Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(638)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/parsed_certificate.cc

Issue 2079273004: Allow Cast certificates to have serial numbers greater than 20 bytes. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: remove allowance of invalid serial numbers for cast roots Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/internal/parsed_certificate.h ('k') | net/cert/internal/verify_certificate_chain_pkits_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/parsed_certificate.h" 5 #include "net/cert/internal/parsed_certificate.h"
6 6
7 #include "net/cert/internal/name_constraints.h" 7 #include "net/cert/internal/name_constraints.h"
8 #include "net/cert/internal/signature_algorithm.h" 8 #include "net/cert/internal/signature_algorithm.h"
9 #include "net/cert/internal/verify_name_match.h" 9 #include "net/cert/internal/verify_name_match.h"
10 #include "net/der/parser.h" 10 #include "net/der/parser.h"
11 11
12 namespace net { 12 namespace net {
13 13
14 namespace { 14 namespace {
15 15
16 WARN_UNUSED_RESULT bool GetSequenceValue(const der::Input& tlv, 16 WARN_UNUSED_RESULT bool GetSequenceValue(const der::Input& tlv,
17 der::Input* value) { 17 der::Input* value) {
18 der::Parser parser(tlv); 18 der::Parser parser(tlv);
19 return parser.ReadTag(der::kSequence, value) && !parser.HasMore(); 19 return parser.ReadTag(der::kSequence, value) && !parser.HasMore();
20 } 20 }
21 21
22 } // namespace 22 } // namespace
23 23
24 ParsedCertificate::ParsedCertificate() {} 24 ParsedCertificate::ParsedCertificate() {}
25 ParsedCertificate::~ParsedCertificate() {} 25 ParsedCertificate::~ParsedCertificate() {}
26 26
27 scoped_refptr<ParsedCertificate> ParsedCertificate::CreateFromCertificateData( 27 scoped_refptr<ParsedCertificate> ParsedCertificate::CreateFromCertificateData(
28 const uint8_t* data, 28 const uint8_t* data,
29 size_t length, 29 size_t length,
30 DataSource source) { 30 DataSource source,
31 const ParseCertificateOptions& options) {
31 scoped_refptr<ParsedCertificate> result(new ParsedCertificate); 32 scoped_refptr<ParsedCertificate> result(new ParsedCertificate);
32 33
33 switch (source) { 34 switch (source) {
34 case DataSource::INTERNAL_COPY: 35 case DataSource::INTERNAL_COPY:
35 result->cert_data_.assign(data, data + length); 36 result->cert_data_.assign(data, data + length);
36 result->cert_ = 37 result->cert_ =
37 der::Input(result->cert_data_.data(), result->cert_data_.size()); 38 der::Input(result->cert_data_.data(), result->cert_data_.size());
38 break; 39 break;
39 case DataSource::EXTERNAL_REFERENCE: 40 case DataSource::EXTERNAL_REFERENCE:
40 result->cert_ = der::Input(data, length); 41 result->cert_ = der::Input(data, length);
41 break; 42 break;
42 } 43 }
43 44
44 if (!ParseCertificate(result->cert_, &result->tbs_certificate_tlv_, 45 if (!ParseCertificate(result->cert_, &result->tbs_certificate_tlv_,
45 &result->signature_algorithm_tlv_, 46 &result->signature_algorithm_tlv_,
46 &result->signature_value_)) { 47 &result->signature_value_)) {
47 return nullptr; 48 return nullptr;
48 } 49 }
49 50
50 if (!ParseTbsCertificate(result->tbs_certificate_tlv_, &result->tbs_)) 51 if (!ParseTbsCertificate(result->tbs_certificate_tlv_, options,
52 &result->tbs_)) {
51 return nullptr; 53 return nullptr;
54 }
52 55
53 // Attempt to parse the signature algorithm contained in the Certificate. 56 // Attempt to parse the signature algorithm contained in the Certificate.
54 // Do not give up on failure here, since SignatureAlgorithm::CreateFromDer 57 // Do not give up on failure here, since SignatureAlgorithm::CreateFromDer
55 // will fail on valid but unsupported signature algorithms. 58 // will fail on valid but unsupported signature algorithms.
56 // TODO(mattm): should distinguish between unsupported algorithms and parsing 59 // TODO(mattm): should distinguish between unsupported algorithms and parsing
57 // errors. 60 // errors.
58 result->signature_algorithm_ = 61 result->signature_algorithm_ =
59 SignatureAlgorithm::CreateFromDer(result->signature_algorithm_tlv_); 62 SignatureAlgorithm::CreateFromDer(result->signature_algorithm_tlv_);
60 63
61 der::Input subject_value; 64 der::Input subject_value;
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after
140 // NOTE: if additional extensions are consumed here, the verification code 143 // NOTE: if additional extensions are consumed here, the verification code
141 // must be updated to process those extensions, since the 144 // must be updated to process those extensions, since the
142 // VerifyNoUnconsumedCriticalExtensions uses the unparsed_extensions_ 145 // VerifyNoUnconsumedCriticalExtensions uses the unparsed_extensions_
143 // variable to tell which extensions were processed. 146 // variable to tell which extensions were processed.
144 } 147 }
145 148
146 return result; 149 return result;
147 } 150 }
148 151
149 scoped_refptr<ParsedCertificate> ParsedCertificate::CreateFromCertificateCopy( 152 scoped_refptr<ParsedCertificate> ParsedCertificate::CreateFromCertificateCopy(
150 const base::StringPiece& data) { 153 const base::StringPiece& data,
154 const ParseCertificateOptions& options) {
151 return ParsedCertificate::CreateFromCertificateData( 155 return ParsedCertificate::CreateFromCertificateData(
152 reinterpret_cast<const uint8_t*>(data.data()), data.size(), 156 reinterpret_cast<const uint8_t*>(data.data()), data.size(),
153 DataSource::INTERNAL_COPY); 157 DataSource::INTERNAL_COPY, options);
154 } 158 }
155 159
156 bool ParsedCertificate::CreateAndAddToVector( 160 bool ParsedCertificate::CreateAndAddToVector(
157 const uint8_t* data, 161 const uint8_t* data,
158 size_t length, 162 size_t length,
159 DataSource source, 163 DataSource source,
164 const ParseCertificateOptions& options,
160 std::vector<scoped_refptr<ParsedCertificate>>* chain) { 165 std::vector<scoped_refptr<ParsedCertificate>>* chain) {
161 scoped_refptr<ParsedCertificate> cert( 166 scoped_refptr<ParsedCertificate> cert(
162 CreateFromCertificateData(data, length, source)); 167 CreateFromCertificateData(data, length, source, options));
163 if (!cert) 168 if (!cert)
164 return false; 169 return false;
165 chain->push_back(std::move(cert)); 170 chain->push_back(std::move(cert));
166 return true; 171 return true;
167 } 172 }
168 173
169 } // namespace net 174 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/internal/parsed_certificate.h ('k') | net/cert/internal/verify_certificate_chain_pkits_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698