Roll src/third_party/skia 89d5988:cb67414
[chromium-blink-merge.git] / net / cert / asn1_util.h
blobfdd765d8ed8a8e85e88d56766186f7fa9ff1bcaf
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_CERT_ASN1_UTIL_H_
6 #define NET_CERT_ASN1_UTIL_H_
8 #include <vector>
10 #include "base/strings/string_piece.h"
11 #include "net/base/net_export.h"
13 namespace net {
15 namespace asn1 {
17 // These are the DER encodings of the tag byte for ASN.1 objects.
18 static const unsigned kBOOLEAN = 0x01;
19 static const unsigned kINTEGER = 0x02;
20 static const unsigned kBITSTRING = 0x03;
21 static const unsigned kOCTETSTRING = 0x04;
22 static const unsigned kOID = 0x06;
23 static const unsigned kENUMERATED = 0x0A;
24 static const unsigned kSEQUENCE = 0x30;
26 // These are flags that can be ORed with the above tag numbers.
27 static const unsigned kContextSpecific = 0x80;
28 static const unsigned kConstructed = 0x20;
30 // kAny matches any tag value;
31 static const unsigned kAny = 0x10000;
32 // kOptional denotes an optional element.
33 static const unsigned kOptional = 0x20000;
35 // ParseElement parses a DER encoded ASN1 element from |in|, requiring that
36 // it have the given |tag_value|. It returns true on success. The following
37 // limitations are imposed:
38 // 1) tag numbers > 31 are not permitted.
39 // 2) lengths > 65535 are not permitted.
40 // On successful return:
41 // |in| is advanced over the element
42 // |out| contains the element, including the tag and length bytes.
43 // |out_header_len| contains the length of the tag and length bytes in |out|.
45 // If |tag_value & kOptional| is true then *out_header_len can be zero after a
46 // true return value if the element was not found.
47 bool ParseElement(base::StringPiece* in,
48 unsigned tag_value,
49 base::StringPiece* out,
50 unsigned *out_header_len);
52 // GetElement performs the same actions as ParseElement, except that the header
53 // bytes are not included in the output.
55 // If |tag_value & kOptional| is true then this function cannot distinguish
56 // between a missing optional element and an empty one.
57 NET_EXPORT_PRIVATE bool GetElement(base::StringPiece* in,
58 unsigned tag_value,
59 base::StringPiece* out);
61 // ExtractSPKIFromDERCert parses the DER encoded certificate in |cert| and
62 // extracts the bytes of the SubjectPublicKeyInfo. On successful return,
63 // |spki_out| is set to contain the SPKI, pointing into |cert|.
64 NET_EXPORT_PRIVATE bool ExtractSPKIFromDERCert(base::StringPiece cert,
65 base::StringPiece* spki_out);
67 // ExtractSubjectPublicKeyFromSPKI parses the DER encoded SubjectPublicKeyInfo
68 // in |spki| and extracts the bytes of the SubjectPublicKey. On successful
69 // return, |spk_out| is set to contain the public key, pointing into |spki|.
70 NET_EXPORT_PRIVATE bool ExtractSubjectPublicKeyFromSPKI(
71 base::StringPiece spki,
72 base::StringPiece* spk_out);
74 // ExtractCRLURLsFromDERCert parses the DER encoded certificate in |cert| and
75 // extracts the URL of each CRL. On successful return, the elements of
76 // |urls_out| point into |cert|.
78 // CRLs that only cover a subset of the reasons are omitted as the spec
79 // requires that at least one CRL be included that covers all reasons.
81 // CRLs that use an alternative issuer are also omitted.
83 // The nested set of GeneralNames is flattened into a single list because
84 // having several CRLs with one location is equivalent to having one CRL with
85 // several locations as far as a CRL filter is concerned.
86 NET_EXPORT_PRIVATE bool ExtractCRLURLsFromDERCert(
87 base::StringPiece cert,
88 std::vector<base::StringPiece>* urls_out);
90 } // namespace asn1
92 } // namespace net
94 #endif // NET_CERT_ASN1_UTIL_H_