Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(182)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/internal/parse_certificate.cc

Issue 2036033002: Add CertIssuerSourceAia: authorityInfoAccess fetching for CertPathBuilder. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@cert-parsing-path-building
Patch Set: derp Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cert/internal/cert_issuer_source_aia_unittest.cc ('K') | « net/cert/internal/parse_certificate.h ('k') | net/cert/internal/parse_certificate_fuzzer.cc » ('j') | net/data/verify_certificate_chain_unittest/common.py » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/internal/parse_certificate.cc
diff --git a/net/cert/internal/parse_certificate.cc b/net/cert/internal/parse_certificate.cc
index 2a699268c12c5d65da8aee863c73fe43255baec6..d9413b3b4d310a812d198b5be4c12f307df6d748 100644
--- a/net/cert/internal/parse_certificate.cc
+++ b/net/cert/internal/parse_certificate.cc
@@ -6,6 +6,7 @@
#include <utility>
+#include "base/strings/string_util.h"
#include "net/der/input.h"
#include "net/der/parse_values.h"
#include "net/der/parser.h"
@@ -465,6 +466,36 @@ der::Input ExtKeyUsageOid() {
return der::Input(oid);
}
+der::Input AuthorityInfoAccessOid() {
+ // From RFC 5280:
+ //
+ // id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
+ //
+ // In dotted notation: 1.3.6.1.5.5.7.1.1
+ static const uint8_t oid[] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01};
+ return der::Input(oid);
+}
+
+der::Input AdCaIssuersOid() {
+ // From RFC 5280:
+ //
+ // id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
+ //
+ // In dotted notation: 1.3.6.1.5.5.7.48.2
+ static const uint8_t oid[] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02};
+ return der::Input(oid);
+}
+
+der::Input AdOcspOid() {
+ // From RFC 5280:
+ //
+ // id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
+ //
+ // In dotted notation: 1.3.6.1.5.5.7.48.1
+ static const uint8_t oid[] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01};
+ return der::Input(oid);
+}
+
NET_EXPORT bool ParseExtensions(
const der::Input& extensions_tlv,
std::map<der::Input, ParsedExtension>* extensions) {
@@ -590,4 +621,57 @@ bool ParseKeyUsage(const der::Input& key_usage_tlv, der::BitString* key_usage) {
return true;
}
+bool ParseAuthorityInfoAccess(
+ const der::Input& authority_info_access_tlv,
+ std::vector<base::StringPiece>* out_ca_issuers_uris,
+ std::vector<base::StringPiece>* out_ocsp_uris) {
+ der::Parser parser(authority_info_access_tlv);
+
+ out_ca_issuers_uris->clear();
+ out_ocsp_uris->clear();
+
+ // AuthorityInfoAccessSyntax ::=
+ // SEQUENCE SIZE (1..MAX) OF AccessDescription
+ der::Parser sequence_parser;
+ if (!parser.ReadSequence(&sequence_parser))
+ return false;
+ if (!sequence_parser.HasMore())
+ return false;
+
+ while (sequence_parser.HasMore()) {
+ // AccessDescription ::= SEQUENCE {
+ der::Parser access_description_sequence_parser;
+ if (!sequence_parser.ReadSequence(&access_description_sequence_parser))
+ return false;
+
+ // accessMethod OBJECT IDENTIFIER,
+ der::Input access_method_oid;
+ if (!access_description_sequence_parser.ReadTag(der::kOid,
+ &access_method_oid))
+ return false;
+
+ // accessLocation GeneralName }
+ der::Tag access_location_tag;
+ der::Input access_location_value;
+ if (!access_description_sequence_parser.ReadTagAndValue(
+ &access_location_tag, &access_location_value))
+ return false;
+
+ // GeneralName ::= CHOICE {
+ if (access_location_tag == der::ContextSpecificPrimitive(6)) {
+ // uniformResourceIdentifier [6] IA5String,
+ base::StringPiece uri = access_location_value.AsStringPiece();
+ if (!base::IsStringASCII(uri))
+ return false;
+
+ if (access_method_oid == AdCaIssuersOid())
+ out_ca_issuers_uris->push_back(uri);
+ else if (access_method_oid == AdOcspOid())
+ out_ocsp_uris->push_back(uri);
+ }
+ }
+
+ return true;
+}
+
} // namespace net
« net/cert/internal/cert_issuer_source_aia_unittest.cc ('K') | « net/cert/internal/parse_certificate.h ('k') | net/cert/internal/parse_certificate_fuzzer.cc » ('j') | net/data/verify_certificate_chain_unittest/common.py » ('J')

Powered by Google App Engine
This is Rietveld 408576698