Add CertIssuerSourceAia: authorityInfoAccess fetching for CertPathBuilder.

net/cert/internal/parse_certificate.h

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_
 #define NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_
 
 #include <stdint.h>
 
 #include <map>
+#include <vector>
 
 #include "base/compiler_specific.h"
 #include "net/base/net_export.h"
 #include "net/der/input.h"
 #include "net/der/parse_values.h"
 
 namespace net {
 
 struct ParsedTbsCertificate;
 
@@ skipping 284 matching lines @@
 // In dotted notation: 2.5.29.36
 NET_EXPORT der::Input PolicyConstraintsOid();
 
 // From RFC 5280:
 //
 //     id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
 //
 // In dotted notation: 2.5.29.37
 NET_EXPORT der::Input ExtKeyUsageOid();
 
+// From RFC 5280:
+//
+//     id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
+//
+// In dotted notation: 1.3.6.1.5.5.7.1.1
+NET_EXPORT der::Input AuthorityInfoAccessOid();
+
+// From RFC 5280:
+//
+//     id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
+//
+// In dotted notation: 1.3.6.1.5.5.7.48.2
+NET_EXPORT der::Input AdCaIssuersOid();
+
+// From RFC 5280:
+//
+//     id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
+//
+// In dotted notation: 1.3.6.1.5.5.7.48.1
+NET_EXPORT der::Input AdOcspOid();
+
 // Parses the Extensions sequence as defined by RFC 5280. Extensions are added
 // to the map |extensions| keyed by the OID. Parsing guarantees that each OID
 // is unique. Note that certificate verification must consume each extension
 // marked as critical.
 //
 // Returns true on success and fills |extensions|. The output will reference
 // bytes in |extensions_tlv|, so that data must be kept alive.
 // On failure |extensions| may be partially written to and should not be used.
 NET_EXPORT bool ParseExtensions(
     const der::Input& extensions_tlv,
@@ skipping 59 matching lines @@
 //
 // In addition to validating that key_usage_tlv is a BIT STRING, this does
 // additional KeyUsage specific validations such as requiring at least 1 bit to
 // be set.
 //
 // To test if a particular key usage is set, call, e.g.:
 //     key_usage->AssertsBit(KEY_USAGE_BIT_DIGITAL_SIGNATURE);
 NET_EXPORT bool ParseKeyUsage(const der::Input& key_usage_tlv,
                               der::BitString* key_usage) WARN_UNUSED_RESULT;
 
+// Parses the Authority Information Access extension defined by RFC 5280.
+// Returns true on success, and |out_ca_issuers_uris| and |out_ocsp_uris| will
+// alias data in |authority_info_access_tlv|. On failure returns false, and
+// |out_ca_issuers_uris| and |out_ocsp_uris| may have been partially filled.
+//
+// |out_ca_issuers_uris| is filled with the accessLocations of type
+// uniformResourceIdentifier for the accessMethod id-ad-caIssuers.
+// |out_ocsp_uris| is filled with the accessLocations of type
+// uniformResourceIdentifier for the accessMethod id-ad-ocsp.
+//
+// The values in |out_ca_issuers_uris| and |out_ocsp_uris| are checked to be
+// IA5String (ASCII strings), but no other validation is performed on them.
+//
+// accessMethods other than id-ad-caIssuers and id-ad-ocsp are silently ignored.
+// accessLocation types other than uniformResourceIdentifier are silently
+// ignored.
+NET_EXPORT bool ParseAuthorityInfoAccess(
+    const der::Input& authority_info_access_tlv,
+    std::vector<base::StringPiece>* out_ca_issuers_uris,
+    std::vector<base::StringPiece>* out_ocsp_uris) WARN_UNUSED_RESULT;
+
 }  // namespace net
 
 #endif  // NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_