OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ | 5 #ifndef NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ |
6 #define NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ | 6 #define NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <vector> | 10 #include <vector> |
11 | 11 |
12 #include "base/compiler_specific.h" | 12 #include "base/compiler_specific.h" |
13 #include "net/base/net_export.h" | 13 #include "net/base/net_export.h" |
14 | 14 |
15 namespace net { | 15 namespace net { |
16 | 16 |
17 namespace der { | 17 namespace der { |
18 class Input; | 18 class Input; |
19 } // namespace der | 19 } // namespace der |
20 | 20 |
21 // Returns the DER-encoded OID, without tag or length, of the anyPolicy | 21 // Returns the DER-encoded OID, without tag or length, of the anyPolicy |
22 // certificate policy defined in RFC 5280 section 4.2.1.4. | 22 // certificate policy defined in RFC 5280 section 4.2.1.4. |
23 NET_EXPORT const der::Input AnyPolicy(); | 23 NET_EXPORT const der::Input AnyPolicy(); |
24 | 24 |
| 25 // From RFC 5280: |
| 26 // |
| 27 // id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } |
| 28 // |
| 29 // In dotted notation: 2.5.29.54 |
| 30 NET_EXPORT der::Input InhibitAnyPolicyOid(); |
| 31 |
25 // Parses a certificatePolicies extension and stores the policy OIDs in | 32 // Parses a certificatePolicies extension and stores the policy OIDs in |
26 // |*policies|, in sorted order. If policyQualifiers are present, | 33 // |*policies|, in sorted order. If policyQualifiers are present, |
27 // they are ignored. (RFC 5280 section 4.2.1.4 says "optional qualifiers, which | 34 // they are ignored. (RFC 5280 section 4.2.1.4 says "optional qualifiers, which |
28 // MAY be present, are not expected to change the definition of the policy.", | 35 // MAY be present, are not expected to change the definition of the policy.", |
29 // furthermore policyQualifiers do not affect the success or failure of the | 36 // furthermore policyQualifiers do not affect the success or failure of the |
30 // section 6 Certification Path Validation algorithm.) | 37 // section 6 Certification Path Validation algorithm.) |
31 // | 38 // |
32 // The returned values is only valid as long as |extension_value| is. | 39 // The returned values is only valid as long as |extension_value| is. |
33 NET_EXPORT bool ParseCertificatePoliciesExtension( | 40 NET_EXPORT bool ParseCertificatePoliciesExtension( |
34 const der::Input& extension_value, | 41 const der::Input& extension_value, |
35 std::vector<der::Input>* policies); | 42 std::vector<der::Input>* policies); |
36 | 43 |
37 struct ParsedPolicyConstraints { | 44 struct ParsedPolicyConstraints { |
38 bool has_require_explicit_policy = false; | 45 bool has_require_explicit_policy = false; |
39 uint8_t require_explicit_policy = 0; | 46 uint8_t require_explicit_policy = 0; |
40 | 47 |
41 bool has_inhibit_policy_mapping = false; | 48 bool has_inhibit_policy_mapping = false; |
42 uint8_t inhibit_policy_mapping = 0; | 49 uint8_t inhibit_policy_mapping = 0; |
43 }; | 50 }; |
44 | 51 |
45 // Parses a PolicyConstraints SEQUENCE as defined by RFC 5280. Returns true on | 52 // Parses a PolicyConstraints SEQUENCE as defined by RFC 5280. Returns true on |
46 // success, and sets |out|. | 53 // success, and sets |out|. |
47 NET_EXPORT bool ParsePolicyConstraints(const der::Input& policy_constraints_tlv, | 54 NET_EXPORT bool ParsePolicyConstraints(const der::Input& policy_constraints_tlv, |
48 ParsedPolicyConstraints* out) | 55 ParsedPolicyConstraints* out) |
49 WARN_UNUSED_RESULT; | 56 WARN_UNUSED_RESULT; |
50 | 57 |
| 58 // Parses an InhibitAnyPolicy as defined by RFC 5280. Returns true on success, |
| 59 // and sets |out|. |
| 60 NET_EXPORT bool ParseInhibitAnyPolicy(const der::Input& inhibit_any_policy_tlv, |
| 61 uint8_t* num_certs) WARN_UNUSED_RESULT; |
| 62 |
51 } // namespace net | 63 } // namespace net |
52 | 64 |
53 #endif // NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ | 65 #endif // NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ |
OLD | NEW |