| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ | 5 #ifndef NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ |
| 6 #define NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ | 6 #define NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <vector> | 10 #include <vector> |
| 11 | 11 |
| 12 #include "base/compiler_specific.h" | 12 #include "base/compiler_specific.h" |
| 13 #include "net/base/net_export.h" | 13 #include "net/base/net_export.h" |
| 14 #include "net/der/input.h" |
| 14 | 15 |
| 15 namespace net { | 16 namespace net { |
| 16 | 17 |
| 17 namespace der { | |
| 18 class Input; | |
| 19 } // namespace der | |
| 20 | |
| 21 // Returns the DER-encoded OID, without tag or length, of the anyPolicy | 18 // Returns the DER-encoded OID, without tag or length, of the anyPolicy |
| 22 // certificate policy defined in RFC 5280 section 4.2.1.4. | 19 // certificate policy defined in RFC 5280 section 4.2.1.4. |
| 23 NET_EXPORT const der::Input AnyPolicy(); | 20 NET_EXPORT const der::Input AnyPolicy(); |
| 24 | 21 |
| 25 // From RFC 5280: | 22 // From RFC 5280: |
| 26 // | 23 // |
| 27 // id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } | 24 // id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } |
| 28 // | 25 // |
| 29 // In dotted notation: 2.5.29.54 | 26 // In dotted notation: 2.5.29.54 |
| 30 NET_EXPORT der::Input InhibitAnyPolicyOid(); | 27 NET_EXPORT der::Input InhibitAnyPolicyOid(); |
| 31 | 28 |
| 29 // From RFC 5280: |
| 30 // |
| 31 // id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } |
| 32 // |
| 33 // In dotted notation: 2.5.29.33 |
| 34 NET_EXPORT der::Input PolicyMappingsOid(); |
| 35 |
| 32 // Parses a certificatePolicies extension and stores the policy OIDs in | 36 // Parses a certificatePolicies extension and stores the policy OIDs in |
| 33 // |*policies|, in sorted order. If policyQualifiers are present, | 37 // |*policies|, in sorted order. If policyQualifiers are present, |
| 34 // they are ignored. (RFC 5280 section 4.2.1.4 says "optional qualifiers, which | 38 // they are ignored. (RFC 5280 section 4.2.1.4 says "optional qualifiers, which |
| 35 // MAY be present, are not expected to change the definition of the policy.", | 39 // MAY be present, are not expected to change the definition of the policy.", |
| 36 // furthermore policyQualifiers do not affect the success or failure of the | 40 // furthermore policyQualifiers do not affect the success or failure of the |
| 37 // section 6 Certification Path Validation algorithm.) | 41 // section 6 Certification Path Validation algorithm.) |
| 38 // | 42 // |
| 39 // The returned values is only valid as long as |extension_value| is. | 43 // The returned values is only valid as long as |extension_value| is. |
| 40 NET_EXPORT bool ParseCertificatePoliciesExtension( | 44 NET_EXPORT bool ParseCertificatePoliciesExtension( |
| 41 const der::Input& extension_value, | 45 const der::Input& extension_value, |
| 42 std::vector<der::Input>* policies); | 46 std::vector<der::Input>* policies); |
| 43 | 47 |
| 44 struct ParsedPolicyConstraints { | 48 struct ParsedPolicyConstraints { |
| 45 bool has_require_explicit_policy = false; | 49 bool has_require_explicit_policy = false; |
| 46 uint8_t require_explicit_policy = 0; | 50 uint8_t require_explicit_policy = 0; |
| 47 | 51 |
| 48 bool has_inhibit_policy_mapping = false; | 52 bool has_inhibit_policy_mapping = false; |
| 49 uint8_t inhibit_policy_mapping = 0; | 53 uint8_t inhibit_policy_mapping = 0; |
| 50 }; | 54 }; |
| 51 | 55 |
| 52 // Parses a PolicyConstraints SEQUENCE as defined by RFC 5280. Returns true on | 56 // Parses a PolicyConstraints SEQUENCE as defined by RFC 5280. Returns true on |
| 53 // success, and sets |out|. | 57 // success, and sets |out|. |
| 54 NET_EXPORT bool ParsePolicyConstraints(const der::Input& policy_constraints_tlv, | 58 NET_EXPORT bool ParsePolicyConstraints(const der::Input& policy_constraints_tlv, |
| 55 ParsedPolicyConstraints* out) | 59 ParsedPolicyConstraints* out) |
| 56 WARN_UNUSED_RESULT; | 60 WARN_UNUSED_RESULT; |
| 57 | 61 |
| 58 // Parses an InhibitAnyPolicy as defined by RFC 5280. Returns true on success, | 62 // Parses an InhibitAnyPolicy as defined by RFC 5280. Returns true on success, |
| 59 // and sets |out|. | 63 // and sets |num_certs|. |
| 60 NET_EXPORT bool ParseInhibitAnyPolicy(const der::Input& inhibit_any_policy_tlv, | 64 NET_EXPORT bool ParseInhibitAnyPolicy(const der::Input& inhibit_any_policy_tlv, |
| 61 uint8_t* num_certs) WARN_UNUSED_RESULT; | 65 uint8_t* num_certs) WARN_UNUSED_RESULT; |
| 62 | 66 |
| 67 struct ParsedPolicyMapping { |
| 68 der::Input issuer_domain_policy; |
| 69 der::Input subject_domain_policy; |
| 70 }; |
| 71 |
| 72 // Parses a PolicyMappings SEQUENCE as defined by RFC 5280. Returns true on |
| 73 // success, and sets |mappings|. |
| 74 NET_EXPORT bool ParsePolicyMappings(const der::Input& policy_mappings_tlv, |
| 75 std::vector<ParsedPolicyMapping>* mappings) |
| 76 WARN_UNUSED_RESULT; |
| 77 |
| 63 } // namespace net | 78 } // namespace net |
| 64 | 79 |
| 65 #endif // NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ | 80 #endif // NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2907523002:
Add parsing for RFC 5280's PolicyMappings certificate extension. (Closed)
