include "net/der/parse_values.h" |
16 | 17 |
17 namespace net { | 18 namespace net { |
18 | 19 |
19 struct ParsedTbsCertificate; | 20 struct ParsedTbsCertificate; |
20 | 21 |
(...skipping 284 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
305 // In dotted notation: 2.5.29.36 | 306 // In dotted notation: 2.5.29.36 |
306 NET_EXPORT der::Input PolicyConstraintsOid(); | 307 NET_EXPORT der::Input PolicyConstraintsOid(); |
307 | 308 |
308 // From RFC 5280: | 309 // From RFC 5280: |
309 // | 310 // |
310 // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } | 311 // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } |
311 // | 312 // |
312 // In dotted notation: 2.5.29.37 | 313 // In dotted notation: 2.5.29.37 |
313 NET_EXPORT der::Input ExtKeyUsageOid(); | 314 NET_EXPORT der::Input ExtKeyUsageOid(); |
314 | 315 |
| 316 // From RFC 5280: |
| 317 // |
| 318 // id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } |
| 319 // |
| 320 // In dotted notation: 1.3.6.1.5.5.7.1.1 |
| 321 NET_EXPORT der::Input AuthorityInfoAccessOid(); |
| 322 |
| 323 // From RFC 5280: |
| 324 // |
| 325 // id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } |
| 326 // |
| 327 // In dotted notation: 1.3.6.1.5.5.7.48.2 |
| 328 NET_EXPORT der::Input AdCaIssuersOid(); |
| 329 |
| 330 // From RFC 5280: |
| 331 // |
| 332 // id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } |
| 333 // |
| 334 // In dotted notation: 1.3.6.1.5.5.7.48.1 |
| 335 NET_EXPORT der::Input AdOcspOid(); |
| 336 |
315 // Parses the Extensions sequence as defined by RFC 5280. Extensions are added | 337 // Parses the Extensions sequence as defined by RFC 5280. Extensions are added |
316 // to the map |extensions| keyed by the OID. Parsing guarantees that each OID | 338 // to the map |extensions| keyed by the OID. Parsing guarantees that each OID |
317 // is unique. Note that certificate verification must consume each extension | 339 // is unique. Note that certificate verification must consume each extension |
318 // marked as critical. | 340 // marked as critical. |
319 // | 341 // |
320 // Returns true on success and fills |extensions|. The output will reference | 342 // Returns true on success and fills |extensions|. The output will reference |
321 // bytes in |extensions_tlv|, so that data must be kept alive. | 343 // bytes in |extensions_tlv|, so that data must be kept alive. |
322 // On failure |extensions| may be partially written to and should not be used. | 344 // On failure |extensions| may be partially written to and should not be used. |
323 NET_EXPORT bool ParseExtensions( | 345 NET_EXPORT bool ParseExtensions( |
324 const der::Input& extensions_tlv, | 346 const der::Input& extensions_tlv, |
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
384 // | 406 // |
385 // In addition to validating that key_usage_tlv is a BIT STRING, this does | 407 // In addition to validating that key_usage_tlv is a BIT STRING, this does |
386 // additional KeyUsage specific validations such as requiring at least 1 bit to | 408 // additional KeyUsage specific validations such as requiring at least 1 bit to |
387 // be set. | 409 // be set. |
388 // | 410 // |
389 // To test if a particular key usage is set, call, e.g.: | 411 // To test if a particular key usage is set, call, e.g.: |
390 // key_usage->AssertsBit(KEY_USAGE_BIT_DIGITAL_SIGNATURE); | 412 // key_usage->AssertsBit(KEY_USAGE_BIT_DIGITAL_SIGNATURE); |
391 NET_EXPORT bool ParseKeyUsage(const der::Input& key_usage_tlv, | 413 NET_EXPORT bool ParseKeyUsage(const der::Input& key_usage_tlv, |
392 der::BitString* key_usage) WARN_UNUSED_RESULT; | 414 der::BitString* key_usage) WARN_UNUSED_RESULT; |
393 | 415 |
| 416 // Parses the Authority Information Access extension defined by RFC 5280. |
| 417 // Returns true on success, and |out_ca_issuers_uris| and |out_ocsp_uris| will |
| 418 // alias data in |authority_info_access_tlv|. On failure returns false, and |
| 419 // |out_ca_issuers_uris| and |out_ocsp_uris| may have been partially filled. |
| 420 // |
| 421 // |out_ca_issuers_uris| is filled with the accessLocations of type |
| 422 // uniformResourceIdentifier for the accessMethod id-ad-caIssuers. |
| 423 // |out_ocsp_uris| is filled with the accessLocations of type |
| 424 // uniformResourceIdentifier for the accessMethod id-ad-ocsp. |
| 425 // |
| 426 // The values in |out_ca_issuers_uris| and |out_ocsp_uris| are checked to be |
| 427 // IA5String (ASCII strings), but no other validation is performed on them. |
| 428 // |
| 429 // accessMethods other than id-ad-caIssuers and id-ad-ocsp are silently ignored. |
| 430 // accessLocation types other than uniformResourceIdentifier are silently |
| 431 // ignored. |
| 432 NET_EXPORT bool ParseAuthorityInfoAccess( |
| 433 const der::Input& authority_info_access_tlv, |
| 434 std::vector<base::StringPiece>* out_ca_issuers_uris, |
| 435 std::vector<base::StringPiece>* out_ocsp_uris) WARN_UNUSED_RESULT; |
| 436 |
394 } // namespace net | 437 } // namespace net |
395 | 438 |
396 #endif // NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_ | 439 #endif // NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_ |
OLD | NEW |