1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_
#define NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_
#include <stdint.h>
#include <vector>
#include "base/compiler_specific.h"
#include "net/base/net_export.h"
#include "net/der/input.h"
namespace net {
// Returns the DER-encoded OID, without tag or length, of the anyPolicy
// certificate policy defined in RFC 5280 section 4.2.1.4.
NET_EXPORT const der::Input AnyPolicy();
// From RFC 5280:
//
// id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 }
//
// In dotted notation: 2.5.29.54
NET_EXPORT der::Input InhibitAnyPolicyOid();
// From RFC 5280:
//
// id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }
//
// In dotted notation: 2.5.29.33
NET_EXPORT der::Input PolicyMappingsOid();
// Parses a certificatePolicies extension and stores the policy OIDs in
// |*policies|, in sorted order. If policyQualifiers are present,
// they are ignored. (RFC 5280 section 4.2.1.4 says "optional qualifiers, which
// MAY be present, are not expected to change the definition of the policy.",
// furthermore policyQualifiers do not affect the success or failure of the
// section 6 Certification Path Validation algorithm.)
//
// The returned values is only valid as long as |extension_value| is.
NET_EXPORT bool ParseCertificatePoliciesExtension(
const der::Input& extension_value,
std::vector<der::Input>* policies);
struct ParsedPolicyConstraints {
bool has_require_explicit_policy = false;
uint8_t require_explicit_policy = 0;
bool has_inhibit_policy_mapping = false;
uint8_t inhibit_policy_mapping = 0;
};
// Parses a PolicyConstraints SEQUENCE as defined by RFC 5280. Returns true on
// success, and sets |out|.
NET_EXPORT bool ParsePolicyConstraints(const der::Input& policy_constraints_tlv,
ParsedPolicyConstraints* out)
WARN_UNUSED_RESULT;
// Parses an InhibitAnyPolicy as defined by RFC 5280. Returns true on success,
// and sets |num_certs|.
NET_EXPORT bool ParseInhibitAnyPolicy(const der::Input& inhibit_any_policy_tlv,
uint8_t* num_certs) WARN_UNUSED_RESULT;
struct ParsedPolicyMapping {
der::Input issuer_domain_policy;
der::Input subject_domain_policy;
};
// Parses a PolicyMappings SEQUENCE as defined by RFC 5280. Returns true on
// success, and sets |mappings|.
NET_EXPORT bool ParsePolicyMappings(const der::Input& policy_mappings_tlv,
std::vector<ParsedPolicyMapping>* mappings)
WARN_UNUSED_RESULT;
} // namespace net
#endif // NET_CERT_INTERNAL_CERTIFICATE_POLICIES_H_
|
