Add CertErrors* parameter to the main Certificate parsing functions.

net/cert/internal/parsed_certificate.h

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_CERT_INTERNAL_PARSED_CERTIFICATE_H_
 #define NET_CERT_INTERNAL_PARSED_CERTIFICATE_H_
 
 #include <map>
 #include <memory>
 #include <vector>
 
 #include "base/memory/ref_counted.h"
 #include "net/base/net_export.h"
 #include "net/cert/internal/parse_certificate.h"
 #include "net/der/input.h"
 
 namespace net {
 
 struct GeneralNames;
 class NameConstraints;
 class ParsedCertificate;
 class SignatureAlgorithm;
+class CertErrors;
 
 using ParsedCertificateList = std::vector<scoped_refptr<ParsedCertificate>>;
 
 // Represents an X.509 certificate, including Certificate, TBSCertificate, and
 // standard extensions.
 // Creating a ParsedCertificate does not completely parse and validate the
 // certificate data. Presence of a member in this class implies the DER was
 // parsed successfully to that level, but does not imply the contents of that
 // member are valid, unless otherwise specified. See the documentation for each
 // member or the documentation of the type it returns.
 class NET_EXPORT ParsedCertificate
     : public base::RefCountedThreadSafe<ParsedCertificate> {
  public:
   // Map from OID to ParsedExtension.
   using ExtensionsMap = std::map<der::Input, ParsedExtension>;
 
-  // The certificate data for may either be owned internally (INTERNAL_COPY) or
-  // owned externally (EXTERNAL_REFERENCE). When it is owned internally the data
-  // is held by |cert_data_|
-  enum class DataSource {
-    INTERNAL_COPY,
-    EXTERNAL_REFERENCE,
-  };
-
   // Creates a ParsedCertificate given a DER-encoded Certificate. Returns
   // nullptr on failure. Failure will occur if the standard certificate fields
   // and supported extensions cannot be parsed.
   //
-  // The provided certificate data is either copied, or aliased, depending on
-  // the value of |source|. See the comments for DataSource for details.
-  static scoped_refptr<ParsedCertificate> CreateFromCertificateData(
+  // The provided certificate data is copied, so |data| needn't remain valid
+  // after this call.
+  //
+  // On either success or failure, if |errors| is non-null it may have error
+  // information added to it.
+  static scoped_refptr<ParsedCertificate> Create(
       const uint8_t* data,
       size_t length,
-      DataSource source,
-      const ParseCertificateOptions& options);
+      const ParseCertificateOptions& options,
+      CertErrors* errors);
 
-  // Creates a ParsedCertificate and appends it to |chain|. Returns true if the
-  // certificate was successfully parsed and added. If false is return, |chain|
-  // is unmodified.
+  // Overload that takes a StringPiece.
+  static scoped_refptr<ParsedCertificate> Create(
+      const base::StringPiece& data,
+      const ParseCertificateOptions& options,
+      CertErrors* errors);
+
+  // Creates a ParsedCertificate by copying the provided |data|, and appends it
+  // to |chain|. Returns true if the certificate was successfully parsed and
+  // added. If false is return, |chain| is unmodified.
+  //
+  // On either success or failure, if |errors| is non-null it may have error
+  // information added to it.
   static bool CreateAndAddToVector(
       const uint8_t* data,
       size_t length,
-      DataSource source,
       const ParseCertificateOptions& options,
-      std::vector<scoped_refptr<net::ParsedCertificate>>* chain);
+      std::vector<scoped_refptr<net::ParsedCertificate>>* chain,
+      CertErrors* errors);
 
-  // Creates a ParsedCertificate, copying the data from |data|.
-  static scoped_refptr<ParsedCertificate> CreateFromCertificateCopy(
+  // Overload that takes a StringPiece.
+  static bool CreateAndAddToVector(
       const base::StringPiece& data,
-      const ParseCertificateOptions& options);
+      const ParseCertificateOptions& options,
+      std::vector<scoped_refptr<net::ParsedCertificate>>* chain,
+      CertErrors* errors);
+
+  // Like Create() this builds a ParsedCertificate given a DER-encoded
+  // Certificate and returns nullptr on failure.
+  //
+  // However a copy of |data| is NOT made.
+  //
+  // This is a dangerous way to create as ParsedCertificate and should only be
+  // used with care when saving a copy is really worth it, or the data is known
+  // to come from static storage (and hence remain valid for entire life of
+  // process).
+  //
+  // ParsedCertificate is reference counted, so it is easy to extend the life
+  // and and end up with a ParsedCertificate referencing feed memory.
+  //
+  // On either success or failure, if |errors| is non-null it may have error
+  // information added to it.
+  static scoped_refptr<ParsedCertificate> CreateWithoutCopyingUnsafe(
+      const uint8_t* data,
+      size_t length,
+      const ParseCertificateOptions& options,
+      CertErrors* errors);
 
   // Returns the DER-encoded certificate data for this cert.
   const der::Input& der_cert() const { return cert_; }
 
   // Accessors for raw fields of the Certificate.
   const der::Input& tbs_certificate_tlv() const { return tbs_certificate_tlv_; }
 
   const der::Input& signature_algorithm_tlv() const {
     return signature_algorithm_tlv_;
   }
@@ skipping 90 matching lines @@
 
   // Returns any OCSP URIs from the AuthorityInfoAccess extension.
   const std::vector<base::StringPiece>& ocsp_uris() const { return ocsp_uris_; }
 
   // Returns a map of unhandled extensions (excludes the ones above).
   const ExtensionsMap& unparsed_extensions() const {
     return unparsed_extensions_;
   }
 
  private:
+  // The certificate data for may either be owned internally (INTERNAL_COPY) or
+  // owned externally (EXTERNAL_REFERENCE). When it is owned internally the data
+  // is held by |cert_data_|
+  enum class DataSource {
+    INTERNAL_COPY,
+    EXTERNAL_REFERENCE,
+  };
+
   friend class base::RefCountedThreadSafe<ParsedCertificate>;
   ParsedCertificate();
   ~ParsedCertificate();
 
+  static scoped_refptr<ParsedCertificate> CreateInternal(
+      const uint8_t* data,
+      size_t length,
+      DataSource source,
+      const ParseCertificateOptions& options,
+      CertErrors* errors);
+
   // The backing store for the certificate data. This is only applicable when
   // the ParsedCertificate was initialized using DataSource::INTERNAL_COPY.
   std::vector<uint8_t> cert_data_;
 
   // Note that the backing data for |cert_| (and its  may come either from
   // |cert_data_| or some external buffer (depending on how the
   // ParsedCertificate was created).
 
   // Points to the raw certificate DER.
   der::Input cert_;
@@ skipping 38 matching lines @@
 
   // The remaining extensions (excludes the standard ones above).
   ExtensionsMap unparsed_extensions_;
 
   DISALLOW_COPY_AND_ASSIGN(ParsedCertificate);
 };
 
 }  // namespace net
 
 #endif  // NET_CERT_INTERNAL_PARSED_CERTIFICATE_H_