net/cert/internal/certificate_policies.cc - Issue 2907523002: Add parsing for RFC 5280's PolicyMappings certificate extension.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/internal/certificate_policies.cc

Issue 2907523002: Add parsing for RFC 5280's PolicyMappings certificate extension. (Closed)

Patch Set: Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/internal/certificate_policies.cc

diff --git a/net/cert/internal/certificate_policies.cc b/net/cert/internal/certificate_policies.cc

index c46f064901c2e705ff69703f1e3587ab57824174..58f2dc99a1959cb472f4d7b0766cd848a141354e 100644

--- a/net/cert/internal/certificate_policies.cc

+++ b/net/cert/internal/certificate_policies.cc

@@ -96,6 +96,16 @@ der::Input InhibitAnyPolicyOid() {

return der::Input(oid);

}

+der::Input PolicyMappingsOid() {

+ // From RFC 5280:

+ //

+ // id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }

+ //

+ // In dotted notation: 2.5.29.33

+ static const uint8_t oid[] = {0x55, 0x1d, 0x21};

+ return der::Input(oid);

// RFC 5280 section 4.2.1.4. Certificate Policies:

// certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation

@@ -269,4 +279,49 @@ bool ParseInhibitAnyPolicy(const der::Input& inhibit_any_policy_tlv,

return true;

}

+// From RFC 5280:

+//

+// PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {

+// issuerDomainPolicy CertPolicyId,

+// subjectDomainPolicy CertPolicyId }

+bool ParsePolicyMappings(const der::Input& policy_mappings_tlv,

+ std::vector<ParsedPolicyMapping>* mappings) {

+ mappings->clear();

+ der::Parser parser(policy_mappings_tlv);

+ // PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {

+ der::Parser sequence_parser;

+ if (!parser.ReadSequence(&sequence_parser))

+ return false;

+ // Must be at least 1 mapping.

+ if (!sequence_parser.HasMore())

+ return false;

+ while (sequence_parser.HasMore()) {

+ der::Parser mapping_parser;

+ if (!sequence_parser.ReadSequence(&mapping_parser))

+ return false;

+ ParsedPolicyMapping mapping;

+ if (!mapping_parser.ReadTag(der::kOid, &mapping.issuer_domain_policy))

+ return false;

+ if (!mapping_parser.ReadTag(der::kOid, &mapping.subject_domain_policy))

+ return false;

+ // There shouldn't be extra unconsumed data.

+ if (mapping_parser.HasMore())

+ return false;

+ mappings->push_back(mapping);

+ }

+ // There shouldn't be extra unconsumed data.

+ if (parser.HasMore())

+ return false;

+ return true;

} // namespace net

« no previous file with comments | « net/cert/internal/certificate_policies.h ('k') | net/cert/internal/parsed_certificate.h » ('j') | no next file with comments »