| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/parse_certificate.h" | 5 #include "net/cert/internal/parse_certificate.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
| 10 #include "net/cert/internal/cert_errors.h" |
| 10 #include "net/der/input.h" | 11 #include "net/der/input.h" |
| 11 #include "net/der/parse_values.h" | 12 #include "net/der/parse_values.h" |
| 12 #include "net/der/parser.h" | 13 #include "net/der/parser.h" |
| 13 | 14 |
| 14 namespace net { | 15 namespace net { |
| 15 | 16 |
| 16 namespace { | 17 namespace { |
| 17 | 18 |
| 19 DEFINE_CERT_ERROR_ID(kCertificateNotSequence, |
| 20 "Failed parsing Certificate SEQUENCE"); |
| 21 DEFINE_CERT_ERROR_ID(kUnconsumedDataInsideCertificateSequence, |
| 22 "Unconsumed data inside Certificate SEQUENCE"); |
| 23 DEFINE_CERT_ERROR_ID(kUnconsumedDataAfterCertificateSequence, |
| 24 "Unconsumed data after Certificate SEQUENCE"); |
| 25 DEFINE_CERT_ERROR_ID(kTbsCertificateNotSequence, |
| 26 "Couldn't read tbsCertificate as SEQUENCE"); |
| 27 DEFINE_CERT_ERROR_ID( |
| 28 kSignatureAlgorithmNotSequence, |
| 29 "Couldn't read Certificate.signatureAlgorithm as SEQUENCE"); |
| 30 DEFINE_CERT_ERROR_ID(kSignatureValueNotBitString, |
| 31 "Couldn't read Certificate.signatureValue as BIT STRING"); |
| 32 |
| 18 // Returns true if |input| is a SEQUENCE and nothing else. | 33 // Returns true if |input| is a SEQUENCE and nothing else. |
| 19 WARN_UNUSED_RESULT bool IsSequenceTLV(const der::Input& input) { | 34 WARN_UNUSED_RESULT bool IsSequenceTLV(const der::Input& input) { |
| 20 der::Parser parser(input); | 35 der::Parser parser(input); |
| 21 der::Parser unused_sequence_parser; | 36 der::Parser unused_sequence_parser; |
| 22 if (!parser.ReadSequence(&unused_sequence_parser)) | 37 if (!parser.ReadSequence(&unused_sequence_parser)) |
| 23 return false; | 38 return false; |
| 24 // Should by a single SEQUENCE by definition of the function. | 39 // Should by a single SEQUENCE by definition of the function. |
| 25 return !parser.HasMore(); | 40 return !parser.HasMore(); |
| 26 } | 41 } |
| 27 | 42 |
| (...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 165 return false; | 180 return false; |
| 166 | 181 |
| 167 return true; | 182 return true; |
| 168 } | 183 } |
| 169 | 184 |
| 170 bool ParseCertificate(const der::Input& certificate_tlv, | 185 bool ParseCertificate(const der::Input& certificate_tlv, |
| 171 der::Input* out_tbs_certificate_tlv, | 186 der::Input* out_tbs_certificate_tlv, |
| 172 der::Input* out_signature_algorithm_tlv, | 187 der::Input* out_signature_algorithm_tlv, |
| 173 der::BitString* out_signature_value, | 188 der::BitString* out_signature_value, |
| 174 CertErrors* out_errors) { | 189 CertErrors* out_errors) { |
| 175 // TODO(crbug.com/634443): Fill |out_errors| (which may be null) with error | 190 // |out_errors| is optional. But ensure it is non-null for the remainder of |
| 176 // information. | 191 // this function. |
| 192 if (!out_errors) { |
| 193 CertErrors unused_errors; |
| 194 return ParseCertificate(certificate_tlv, out_tbs_certificate_tlv, |
| 195 out_signature_algorithm_tlv, out_signature_value, |
| 196 &unused_errors); |
| 197 } |
| 198 |
| 177 der::Parser parser(certificate_tlv); | 199 der::Parser parser(certificate_tlv); |
| 178 | 200 |
| 179 // Certificate ::= SEQUENCE { | 201 // Certificate ::= SEQUENCE { |
| 180 der::Parser certificate_parser; | 202 der::Parser certificate_parser; |
| 181 if (!parser.ReadSequence(&certificate_parser)) | 203 if (!parser.ReadSequence(&certificate_parser)) { |
| 204 out_errors->AddError(kCertificateNotSequence); |
| 182 return false; | 205 return false; |
| 206 } |
| 183 | 207 |
| 184 // tbsCertificate TBSCertificate, | 208 // tbsCertificate TBSCertificate, |
| 185 if (!ReadSequenceTLV(&certificate_parser, out_tbs_certificate_tlv)) | 209 if (!ReadSequenceTLV(&certificate_parser, out_tbs_certificate_tlv)) { |
| 210 out_errors->AddError(kTbsCertificateNotSequence); |
| 186 return false; | 211 return false; |
| 212 } |
| 187 | 213 |
| 188 // signatureAlgorithm AlgorithmIdentifier, | 214 // signatureAlgorithm AlgorithmIdentifier, |
| 189 if (!ReadSequenceTLV(&certificate_parser, out_signature_algorithm_tlv)) | 215 if (!ReadSequenceTLV(&certificate_parser, out_signature_algorithm_tlv)) { |
| 216 out_errors->AddError(kSignatureAlgorithmNotSequence); |
| 190 return false; | 217 return false; |
| 218 } |
| 191 | 219 |
| 192 // signatureValue BIT STRING } | 220 // signatureValue BIT STRING } |
| 193 if (!certificate_parser.ReadBitString(out_signature_value)) | 221 if (!certificate_parser.ReadBitString(out_signature_value)) { |
| 222 out_errors->AddError(kSignatureValueNotBitString); |
| 194 return false; | 223 return false; |
| 224 } |
| 195 | 225 |
| 196 // There isn't an extension point at the end of Certificate. | 226 // There isn't an extension point at the end of Certificate. |
| 197 if (certificate_parser.HasMore()) | 227 if (certificate_parser.HasMore()) { |
| 228 out_errors->AddError(kUnconsumedDataInsideCertificateSequence); |
| 198 return false; | 229 return false; |
| 230 } |
| 199 | 231 |
| 200 // By definition the input was a single Certificate, so there shouldn't be | 232 // By definition the input was a single Certificate, so there shouldn't be |
| 201 // unconsumed data. | 233 // unconsumed data. |
| 202 if (parser.HasMore()) | 234 if (parser.HasMore()) { |
| 235 out_errors->AddError(kUnconsumedDataAfterCertificateSequence); |
| 203 return false; | 236 return false; |
| 237 } |
| 204 | 238 |
| 205 return true; | 239 return true; |
| 206 } | 240 } |
| 207 | 241 |
| 208 // From RFC 5280 section 4.1: | 242 // From RFC 5280 section 4.1: |
| 209 // | 243 // |
| 210 // TBSCertificate ::= SEQUENCE { | 244 // TBSCertificate ::= SEQUENCE { |
| 211 // version [0] EXPLICIT Version DEFAULT v1, | 245 // version [0] EXPLICIT Version DEFAULT v1, |
| 212 // serialNumber CertificateSerialNumber, | 246 // serialNumber CertificateSerialNumber, |
| 213 // signature AlgorithmIdentifier, | 247 // signature AlgorithmIdentifier, |
| (...skipping 461 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 675 out_ca_issuers_uris->push_back(uri); | 709 out_ca_issuers_uris->push_back(uri); |
| 676 else if (access_method_oid == AdOcspOid()) | 710 else if (access_method_oid == AdOcspOid()) |
| 677 out_ocsp_uris->push_back(uri); | 711 out_ocsp_uris->push_back(uri); |
| 678 } | 712 } |
| 679 } | 713 } |
| 680 | 714 |
| 681 return true; | 715 return true; |
| 682 } | 716 } |
| 683 | 717 |
| 684 } // namespace net | 718 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2337373003:
Add error details to ParseCertificate test data. (Closed)
