net/cert/internal/parse_certificate.h - Issue 2036033002: Add CertIssuerSourceAia: authorityInfoAccess fetching for CertPathBuilder.

Unified Diff: net/cert/internal/parse_certificate.h

Issue 2036033002: Add CertIssuerSourceAia: authorityInfoAccess fetching for CertPathBuilder. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@cert-parsing-path-building

Patch Set: . Created 4 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« net/cert/internal/cert_issuer_source_aia_unittest.cc ('K') | « net/cert/internal/cert_issuer_source_aia_unittest.cc ('k') | net/cert/internal/parse_certificate.cc » ('j') | net/data/cert_issuer_source_aia_unittest/generate-certs.py » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/cert/internal/parse_certificate.h

diff --git a/net/cert/internal/parse_certificate.h b/net/cert/internal/parse_certificate.h

index 1414d2e059d2435889b9891461399051412d655e..f247f440f58e0c5da81c90740785a5221ab095ba 100644

--- a/net/cert/internal/parse_certificate.h

+++ b/net/cert/internal/parse_certificate.h

@@ -8,6 +8,7 @@

#include <stdint.h>

#include <map>

+#include <vector>

#include "base/compiler_specific.h"

#include "net/base/net_export.h"

@@ -312,6 +313,27 @@ NET_EXPORT der::Input PolicyConstraintsOid();

// In dotted notation: 2.5.29.37

NET_EXPORT der::Input ExtKeyUsageOid();

+// From RFC 5280:

+//

+// id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }

+//

+// In dotted notation: 1.3.6.1.5.5.7.1.1

+NET_EXPORT der::Input AuthorityInfoAccessOid();

+// From RFC 5280:

+//

+// id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }

+//

+// In dotted notation: 1.3.6.1.5.5.7.48.2

+NET_EXPORT der::Input AdCaIssuersOid();

+// From RFC 5280:

+//

+// id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }

+//

+// In dotted notation: 1.3.6.1.5.5.7.48.1

+NET_EXPORT der::Input AdOcspOid();

// Parses the Extensions sequence as defined by RFC 5280. Extensions are added

// to the map |extensions| keyed by the OID. Parsing guarantees that each OID

// is unique. Note that certificate verification must consume each extension

@@ -391,6 +413,27 @@ enum KeyUsageBit {

NET_EXPORT bool ParseKeyUsage(const der::Input& key_usage_tlv,

der::BitString* key_usage) WARN_UNUSED_RESULT;

+// Parses the Authority Information Access extension defined by RFC 5280.

+// Returns true on success, and |out_ca_issuers_uris| and |out_ocsp_uris| will

+// alias data in authority_info_access_tlv. On failure returns false, and

+// |out_ca_issuers_uris| and |out_ocsp_uris| may have been modified.

+//

+// |out_ca_issuers_uris| is filled with the accessLocations of type

+// uniformResourceIdentifier for the accessMethod id-ad-caIssuers.

+// |out_ocsp_uris| is filled with the accessLocations of type

+// uniformResourceIdentifier for the accessMethod id-ad-ocsp.

+//

+// The values in |out_ca_issuers_uris| and |out_ocsp_uris| are checked to be

+// IA5String (ASCII strings), but no other validation is performed on them.

+//

+// accessMethods other than id-ad-caIssuers and id-ad-ocsp are silently ignored.

+// accessLocation types other than uniformResourceIdentifier are silently

+// ignored.

+NET_EXPORT bool ParseAuthorityInfoAccess(

+ const der::Input& authority_info_access_tlv,

+ std::vector<base::StringPiece>* out_ca_issuers_uris,

eroman 2016/06/03 16:28:52 why stringpiece rather than der::Input ?

mattm 2016/06/03 21:27:27 These are ASCII string data, so StringPiece seems

+ std::vector<base::StringPiece>* out_ocsp_uris);

eroman 2016/06/03 16:28:52 warn_unused_result to match other functions

mattm 2016/06/03 21:27:27 Done.

} // namespace net

#endif // NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_