OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ | 5 #ifndef NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ |
6 #define NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ | 6 #define NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <vector> | 10 #include <vector> |
11 | 11 |
12 #include "base/compiler_specific.h" | 12 #include "base/compiler_specific.h" |
13 #include "net/base/net_export.h" | 13 #include "net/base/net_export.h" |
| 14 #include "net/der/input.h" |
14 | 15 |
15 namespace net { | 16 namespace net { |
16 | 17 |
17 namespace der { | |
18 class Input; | |
19 } // namespace der | |
20 | |
21 // Returns the DER-encoded OID, without tag or length, of the anyPolicy | 18 // Returns the DER-encoded OID, without tag or length, of the anyPolicy |
22 // certificate policy defined in RFC 5280 section 4.2.1.4. | 19 // certificate policy defined in RFC 5280 section 4.2.1.4. |
23 NET_EXPORT const der::Input AnyPolicy(); | 20 NET_EXPORT const der::Input AnyPolicy(); |
24 | 21 |
25 // From RFC 5280: | 22 // From RFC 5280: |
26 // | 23 // |
27 // id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } | 24 // id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } |
28 // | 25 // |
29 // In dotted notation: 2.5.29.54 | 26 // In dotted notation: 2.5.29.54 |
30 NET_EXPORT der::Input InhibitAnyPolicyOid(); | 27 NET_EXPORT der::Input InhibitAnyPolicyOid(); |
31 | 28 |
| 29 // From RFC 5280: |
| 30 // |
| 31 // id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } |
| 32 // |
| 33 // In dotted notation: 2.5.29.33 |
| 34 NET_EXPORT der::Input PolicyMappingsOid(); |
| 35 |
32 // Parses a certificatePolicies extension and stores the policy OIDs in | 36 // Parses a certificatePolicies extension and stores the policy OIDs in |
33 // |*policies|, in sorted order. If policyQualifiers are present, | 37 // |*policies|, in sorted order. If policyQualifiers are present, |
34 // they are ignored. (RFC 5280 section 4.2.1.4 says "optional qualifiers, which | 38 // they are ignored. (RFC 5280 section 4.2.1.4 says "optional qualifiers, which |
35 // MAY be present, are not expected to change the definition of the policy.", | 39 // MAY be present, are not expected to change the definition of the policy.", |
36 // furthermore policyQualifiers do not affect the success or failure of the | 40 // furthermore policyQualifiers do not affect the success or failure of the |
37 // section 6 Certification Path Validation algorithm.) | 41 // section 6 Certification Path Validation algorithm.) |
38 // | 42 // |
39 // The returned values is only valid as long as |extension_value| is. | 43 // The returned values is only valid as long as |extension_value| is. |
40 NET_EXPORT bool ParseCertificatePoliciesExtension( | 44 NET_EXPORT bool ParseCertificatePoliciesExtension( |
41 const der::Input& extension_value, | 45 const der::Input& extension_value, |
42 std::vector<der::Input>* policies); | 46 std::vector<der::Input>* policies); |
43 | 47 |
44 struct ParsedPolicyConstraints { | 48 struct ParsedPolicyConstraints { |
45 bool has_require_explicit_policy = false; | 49 bool has_require_explicit_policy = false; |
46 uint8_t require_explicit_policy = 0; | 50 uint8_t require_explicit_policy = 0; |
47 | 51 |
48 bool has_inhibit_policy_mapping = false; | 52 bool has_inhibit_policy_mapping = false; |
49 uint8_t inhibit_policy_mapping = 0; | 53 uint8_t inhibit_policy_mapping = 0; |
50 }; | 54 }; |
51 | 55 |
52 // Parses a PolicyConstraints SEQUENCE as defined by RFC 5280. Returns true on | 56 // Parses a PolicyConstraints SEQUENCE as defined by RFC 5280. Returns true on |
53 // success, and sets |out|. | 57 // success, and sets |out|. |
54 NET_EXPORT bool ParsePolicyConstraints(const der::Input& policy_constraints_tlv, | 58 NET_EXPORT bool ParsePolicyConstraints(const der::Input& policy_constraints_tlv, |
55 ParsedPolicyConstraints* out) | 59 ParsedPolicyConstraints* out) |
56 WARN_UNUSED_RESULT; | 60 WARN_UNUSED_RESULT; |
57 | 61 |
58 // Parses an InhibitAnyPolicy as defined by RFC 5280. Returns true on success, | 62 // Parses an InhibitAnyPolicy as defined by RFC 5280. Returns true on success, |
59 // and sets |out|. | 63 // and sets |num_certs|. |
60 NET_EXPORT bool ParseInhibitAnyPolicy(const der::Input& inhibit_any_policy_tlv, | 64 NET_EXPORT bool ParseInhibitAnyPolicy(const der::Input& inhibit_any_policy_tlv, |
61 uint8_t* num_certs) WARN_UNUSED_RESULT; | 65 uint8_t* num_certs) WARN_UNUSED_RESULT; |
62 | 66 |
| 67 struct ParsedPolicyMapping { |
| 68 der::Input issuer_domain_policy; |
| 69 der::Input subject_domain_policy; |
| 70 }; |
| 71 |
| 72 // Parses a PolicyMappings SEQUENCE as defined by RFC 5280. Returns true on |
| 73 // success, and sets |mappings|. |
| 74 NET_EXPORT bool ParsePolicyMappings(const der::Input& policy_mappings_tlv, |
| 75 std::vector<ParsedPolicyMapping>* mappings) |
| 76 WARN_UNUSED_RESULT; |
| 77 |
63 } // namespace net | 78 } // namespace net |
64 | 79 |
65 #endif // NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ | 80 #endif // NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ |
OLD | NEW |