OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <algorithm> | 5 #include <algorithm> |
6 | 6 |
7 #include "net/cert/internal/certificate_policies.h" | 7 #include "net/cert/internal/certificate_policies.h" |
8 | 8 |
9 #include "net/der/input.h" | 9 #include "net/der/input.h" |
10 #include "net/der/parse_values.h" | 10 #include "net/der/parse_values.h" |
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
89 der::Input InhibitAnyPolicyOid() { | 89 der::Input InhibitAnyPolicyOid() { |
90 // From RFC 5280: | 90 // From RFC 5280: |
91 // | 91 // |
92 // id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } | 92 // id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } |
93 // | 93 // |
94 // In dotted notation: 2.5.29.54 | 94 // In dotted notation: 2.5.29.54 |
95 static const uint8_t oid[] = {0x55, 0x1d, 0x36}; | 95 static const uint8_t oid[] = {0x55, 0x1d, 0x36}; |
96 return der::Input(oid); | 96 return der::Input(oid); |
97 } | 97 } |
98 | 98 |
| 99 der::Input PolicyMappingsOid() { |
| 100 // From RFC 5280: |
| 101 // |
| 102 // id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } |
| 103 // |
| 104 // In dotted notation: 2.5.29.33 |
| 105 static const uint8_t oid[] = {0x55, 0x1d, 0x21}; |
| 106 return der::Input(oid); |
| 107 } |
| 108 |
99 // RFC 5280 section 4.2.1.4. Certificate Policies: | 109 // RFC 5280 section 4.2.1.4. Certificate Policies: |
100 // | 110 // |
101 // certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation | 111 // certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation |
102 // | 112 // |
103 // PolicyInformation ::= SEQUENCE { | 113 // PolicyInformation ::= SEQUENCE { |
104 // policyIdentifier CertPolicyId, | 114 // policyIdentifier CertPolicyId, |
105 // policyQualifiers SEQUENCE SIZE (1..MAX) OF | 115 // policyQualifiers SEQUENCE SIZE (1..MAX) OF |
106 // PolicyQualifierInfo OPTIONAL } | 116 // PolicyQualifierInfo OPTIONAL } |
107 // | 117 // |
108 // CertPolicyId ::= OBJECT IDENTIFIER | 118 // CertPolicyId ::= OBJECT IDENTIFIER |
(...skipping 153 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
262 if (!parser.ReadUint8(num_certs)) | 272 if (!parser.ReadUint8(num_certs)) |
263 return false; | 273 return false; |
264 | 274 |
265 // There should be no remaining data. | 275 // There should be no remaining data. |
266 if (parser.HasMore()) | 276 if (parser.HasMore()) |
267 return false; | 277 return false; |
268 | 278 |
269 return true; | 279 return true; |
270 } | 280 } |
271 | 281 |
| 282 // From RFC 5280: |
| 283 // |
| 284 // PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { |
| 285 // issuerDomainPolicy CertPolicyId, |
| 286 // subjectDomainPolicy CertPolicyId } |
| 287 bool ParsePolicyMappings(const der::Input& policy_mappings_tlv, |
| 288 std::vector<ParsedPolicyMapping>* mappings) { |
| 289 mappings->clear(); |
| 290 |
| 291 der::Parser parser(policy_mappings_tlv); |
| 292 |
| 293 // PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { |
| 294 der::Parser sequence_parser; |
| 295 if (!parser.ReadSequence(&sequence_parser)) |
| 296 return false; |
| 297 |
| 298 // Must be at least 1 mapping. |
| 299 if (!sequence_parser.HasMore()) |
| 300 return false; |
| 301 |
| 302 while (sequence_parser.HasMore()) { |
| 303 der::Parser mapping_parser; |
| 304 if (!sequence_parser.ReadSequence(&mapping_parser)) |
| 305 return false; |
| 306 |
| 307 ParsedPolicyMapping mapping; |
| 308 if (!mapping_parser.ReadTag(der::kOid, &mapping.issuer_domain_policy)) |
| 309 return false; |
| 310 if (!mapping_parser.ReadTag(der::kOid, &mapping.subject_domain_policy)) |
| 311 return false; |
| 312 |
| 313 // There shouldn't be extra unconsumed data. |
| 314 if (mapping_parser.HasMore()) |
| 315 return false; |
| 316 |
| 317 mappings->push_back(mapping); |
| 318 } |
| 319 |
| 320 // There shouldn't be extra unconsumed data. |
| 321 if (parser.HasMore()) |
| 322 return false; |
| 323 |
| 324 return true; |
| 325 } |
| 326 |
272 } // namespace net | 327 } // namespace net |
OLD | NEW |