Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(158)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/certificate_policies.h

Issue 2870323002: Add parsing for RFC 5280's InhibitAnyPolicy. (Closed)
Patch Set: rebase Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/BUILD.gn ('k') | net/cert/internal/certificate_policies.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ 5 #ifndef NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_
6 #define NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ 6 #define NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_
7 7
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include <vector> 10 #include <vector>
11 11
12 #include "base/compiler_specific.h" 12 #include "base/compiler_specific.h"
13 #include "net/base/net_export.h" 13 #include "net/base/net_export.h"
14 14
15 namespace net { 15 namespace net {
16 16
17 namespace der { 17 namespace der {
18 class Input; 18 class Input;
19 } // namespace der 19 } // namespace der
20 20
21 // Returns the DER-encoded OID, without tag or length, of the anyPolicy 21 // Returns the DER-encoded OID, without tag or length, of the anyPolicy
22 // certificate policy defined in RFC 5280 section 4.2.1.4. 22 // certificate policy defined in RFC 5280 section 4.2.1.4.
23 NET_EXPORT const der::Input AnyPolicy(); 23 NET_EXPORT const der::Input AnyPolicy();
24 24
25 // From RFC 5280:
26 //
27 // id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 }
28 //
29 // In dotted notation: 2.5.29.54
30 NET_EXPORT der::Input InhibitAnyPolicyOid();
31
25 // Parses a certificatePolicies extension and stores the policy OIDs in 32 // Parses a certificatePolicies extension and stores the policy OIDs in
26 // |*policies|, in sorted order. If policyQualifiers are present, 33 // |*policies|, in sorted order. If policyQualifiers are present,
27 // they are ignored. (RFC 5280 section 4.2.1.4 says "optional qualifiers, which 34 // they are ignored. (RFC 5280 section 4.2.1.4 says "optional qualifiers, which
28 // MAY be present, are not expected to change the definition of the policy.", 35 // MAY be present, are not expected to change the definition of the policy.",
29 // furthermore policyQualifiers do not affect the success or failure of the 36 // furthermore policyQualifiers do not affect the success or failure of the
30 // section 6 Certification Path Validation algorithm.) 37 // section 6 Certification Path Validation algorithm.)
31 // 38 //
32 // The returned values is only valid as long as |extension_value| is. 39 // The returned values is only valid as long as |extension_value| is.
33 NET_EXPORT bool ParseCertificatePoliciesExtension( 40 NET_EXPORT bool ParseCertificatePoliciesExtension(
34 const der::Input& extension_value, 41 const der::Input& extension_value,
35 std::vector<der::Input>* policies); 42 std::vector<der::Input>* policies);
36 43
37 struct ParsedPolicyConstraints { 44 struct ParsedPolicyConstraints {
38 bool has_require_explicit_policy = false; 45 bool has_require_explicit_policy = false;
39 uint8_t require_explicit_policy = 0; 46 uint8_t require_explicit_policy = 0;
40 47
41 bool has_inhibit_policy_mapping = false; 48 bool has_inhibit_policy_mapping = false;
42 uint8_t inhibit_policy_mapping = 0; 49 uint8_t inhibit_policy_mapping = 0;
43 }; 50 };
44 51
45 // Parses a PolicyConstraints SEQUENCE as defined by RFC 5280. Returns true on 52 // Parses a PolicyConstraints SEQUENCE as defined by RFC 5280. Returns true on
46 // success, and sets |out|. 53 // success, and sets |out|.
47 NET_EXPORT bool ParsePolicyConstraints(const der::Input& policy_constraints_tlv, 54 NET_EXPORT bool ParsePolicyConstraints(const der::Input& policy_constraints_tlv,
48 ParsedPolicyConstraints* out) 55 ParsedPolicyConstraints* out)
49 WARN_UNUSED_RESULT; 56 WARN_UNUSED_RESULT;
50 57
58 // Parses an InhibitAnyPolicy as defined by RFC 5280. Returns true on success,
59 // and sets |out|.
60 NET_EXPORT bool ParseInhibitAnyPolicy(const der::Input& inhibit_any_policy_tlv,
61 uint8_t* num_certs) WARN_UNUSED_RESULT;
62
51 } // namespace net 63 } // namespace net
52 64
53 #endif // NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ 65 #endif // NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_
OLDNEW
« no previous file with comments | « net/BUILD.gn ('k') | net/cert/internal/certificate_policies.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698