diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-02 16:58:54 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-02 16:58:54 +0000 |
| commit | 8c57720482c0d5909e82b090e1d839fce2d70a82 (patch) | |
| tree | 1e56e384086ff2f078cd39f1cfeafa90bb1e73f4 /net/base/asn1_util.h | |
| parent | 4c14ce487f93032da0ccc0d93ef42dd31303e0e6 (diff) | |
| download | chromium_src-8c57720482c0d5909e82b090e1d839fce2d70a82.zip chromium_src-8c57720482c0d5909e82b090e1d839fce2d70a82.tar.gz chromium_src-8c57720482c0d5909e82b090e1d839fce2d70a82.tar.bz2 | |
net: Add code to extract CRL URLs from X.509 certificates.
This is part of the CRL filter work.
BUG=none
TEST=none
http://codereview.chromium.org/7096014/
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@87619 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/asn1_util.h')
| -rw-r--r-- | net/base/asn1_util.h | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/net/base/asn1_util.h b/net/base/asn1_util.h index 563f6d1..904d7a5 100644 --- a/net/base/asn1_util.h +++ b/net/base/asn1_util.h @@ -6,6 +6,8 @@ #define NET_BASE_ASN1_UTIL_H_ #pragma once +#include <vector> + #include "base/string_piece.h" #include "net/base/net_api.h" @@ -14,7 +16,9 @@ namespace net { namespace asn1 { // These are the DER encodings of the tag byte for ASN.1 objects. +static const unsigned kBOOLEAN = 0x01; static const unsigned kINTEGER = 0x02; +static const unsigned kOCTETSTRING = 0x04; static const unsigned kOID = 0x06; static const unsigned kSEQUENCE = 0x30; @@ -22,6 +26,9 @@ static const unsigned kSEQUENCE = 0x30; static const unsigned kContextSpecific = 0x80; static const unsigned kCompound = 0x20; +// kAny matches any tag value; +static const unsigned kAny = 0x10000; + // ParseElement parses a DER encoded ASN1 element from |in|, requiring that // it have the given |tag_value|. It returns true on success. The following // limitations are imposed: @@ -49,6 +56,19 @@ bool GetElement(base::StringPiece* in, NET_TEST bool ExtractSPKIFromDERCert(base::StringPiece cert, base::StringPiece* spki_out); +// ExtractCRLURLsFromDERCert parses the DER encoded certificate in |cert| and +// extracts the URL of each CRL. On successful return, the elements of +// |urls_out| point into |cert|. +// +// CRLs that only cover a subset of the reasons are omitted as the spec +// requires that at least one CRL be included that covers all reasons. +// +// The nested set of GeneralNames is flattened into a single list because +// having several CRLs with one location is equivalent to having one CRL with +// several locations as far as a CRL filter is concerned. +bool ExtractCRLURLsFromDERCert(base::StringPiece cert, + std::vector<base::StringPiece>* urls_out); + } // namespace asn1 } // namespace net |