Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(41)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/certificate_policies.h

Issue 2923903002: Reject certificates that contain unknown policy qualifiers if the (Closed)
Patch Set: update ios files Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/BUILD.gn ('k') | net/cert/internal/certificate_policies.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ 5 #ifndef NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_
6 #define NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ 6 #define NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_
7 7
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include <vector> 10 #include <vector>
(...skipping 16 matching lines...) Expand all
27 NET_EXPORT der::Input InhibitAnyPolicyOid(); 27 NET_EXPORT der::Input InhibitAnyPolicyOid();
28 28
29 // From RFC 5280: 29 // From RFC 5280:
30 // 30 //
31 // id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } 31 // id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }
32 // 32 //
33 // In dotted notation: 2.5.29.33 33 // In dotted notation: 2.5.29.33
34 NET_EXPORT der::Input PolicyMappingsOid(); 34 NET_EXPORT der::Input PolicyMappingsOid();
35 35
36 // Parses a certificatePolicies extension and stores the policy OIDs in 36 // Parses a certificatePolicies extension and stores the policy OIDs in
37 // |*policies|, in sorted order. If policyQualifiers are present, 37 // |*policies|, in sorted order.
38 // they are ignored. (RFC 5280 section 4.2.1.4 says "optional qualifiers, which 38 //
39 // MAY be present, are not expected to change the definition of the policy.", 39 // If policyQualifiers for User Notice or CPS are present then they are
40 // furthermore policyQualifiers do not affect the success or failure of the 40 // ignored (RFC 5280 section 4.2.1.4 says "optional qualifiers, which MAY
41 // section 6 Certification Path Validation algorithm.) 41 // be present, are not expected to change the definition of the policy."
42 //
43 // If a policy qualifier other than User Notice/CPS is present, parsing
44 // will fail if |fail_parsing_unknown_qualifier_oids| was set to true,
45 // otherwise the unrecognized qualifiers wil be skipped and not parsed
46 // any further.
42 // 47 //
43 // The returned values is only valid as long as |extension_value| is. 48 // The returned values is only valid as long as |extension_value| is.
44 NET_EXPORT bool ParseCertificatePoliciesExtension( 49 NET_EXPORT bool ParseCertificatePoliciesExtension(
45 const der::Input& extension_value, 50 const der::Input& extension_value,
51 bool fail_parsing_unknown_qualifier_oids,
46 std::vector<der::Input>* policies); 52 std::vector<der::Input>* policies);
47 53
48 struct ParsedPolicyConstraints { 54 struct ParsedPolicyConstraints {
49 bool has_require_explicit_policy = false; 55 bool has_require_explicit_policy = false;
50 uint8_t require_explicit_policy = 0; 56 uint8_t require_explicit_policy = 0;
51 57
52 bool has_inhibit_policy_mapping = false; 58 bool has_inhibit_policy_mapping = false;
53 uint8_t inhibit_policy_mapping = 0; 59 uint8_t inhibit_policy_mapping = 0;
54 }; 60 };
55 61
(...skipping 15 matching lines...) Expand all
71 77
72 // Parses a PolicyMappings SEQUENCE as defined by RFC 5280. Returns true on 78 // Parses a PolicyMappings SEQUENCE as defined by RFC 5280. Returns true on
73 // success, and sets |mappings|. 79 // success, and sets |mappings|.
74 NET_EXPORT bool ParsePolicyMappings(const der::Input& policy_mappings_tlv, 80 NET_EXPORT bool ParsePolicyMappings(const der::Input& policy_mappings_tlv,
75 std::vector<ParsedPolicyMapping>* mappings) 81 std::vector<ParsedPolicyMapping>* mappings)
76 WARN_UNUSED_RESULT; 82 WARN_UNUSED_RESULT;
77 83
78 } // namespace net 84 } // namespace net
79 85
80 #endif // NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_ 86 #endif // NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_
OLDNEW
« no previous file with comments | « net/BUILD.gn ('k') | net/cert/internal/certificate_policies.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698