Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(119)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/certificate_policies.cc

Issue 2907523002: Add parsing for RFC 5280's PolicyMappings certificate extension. (Closed)
Patch Set: Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/internal/certificate_policies.h ('k') | net/cert/internal/parsed_certificate.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <algorithm> 5 #include <algorithm>
6 6
7 #include "net/cert/internal/certificate_policies.h" 7 #include "net/cert/internal/certificate_policies.h"
8 8
9 #include "net/der/input.h" 9 #include "net/der/input.h"
10 #include "net/der/parse_values.h" 10 #include "net/der/parse_values.h"
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after
89 der::Input InhibitAnyPolicyOid() { 89 der::Input InhibitAnyPolicyOid() {
90 // From RFC 5280: 90 // From RFC 5280:
91 // 91 //
92 // id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } 92 // id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 }
93 // 93 //
94 // In dotted notation: 2.5.29.54 94 // In dotted notation: 2.5.29.54
95 static const uint8_t oid[] = {0x55, 0x1d, 0x36}; 95 static const uint8_t oid[] = {0x55, 0x1d, 0x36};
96 return der::Input(oid); 96 return der::Input(oid);
97 } 97 }
98 98
99 der::Input PolicyMappingsOid() {
100 // From RFC 5280:
101 //
102 // id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }
103 //
104 // In dotted notation: 2.5.29.33
105 static const uint8_t oid[] = {0x55, 0x1d, 0x21};
106 return der::Input(oid);
107 }
108
99 // RFC 5280 section 4.2.1.4. Certificate Policies: 109 // RFC 5280 section 4.2.1.4. Certificate Policies:
100 // 110 //
101 // certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation 111 // certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
102 // 112 //
103 // PolicyInformation ::= SEQUENCE { 113 // PolicyInformation ::= SEQUENCE {
104 // policyIdentifier CertPolicyId, 114 // policyIdentifier CertPolicyId,
105 // policyQualifiers SEQUENCE SIZE (1..MAX) OF 115 // policyQualifiers SEQUENCE SIZE (1..MAX) OF
106 // PolicyQualifierInfo OPTIONAL } 116 // PolicyQualifierInfo OPTIONAL }
107 // 117 //
108 // CertPolicyId ::= OBJECT IDENTIFIER 118 // CertPolicyId ::= OBJECT IDENTIFIER
(...skipping 153 matching lines...) Expand 10 before | Expand all | Expand 10 after
262 if (!parser.ReadUint8(num_certs)) 272 if (!parser.ReadUint8(num_certs))
263 return false; 273 return false;
264 274
265 // There should be no remaining data. 275 // There should be no remaining data.
266 if (parser.HasMore()) 276 if (parser.HasMore())
267 return false; 277 return false;
268 278
269 return true; 279 return true;
270 } 280 }
271 281
282 // From RFC 5280:
283 //
284 // PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
285 // issuerDomainPolicy CertPolicyId,
286 // subjectDomainPolicy CertPolicyId }
287 bool ParsePolicyMappings(const der::Input& policy_mappings_tlv,
288 std::vector<ParsedPolicyMapping>* mappings) {
289 mappings->clear();
290
291 der::Parser parser(policy_mappings_tlv);
292
293 // PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
294 der::Parser sequence_parser;
295 if (!parser.ReadSequence(&sequence_parser))
296 return false;
297
298 // Must be at least 1 mapping.
299 if (!sequence_parser.HasMore())
300 return false;
301
302 while (sequence_parser.HasMore()) {
303 der::Parser mapping_parser;
304 if (!sequence_parser.ReadSequence(&mapping_parser))
305 return false;
306
307 ParsedPolicyMapping mapping;
308 if (!mapping_parser.ReadTag(der::kOid, &mapping.issuer_domain_policy))
309 return false;
310 if (!mapping_parser.ReadTag(der::kOid, &mapping.subject_domain_policy))
311 return false;
312
313 // There shouldn't be extra unconsumed data.
314 if (mapping_parser.HasMore())
315 return false;
316
317 mappings->push_back(mapping);
318 }
319
320 // There shouldn't be extra unconsumed data.
321 if (parser.HasMore())
322 return false;
323
324 return true;
325 }
326
272 } // namespace net 327 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/internal/certificate_policies.h ('k') | net/cert/internal/parsed_certificate.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698