OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_ | 5 #ifndef NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_ |
6 #define NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_ | 6 #define NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <map> | 10 #include <map> |
11 #include <vector> | |
11 | 12 |
12 #include "base/compiler_specific.h" | 13 #include "base/compiler_specific.h" |
13 #include "net/base/net_export.h" | 14 #include "net/base/net_export.h" |
14 #include "net/der/input.h" | 15 #include "net/der/input.h" |
15 #include "net/der/parse_values.h" | 16 #include "net/der/parse_values.h" |
16 | 17 |
17 namespace net { | 18 namespace net { |
18 | 19 |
19 struct ParsedTbsCertificate; | 20 struct ParsedTbsCertificate; |
20 | 21 |
(...skipping 284 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
305 // In dotted notation: 2.5.29.36 | 306 // In dotted notation: 2.5.29.36 |
306 NET_EXPORT der::Input PolicyConstraintsOid(); | 307 NET_EXPORT der::Input PolicyConstraintsOid(); |
307 | 308 |
308 // From RFC 5280: | 309 // From RFC 5280: |
309 // | 310 // |
310 // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } | 311 // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } |
311 // | 312 // |
312 // In dotted notation: 2.5.29.37 | 313 // In dotted notation: 2.5.29.37 |
313 NET_EXPORT der::Input ExtKeyUsageOid(); | 314 NET_EXPORT der::Input ExtKeyUsageOid(); |
314 | 315 |
316 // From RFC 5280: | |
317 // | |
318 // id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } | |
319 // | |
320 // In dotted notation: 1.3.6.1.5.5.7.1.1 | |
321 NET_EXPORT der::Input AuthorityInfoAccessOid(); | |
322 | |
323 // From RFC 5280: | |
324 // | |
325 // id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } | |
326 // | |
327 // In dotted notation: 1.3.6.1.5.5.7.48.2 | |
328 NET_EXPORT der::Input AdCaIssuersOid(); | |
329 | |
330 // From RFC 5280: | |
331 // | |
332 // id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } | |
333 // | |
334 // In dotted notation: 1.3.6.1.5.5.7.48.1 | |
335 NET_EXPORT der::Input AdOcspOid(); | |
336 | |
315 // Parses the Extensions sequence as defined by RFC 5280. Extensions are added | 337 // Parses the Extensions sequence as defined by RFC 5280. Extensions are added |
316 // to the map |extensions| keyed by the OID. Parsing guarantees that each OID | 338 // to the map |extensions| keyed by the OID. Parsing guarantees that each OID |
317 // is unique. Note that certificate verification must consume each extension | 339 // is unique. Note that certificate verification must consume each extension |
318 // marked as critical. | 340 // marked as critical. |
319 // | 341 // |
320 // Returns true on success and fills |extensions|. The output will reference | 342 // Returns true on success and fills |extensions|. The output will reference |
321 // bytes in |extensions_tlv|, so that data must be kept alive. | 343 // bytes in |extensions_tlv|, so that data must be kept alive. |
322 // On failure |extensions| may be partially written to and should not be used. | 344 // On failure |extensions| may be partially written to and should not be used. |
323 NET_EXPORT bool ParseExtensions( | 345 NET_EXPORT bool ParseExtensions( |
324 const der::Input& extensions_tlv, | 346 const der::Input& extensions_tlv, |
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
384 // | 406 // |
385 // In addition to validating that key_usage_tlv is a BIT STRING, this does | 407 // In addition to validating that key_usage_tlv is a BIT STRING, this does |
386 // additional KeyUsage specific validations such as requiring at least 1 bit to | 408 // additional KeyUsage specific validations such as requiring at least 1 bit to |
387 // be set. | 409 // be set. |
388 // | 410 // |
389 // To test if a particular key usage is set, call, e.g.: | 411 // To test if a particular key usage is set, call, e.g.: |
390 // key_usage->AssertsBit(KEY_USAGE_BIT_DIGITAL_SIGNATURE); | 412 // key_usage->AssertsBit(KEY_USAGE_BIT_DIGITAL_SIGNATURE); |
391 NET_EXPORT bool ParseKeyUsage(const der::Input& key_usage_tlv, | 413 NET_EXPORT bool ParseKeyUsage(const der::Input& key_usage_tlv, |
392 der::BitString* key_usage) WARN_UNUSED_RESULT; | 414 der::BitString* key_usage) WARN_UNUSED_RESULT; |
393 | 415 |
416 // Parses the Authority Information Access extension defined by RFC 5280. | |
417 // Returns true on success, and |out_ca_issuers_uris| and |out_ocsp_uris| will | |
418 // alias data in authority_info_access_tlv. On failure returns false, and | |
419 // |out_ca_issuers_uris| and |out_ocsp_uris| may have been modified. | |
420 // | |
421 // |out_ca_issuers_uris| is filled with the accessLocations of type | |
eroman
2016/06/04 01:08:48
note: it is unclear from this whether the intent i
mattm
2016/06/04 03:24:08
Changed the function to clear them first.
| |
422 // uniformResourceIdentifier for the accessMethod id-ad-caIssuers. | |
423 // |out_ocsp_uris| is filled with the accessLocations of type | |
424 // uniformResourceIdentifier for the accessMethod id-ad-ocsp. | |
425 // | |
426 // The values in |out_ca_issuers_uris| and |out_ocsp_uris| are checked to be | |
427 // IA5String (ASCII strings), but no other validation is performed on them. | |
428 // | |
429 // accessMethods other than id-ad-caIssuers and id-ad-ocsp are silently ignored. | |
430 // accessLocation types other than uniformResourceIdentifier are silently | |
431 // ignored. | |
432 NET_EXPORT bool ParseAuthorityInfoAccess( | |
433 const der::Input& authority_info_access_tlv, | |
434 std::vector<base::StringPiece>* out_ca_issuers_uris, | |
435 std::vector<base::StringPiece>* out_ocsp_uris) WARN_UNUSED_RESULT; | |
436 | |
394 } // namespace net | 437 } // namespace net |
395 | 438 |
396 #endif // NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_ | 439 #endif // NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_ |
OLD | NEW |