Remove ParsedCertificate::unparsed_extensions().

components/cast_certificate/cast_cert_validator.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/cast_certificate/cast_cert_validator.h"
 
 #include <stddef.h>
 #include <stdint.h>
 
 #include <algorithm>
@@ skipping 65 matching lines @@
     // Enforce pathlen constraints and policies defined on the root certificate.
     scoped_refptr<net::TrustAnchor> anchor =
         net::TrustAnchor::CreateFromCertificateWithConstraints(std::move(cert));
     store_.AddTrustAnchor(std::move(anchor));
   }
 
   net::TrustStoreInMemory store_;
   DISALLOW_COPY_AND_ASSIGN(CastTrustStore);
 };
 
-using ExtensionsMap = std::map<net::der::Input, net::ParsedExtension>;
-
-// Helper that looks up an extension by OID given a map of extensions.
-bool GetExtensionValue(const ExtensionsMap& extensions,
-                       const net::der::Input& oid,
-                       net::der::Input* value) {
-  auto it = extensions.find(oid);
-  if (it == extensions.end())
-    return false;
-  *value = it->second.value;
-  return true;
-}
-
 // Returns the OID for the Audio-Only Cast policy
 // (1.3.6.1.4.1.11129.2.5.2) in DER form.
 net::der::Input AudioOnlyPolicyOid() {
   static const uint8_t kAudioOnlyPolicy[] = {0x2B, 0x06, 0x01, 0x04, 0x01,
                                              0xD6, 0x79, 0x02, 0x05, 0x02};
   return net::der::Input(kAudioOnlyPolicy);
 }
 
 // Cast certificates rely on RSASSA-PKCS#1 v1.5 with SHA-1 for signatures.
 //
@@ skipping 84 matching lines @@
     std::unique_ptr<CertVerificationContext>* context,
     CastDeviceCertPolicy* policy) {
   // Get the Key Usage extension.
   if (!cert->has_key_usage())
     return false;
 
   // Ensure Key Usage contains digitalSignature.
   if (!cert->key_usage().AssertsBit(net::KEY_USAGE_BIT_DIGITAL_SIGNATURE))
     return false;
 
-  // Get the Extended Key Usage extension.
-  net::der::Input extension_value;
-  if (!GetExtensionValue(cert->unparsed_extensions(), net::ExtKeyUsageOid(),
-                         &extension_value)) {
-    return false;
-  }
-  std::vector<net::der::Input> ekus;
-  if (!net::ParseEKUExtension(extension_value, &ekus))
-    return false;
-
   // Ensure Extended Key Usage contains client auth.
-  if (!HasClientAuth(ekus))
+  if (!cert->has_extended_key_usage() ||
+      !HasClientAuth(cert->extended_key_usage()))
     return false;
 
   // Check for an optional audio-only policy extension.
   *policy = CastDeviceCertPolicy::NONE;
-  if (GetExtensionValue(cert->unparsed_extensions(),
-                        net::CertificatePoliciesOid(), &extension_value)) {
-    std::vector<net::der::Input> policies;
-    if (!net::ParseCertificatePoliciesExtension(extension_value, &policies))
-      return false;
-
+  if (cert->has_policy_oids()) {
+    const std::vector<net::der::Input>& policies = cert->policy_oids();
     // Look for an audio-only policy. Disregard any other policy found.
     if (std::find(policies.begin(), policies.end(), AudioOnlyPolicyOid()) !=
         policies.end()) {
       *policy = CastDeviceCertPolicy::AUDIO_ONLY;
     }
   }
 
   // Get the Common Name for the certificate.
   std::string common_name;
   if (!GetCommonNameFromSubject(cert->tbs().subject_tlv, &common_name))
@@ skipping 102 matching lines @@
 
 std::unique_ptr<CertVerificationContext> CertVerificationContextImplForTest(
     const base::StringPiece& spki) {
   // Use a bogus CommonName, since this is just exposed for testing signature
   // verification by unittests.
   return base::MakeUnique<CertVerificationContextImpl>(net::der::Input(spki),
                                                        "CommonName");
 }
 
 }  // namespace cast_certificate