Index: net/cert/internal/parse_certificate.cc |
diff --git a/net/cert/internal/parse_certificate.cc b/net/cert/internal/parse_certificate.cc |
index 2a699268c12c5d65da8aee863c73fe43255baec6..d9413b3b4d310a812d198b5be4c12f307df6d748 100644 |
--- a/net/cert/internal/parse_certificate.cc |
+++ b/net/cert/internal/parse_certificate.cc |
@@ -6,6 +6,7 @@ |
#include <utility> |
+#include "base/strings/string_util.h" |
#include "net/der/input.h" |
#include "net/der/parse_values.h" |
#include "net/der/parser.h" |
@@ -465,6 +466,36 @@ der::Input ExtKeyUsageOid() { |
return der::Input(oid); |
} |
+der::Input AuthorityInfoAccessOid() { |
+ // From RFC 5280: |
+ // |
+ // id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } |
+ // |
+ // In dotted notation: 1.3.6.1.5.5.7.1.1 |
+ static const uint8_t oid[] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01}; |
+ return der::Input(oid); |
+} |
+ |
+der::Input AdCaIssuersOid() { |
+ // From RFC 5280: |
+ // |
+ // id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } |
+ // |
+ // In dotted notation: 1.3.6.1.5.5.7.48.2 |
+ static const uint8_t oid[] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02}; |
+ return der::Input(oid); |
+} |
+ |
+der::Input AdOcspOid() { |
+ // From RFC 5280: |
+ // |
+ // id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } |
+ // |
+ // In dotted notation: 1.3.6.1.5.5.7.48.1 |
+ static const uint8_t oid[] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01}; |
+ return der::Input(oid); |
+} |
+ |
NET_EXPORT bool ParseExtensions( |
const der::Input& extensions_tlv, |
std::map<der::Input, ParsedExtension>* extensions) { |
@@ -590,4 +621,57 @@ bool ParseKeyUsage(const der::Input& key_usage_tlv, der::BitString* key_usage) { |
return true; |
} |
+bool ParseAuthorityInfoAccess( |
+ const der::Input& authority_info_access_tlv, |
+ std::vector<base::StringPiece>* out_ca_issuers_uris, |
+ std::vector<base::StringPiece>* out_ocsp_uris) { |
+ der::Parser parser(authority_info_access_tlv); |
+ |
+ out_ca_issuers_uris->clear(); |
+ out_ocsp_uris->clear(); |
+ |
+ // AuthorityInfoAccessSyntax ::= |
+ // SEQUENCE SIZE (1..MAX) OF AccessDescription |
+ der::Parser sequence_parser; |
+ if (!parser.ReadSequence(&sequence_parser)) |
+ return false; |
+ if (!sequence_parser.HasMore()) |
+ return false; |
+ |
+ while (sequence_parser.HasMore()) { |
+ // AccessDescription ::= SEQUENCE { |
+ der::Parser access_description_sequence_parser; |
+ if (!sequence_parser.ReadSequence(&access_description_sequence_parser)) |
+ return false; |
+ |
+ // accessMethod OBJECT IDENTIFIER, |
+ der::Input access_method_oid; |
+ if (!access_description_sequence_parser.ReadTag(der::kOid, |
+ &access_method_oid)) |
+ return false; |
+ |
+ // accessLocation GeneralName } |
+ der::Tag access_location_tag; |
+ der::Input access_location_value; |
+ if (!access_description_sequence_parser.ReadTagAndValue( |
+ &access_location_tag, &access_location_value)) |
+ return false; |
+ |
+ // GeneralName ::= CHOICE { |
+ if (access_location_tag == der::ContextSpecificPrimitive(6)) { |
+ // uniformResourceIdentifier [6] IA5String, |
+ base::StringPiece uri = access_location_value.AsStringPiece(); |
+ if (!base::IsStringASCII(uri)) |
+ return false; |
+ |
+ if (access_method_oid == AdCaIssuersOid()) |
+ out_ca_issuers_uris->push_back(uri); |
+ else if (access_method_oid == AdOcspOid()) |
+ out_ocsp_uris->push_back(uri); |
+ } |
+ } |
+ |
+ return true; |
+} |
+ |
} // namespace net |