net/cert/internal/parse_certificate.cc - Issue 2337373003: Add error details to ParseCertificate test data.

Side by Side Diff: net/cert/internal/parse_certificate.cc

Issue 2337373003: Add error details to ParseCertificate test data. (Closed)

Patch Set: rename Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/internal/parse_certificate.h"	5 #include "net/cert/internal/parse_certificate.h"

6	6

7 #include <utility>	7 #include <utility>

8	8

9 #include "base/strings/string_util.h"	9 #include "base/strings/string_util.h"

	10 #include "net/cert/internal/cert_errors.h"

10 #include "net/der/input.h"	11 #include "net/der/input.h"

11 #include "net/der/parse_values.h"	12 #include "net/der/parse_values.h"

12 #include "net/der/parser.h"	13 #include "net/der/parser.h"

13	14

14 namespace net {	15 namespace net {

15	16

16 namespace {	17 namespace {

17	18

	19 DEFINE_CERT_ERROR_ID(kCertificateNotSequence,

	20 "Failed parsing Certificate SEQUENCE");

	21 DEFINE_CERT_ERROR_ID(kUnconsumedDataInsideCertificateSequence,

	22 "Unconsumed data inside Certificate SEQUENCE");

	23 DEFINE_CERT_ERROR_ID(kUnconsumedDataAfterCertificateSequence,

	24 "Unconsumed data after Certificate SEQUENCE");

	25 DEFINE_CERT_ERROR_ID(kTbsCertificateNotSequence,

	26 "Couldn't read Certificate as SEQUENCE");
	mattm 2016/09/15 01:49:07 TbsCertificate? TbsCertificate? eroman 2016/09/16 01:24:56 Done. Show quoted text On 2016/09/15 01:49:07, mattm wrote: > TbsCertificate? Done.
	27 DEFINE_CERT_ERROR_ID(

	28 kSignatureAlgorithmNotSequence,

	29 "Couldn't read Certificate.signatureAlgorithm as SEQUENCE");

	30 DEFINE_CERT_ERROR_ID(kSignatureValueNotBitString,

	31 "Couldn't read Certificate.signatureValue as BIT STRING");

	32

18 // Returns true if \|input\| is a SEQUENCE and nothing else.	33 // Returns true if \|input\| is a SEQUENCE and nothing else.

19 WARN_UNUSED_RESULT bool IsSequenceTLV(const der::Input& input) {	34 WARN_UNUSED_RESULT bool IsSequenceTLV(const der::Input& input) {

20 der::Parser parser(input);	35 der::Parser parser(input);

21 der::Parser unused_sequence_parser;	36 der::Parser unused_sequence_parser;

22 if (!parser.ReadSequence(&unused_sequence_parser))	37 if (!parser.ReadSequence(&unused_sequence_parser))

23 return false;	38 return false;

24 // Should by a single SEQUENCE by definition of the function.	39 // Should by a single SEQUENCE by definition of the function.

25 return !parser.HasMore();	40 return !parser.HasMore();

26 }	41 }

27	42

(...skipping 137 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
165 return false;	180 return false;

166	181

167 return true;	182 return true;

168 }	183 }

169	184

170 bool ParseCertificate(const der::Input& certificate_tlv,	185 bool ParseCertificate(const der::Input& certificate_tlv,

171 der::Input* out_tbs_certificate_tlv,	186 der::Input* out_tbs_certificate_tlv,

172 der::Input* out_signature_algorithm_tlv,	187 der::Input* out_signature_algorithm_tlv,

173 der::BitString* out_signature_value,	188 der::BitString* out_signature_value,

174 CertErrors* out_errors) {	189 CertErrors* out_errors) {

175 // TODO(crbug.com/634443): Fill \|out_errors\| (which may be null) with error	190 // \|out_errors\| is optional. But ensure it is non-null for the remainder of

176 // information.	191 // this function.

	192 if (!out_errors) {

	193 CertErrors unused_errors;

	194 return ParseCertificate(certificate_tlv, out_tbs_certificate_tlv,

	195 out_signature_algorithm_tlv, out_signature_value,

	196 &unused_errors);

	197 }

	198

177 der::Parser parser(certificate_tlv);	199 der::Parser parser(certificate_tlv);

178	200

179 // Certificate ::= SEQUENCE {	201 // Certificate ::= SEQUENCE {

180 der::Parser certificate_parser;	202 der::Parser certificate_parser;

181 if (!parser.ReadSequence(&certificate_parser))	203 if (!parser.ReadSequence(&certificate_parser)) {

	204 out_errors->AddError(kCertificateNotSequence);

182 return false;	205 return false;

	206 }

183	207

184 // tbsCertificate TBSCertificate,	208 // tbsCertificate TBSCertificate,

185 if (!ReadSequenceTLV(&certificate_parser, out_tbs_certificate_tlv))	209 if (!ReadSequenceTLV(&certificate_parser, out_tbs_certificate_tlv)) {

	210 out_errors->AddError(kTbsCertificateNotSequence);

186 return false;	211 return false;

	212 }

187	213

188 // signatureAlgorithm AlgorithmIdentifier,	214 // signatureAlgorithm AlgorithmIdentifier,

189 if (!ReadSequenceTLV(&certificate_parser, out_signature_algorithm_tlv))	215 if (!ReadSequenceTLV(&certificate_parser, out_signature_algorithm_tlv)) {

	216 out_errors->AddError(kSignatureAlgorithmNotSequence);

190 return false;	217 return false;

	218 }

191	219

192 // signatureValue BIT STRING }	220 // signatureValue BIT STRING }

193 if (!certificate_parser.ReadBitString(out_signature_value))	221 if (!certificate_parser.ReadBitString(out_signature_value)) {

	222 out_errors->AddError(kSignatureValueNotBitString);

194 return false;	223 return false;

	224 }

195	225

196 // There isn't an extension point at the end of Certificate.	226 // There isn't an extension point at the end of Certificate.

197 if (certificate_parser.HasMore())	227 if (certificate_parser.HasMore()) {

	228 out_errors->AddError(kUnconsumedDataInsideCertificateSequence);

198 return false;	229 return false;

	230 }

199	231

200 // By definition the input was a single Certificate, so there shouldn't be	232 // By definition the input was a single Certificate, so there shouldn't be

201 // unconsumed data.	233 // unconsumed data.

202 if (parser.HasMore())	234 if (parser.HasMore()) {

	235 out_errors->AddError(kUnconsumedDataAfterCertificateSequence);

203 return false;	236 return false;

	237 }

204	238

205 return true;	239 return true;

206 }	240 }

207	241

208 // From RFC 5280 section 4.1:	242 // From RFC 5280 section 4.1:

209 //	243 //

210 // TBSCertificate ::= SEQUENCE {	244 // TBSCertificate ::= SEQUENCE {

211 // version [0] EXPLICIT Version DEFAULT v1,	245 // version [0] EXPLICIT Version DEFAULT v1,

212 // serialNumber CertificateSerialNumber,	246 // serialNumber CertificateSerialNumber,

213 // signature AlgorithmIdentifier,	247 // signature AlgorithmIdentifier,

(...skipping 461 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
675 out_ca_issuers_uris->push_back(uri);	709 out_ca_issuers_uris->push_back(uri);

676 else if (access_method_oid == AdOcspOid())	710 else if (access_method_oid == AdOcspOid())

677 out_ocsp_uris->push_back(uri);	711 out_ocsp_uris->push_back(uri);

678 }	712 }

679 }	713 }

680	714

681 return true;	715 return true;

682 }	716 }

683	717

684 } // namespace net	718 } // namespace net

OLD	NEW

« no previous file with comments | « no previous file | net/cert/internal/parse_certificate_unittest.cc » ('j') | net/cert/internal/parse_certificate_unittest.cc » ('J')