• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2015 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_CERT_PKI_VERIFY_NAME_MATCH_H_
6 #define NET_CERT_PKI_VERIFY_NAME_MATCH_H_
7 
8 #include <string>
9 
10 #include "net/base/net_export.h"
11 
12 namespace net {
13 
14 class CertErrors;
15 
16 namespace der {
17 class Input;
18 }  // namespace der
19 
20 // Normalizes DER-encoded X.501 Name |name_rdn_sequence| (which should not
21 // include the Sequence tag).  If successful, returns true and stores the
22 // normalized DER-encoded Name into |normalized_rdn_sequence| (not including an
23 // outer Sequence tag). Returns false if there was an error parsing or
24 // normalizing the input, and adds error information to |errors|. |errors| must
25 // be non-null.
26 NET_EXPORT bool NormalizeName(const der::Input& name_rdn_sequence,
27                               std::string* normalized_rdn_sequence,
28                               CertErrors* errors);
29 
30 // Compares DER-encoded X.501 Name values according to RFC 5280 rules.
31 // |a_rdn_sequence| and |b_rdn_sequence| should be the DER-encoded RDNSequence
32 // values (not including the Sequence tag).
33 // Returns true if |a_rdn_sequence| and |b_rdn_sequence| match.
34 NET_EXPORT bool VerifyNameMatch(const der::Input& a_rdn_sequence,
35                                 const der::Input& b_rdn_sequence);
36 
37 // Compares |name_rdn_sequence| and |parent_rdn_sequence| and return true if
38 // |name_rdn_sequence| is within the subtree defined by |parent_rdn_sequence| as
39 // defined by RFC 5280 section 7.1. |name_rdn_sequence| and
40 // |parent_rdn_sequence| should be the DER-encoded sequence values (not
41 // including the Sequence tag).
42 NET_EXPORT bool VerifyNameInSubtree(const der::Input& name_rdn_sequence,
43                                     const der::Input& parent_rdn_sequence);
44 
45 // Helper functions:
46 
47 // Checks if |name_rdn_sequence| contains an emailAddress attribute type.
48 // If the return value is true, |*contained_email_address| will be set to
49 // indicate whether an emailAddress attribute was present.
50 // Returns false if there was a parsing error.
51 [[nodiscard]] bool NameContainsEmailAddress(const der::Input& name_rdn_sequence,
52                                             bool* contained_email_address);
53 
54 }  // namespace net
55 
56 #endif  // NET_CERT_PKI_VERIFY_NAME_MATCH_H_
57