• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2017 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_CERT_PKI_GENERAL_NAMES_H_
6 #define NET_CERT_PKI_GENERAL_NAMES_H_
7 
8 #include <memory>
9 #include <vector>
10 
11 #include "net/base/ip_address.h"
12 #include "net/base/net_export.h"
13 #include "net/cert/pki/cert_error_id.h"
14 
15 namespace net {
16 
17 class CertErrors;
18 
19 NET_EXPORT extern const CertErrorId kFailedParsingGeneralName;
20 
21 namespace der {
22 class Input;
23 }  // namespace der
24 
25 // Bitfield values for the GeneralName types defined in RFC 5280. The ordering
26 // and exact values are not important, but match the order from the RFC for
27 // convenience.
28 enum GeneralNameTypes {
29   GENERAL_NAME_NONE = 0,
30   GENERAL_NAME_OTHER_NAME = 1 << 0,
31   GENERAL_NAME_RFC822_NAME = 1 << 1,
32   GENERAL_NAME_DNS_NAME = 1 << 2,
33   GENERAL_NAME_X400_ADDRESS = 1 << 3,
34   GENERAL_NAME_DIRECTORY_NAME = 1 << 4,
35   GENERAL_NAME_EDI_PARTY_NAME = 1 << 5,
36   GENERAL_NAME_UNIFORM_RESOURCE_IDENTIFIER = 1 << 6,
37   GENERAL_NAME_IP_ADDRESS = 1 << 7,
38   GENERAL_NAME_REGISTERED_ID = 1 << 8,
39   GENERAL_NAME_ALL_TYPES = (1 << 9) - 1,
40 };
41 
42 // Represents a GeneralNames structure. When processing GeneralNames, it is
43 // often necessary to know which types of names were present, and to check
44 // all the names of a certain type. Therefore, a bitfield of all the name
45 // types is kept, and the names are split into members for each type.
46 struct NET_EXPORT GeneralNames {
47   // Controls parsing of iPAddress names in ParseGeneralName.
48   // IP_ADDRESS_ONLY parses the iPAddress names as a 4 or 16 byte IP address.
49   // IP_ADDRESS_AND_NETMASK parses the iPAddress names as 8 or 32 bytes
50   // containing an IP address followed by a netmask.
51   enum ParseGeneralNameIPAddressType {
52     IP_ADDRESS_ONLY,
53     IP_ADDRESS_AND_NETMASK,
54   };
55 
56   GeneralNames();
57   ~GeneralNames();
58 
59   // Create a GeneralNames object representing the DER-encoded
60   // |general_names_tlv|. The returned object may reference data from
61   // |general_names_tlv|, so is only valid as long as |general_names_tlv| is.
62   // Returns nullptr on failure, and may fill |errors| with
63   // additional information. |errors| must be non-null.
64   static std::unique_ptr<GeneralNames> Create(
65       const der::Input& general_names_tlv,
66       CertErrors* errors);
67 
68   // As above, but takes the GeneralNames sequence value, without the tag and
69   // length.
70   static std::unique_ptr<GeneralNames> CreateFromValue(
71       const der::Input& general_names_value,
72       CertErrors* errors);
73 
74   // DER-encoded OtherName values.
75   std::vector<der::Input> other_names;
76 
77   // ASCII rfc822names.
78   std::vector<std::string_view> rfc822_names;
79 
80   // ASCII hostnames.
81   std::vector<std::string_view> dns_names;
82 
83   // DER-encoded ORAddress values.
84   std::vector<der::Input> x400_addresses;
85 
86   // DER-encoded Name values (not including the Sequence tag).
87   std::vector<der::Input> directory_names;
88 
89   // DER-encoded EDIPartyName values.
90   std::vector<der::Input> edi_party_names;
91 
92   // ASCII URIs.
93   std::vector<std::string_view> uniform_resource_identifiers;
94 
95   // iPAddresses as sequences of octets in network byte order. This will be
96   // populated if the GeneralNames represents a Subject Alternative Name.
97   std::vector<IPAddress> ip_addresses;
98 
99   // iPAddress ranges, as <IP, prefix length> pairs. This will be populated
100   // if the GeneralNames represents a Name Constraints.
101   std::vector<std::pair<IPAddress, unsigned>> ip_address_ranges;
102 
103   // DER-encoded OBJECT IDENTIFIERs.
104   std::vector<der::Input> registered_ids;
105 
106   // Which name types were present, as a bitfield of GeneralNameTypes.
107   int present_name_types = GENERAL_NAME_NONE;
108 };
109 
110 // Parses a GeneralName value and adds it to |subtrees|.
111 // |ip_address_type| specifies how to parse iPAddress names.
112 // Returns false on failure, and may fill |errors| with additional information.
113 // |errors| must be non-null.
114 // TODO(mattm): should this be a method on GeneralNames?
115 [[nodiscard]] NET_EXPORT bool ParseGeneralName(
116     const der::Input& input,
117     GeneralNames::ParseGeneralNameIPAddressType ip_address_type,
118     GeneralNames* subtrees,
119     CertErrors* errors);
120 
121 }  // namespace net
122 
123 #endif  // NET_CERT_PKI_GENERAL_NAMES_H_
124