Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(14)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/parse_certificate.cc

Issue 2036033002: Add CertIssuerSourceAia: authorityInfoAccess fetching for CertPathBuilder. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@cert-parsing-path-building
Patch Set: review changes Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/internal/parse_certificate.h ('K') | « net/cert/internal/parse_certificate.h ('k') | net/cert/internal/parse_certificate_fuzzer.cc » ('j') | net/cert/internal/parsed_certificate.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/parse_certificate.h" 5 #include "net/cert/internal/parse_certificate.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/strings/string_util.h"
9 #include "net/der/input.h" 10 #include "net/der/input.h"
10 #include "net/der/parse_values.h" 11 #include "net/der/parse_values.h"
11 #include "net/der/parser.h" 12 #include "net/der/parser.h"
12 13
13 namespace net { 14 namespace net {
14 15
15 namespace { 16 namespace {
16 17
17 // Returns true if |input| is a SEQUENCE and nothing else. 18 // Returns true if |input| is a SEQUENCE and nothing else.
18 WARN_UNUSED_RESULT bool IsSequenceTLV(const der::Input& input) { 19 WARN_UNUSED_RESULT bool IsSequenceTLV(const der::Input& input) {
(...skipping 439 matching lines...) Expand 10 before | Expand all | Expand 10 after
458 der::Input ExtKeyUsageOid() { 459 der::Input ExtKeyUsageOid() {
459 // From RFC 5280: 460 // From RFC 5280:
460 // 461 //
461 // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } 462 // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
462 // 463 //
463 // In dotted notation: 2.5.29.37 464 // In dotted notation: 2.5.29.37
464 static const uint8_t oid[] = {0x55, 0x1d, 0x25}; 465 static const uint8_t oid[] = {0x55, 0x1d, 0x25};
465 return der::Input(oid); 466 return der::Input(oid);
466 } 467 }
467 468
469 der::Input AuthorityInfoAccessOid() {
470 // From RFC 5280:
471 //
472 // id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
473 //
474 // In dotted notation: 1.3.6.1.5.5.7.1.1
475 static const uint8_t oid[] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01};
476 return der::Input(oid);
477 }
478
479 der::Input AdCaIssuersOid() {
480 // From RFC 5280:
481 //
482 // id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
483 //
484 // In dotted notation: 1.3.6.1.5.5.7.48.2
485 static const uint8_t oid[] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02};
486 return der::Input(oid);
487 }
488
489 der::Input AdOcspOid() {
490 // From RFC 5280:
491 //
492 // id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
493 //
494 // In dotted notation: 1.3.6.1.5.5.7.48.1
495 static const uint8_t oid[] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01};
496 return der::Input(oid);
497 }
498
468 NET_EXPORT bool ParseExtensions( 499 NET_EXPORT bool ParseExtensions(
469 const der::Input& extensions_tlv, 500 const der::Input& extensions_tlv,
470 std::map<der::Input, ParsedExtension>* extensions) { 501 std::map<der::Input, ParsedExtension>* extensions) {
471 der::Parser parser(extensions_tlv); 502 der::Parser parser(extensions_tlv);
472 503
473 // Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 504 // Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
474 der::Parser extensions_parser; 505 der::Parser extensions_parser;
475 if (!parser.ReadSequence(&extensions_parser)) 506 if (!parser.ReadSequence(&extensions_parser))
476 return false; 507 return false;
477 508
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after
583 // RFC 5280 section 4.2.1.3: 614 // RFC 5280 section 4.2.1.3:
584 // 615 //
585 // When the keyUsage extension appears in a certificate, at least 616 // When the keyUsage extension appears in a certificate, at least
586 // one of the bits MUST be set to 1. 617 // one of the bits MUST be set to 1.
587 if (BitStringIsAllZeros(*key_usage)) 618 if (BitStringIsAllZeros(*key_usage))
588 return false; 619 return false;
589 620
590 return true; 621 return true;
591 } 622 }
592 623
624 bool ParseAuthorityInfoAccess(
625 const der::Input& authority_info_access_tlv,
626 std::vector<base::StringPiece>* out_ca_issuers_uris,
627 std::vector<base::StringPiece>* out_ocsp_uris) {
628 der::Parser parser(authority_info_access_tlv);
629
630 // AuthorityInfoAccessSyntax ::=
631 // SEQUENCE SIZE (1..MAX) OF AccessDescription
632 der::Parser sequence_parser;
633 if (!parser.ReadSequence(&sequence_parser))
634 return false;
635 if (!sequence_parser.HasMore())
636 return false;
637
638 while (sequence_parser.HasMore()) {
639 // AccessDescription ::= SEQUENCE {
640 der::Parser access_description_sequence_parser;
641 if (!sequence_parser.ReadSequence(&access_description_sequence_parser))
642 return false;
643
644 // accessMethod OBJECT IDENTIFIER,
645 der::Input access_method_oid;
646 if (!access_description_sequence_parser.ReadTag(der::kOid,
647 &access_method_oid))
648 return false;
649
650 // accessLocation GeneralName }
651 der::Tag access_location_tag;
652 der::Input access_location_value;
653 if (!access_description_sequence_parser.ReadTagAndValue(
654 &access_location_tag, &access_location_value))
655 return false;
656
657 // GeneralName ::= CHOICE {
658 if (access_location_tag == der::ContextSpecificPrimitive(6)) {
659 // uniformResourceIdentifier [6] IA5String,
660 base::StringPiece uri = access_location_value.AsStringPiece();
661 if (!base::IsStringASCII(uri))
662 return false;
663
664 if (access_method_oid == AdCaIssuersOid())
665 out_ca_issuers_uris->push_back(uri);
666 else if (access_method_oid == AdOcspOid())
667 out_ocsp_uris->push_back(uri);
668 }
669 }
670
671 return true;
672 }
673
593 } // namespace net 674 } // namespace net
OLDNEW
« net/cert/internal/parse_certificate.h ('K') | « net/cert/internal/parse_certificate.h ('k') | net/cert/internal/parse_certificate_fuzzer.cc » ('j') | net/cert/internal/parsed_certificate.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698