1 // Copyright 2015 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_CERT_PKI_VERIFY_NAME_MATCH_H_ 6 #define NET_CERT_PKI_VERIFY_NAME_MATCH_H_ 7 8 #include <string> 9 10 #include "net/base/net_export.h" 11 12 namespace net { 13 14 class CertErrors; 15 16 namespace der { 17 class Input; 18 } // namespace der 19 20 // Normalizes DER-encoded X.501 Name |name_rdn_sequence| (which should not 21 // include the Sequence tag). If successful, returns true and stores the 22 // normalized DER-encoded Name into |normalized_rdn_sequence| (not including an 23 // outer Sequence tag). Returns false if there was an error parsing or 24 // normalizing the input, and adds error information to |errors|. |errors| must 25 // be non-null. 26 NET_EXPORT bool NormalizeName(const der::Input& name_rdn_sequence, 27 std::string* normalized_rdn_sequence, 28 CertErrors* errors); 29 30 // Compares DER-encoded X.501 Name values according to RFC 5280 rules. 31 // |a_rdn_sequence| and |b_rdn_sequence| should be the DER-encoded RDNSequence 32 // values (not including the Sequence tag). 33 // Returns true if |a_rdn_sequence| and |b_rdn_sequence| match. 34 NET_EXPORT bool VerifyNameMatch(const der::Input& a_rdn_sequence, 35 const der::Input& b_rdn_sequence); 36 37 // Compares |name_rdn_sequence| and |parent_rdn_sequence| and return true if 38 // |name_rdn_sequence| is within the subtree defined by |parent_rdn_sequence| as 39 // defined by RFC 5280 section 7.1. |name_rdn_sequence| and 40 // |parent_rdn_sequence| should be the DER-encoded sequence values (not 41 // including the Sequence tag). 42 NET_EXPORT bool VerifyNameInSubtree(const der::Input& name_rdn_sequence, 43 const der::Input& parent_rdn_sequence); 44 45 // Helper functions: 46 47 // Checks if |name_rdn_sequence| contains an emailAddress attribute type. 48 // If the return value is true, |*contained_email_address| will be set to 49 // indicate whether an emailAddress attribute was present. 50 // Returns false if there was a parsing error. 51 [[nodiscard]] bool NameContainsEmailAddress(const der::Input& name_rdn_sequence, 52 bool* contained_email_address); 53 54 } // namespace net 55 56 #endif // NET_CERT_PKI_VERIFY_NAME_MATCH_H_ 57