• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2015 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef BSSL_PKI_VERIFY_NAME_MATCH_H_
6 #define BSSL_PKI_VERIFY_NAME_MATCH_H_
7 
8 #include "fillins/openssl_util.h"
9 #include <string>
10 #include <vector>
11 
12 
13 
14 namespace bssl {
15 
16 class CertErrors;
17 
18 namespace der {
19 class Input;
20 }  // namespace der
21 
22 // Normalizes DER-encoded X.501 Name |name_rdn_sequence| (which should not
23 // include the Sequence tag).  If successful, returns true and stores the
24 // normalized DER-encoded Name into |normalized_rdn_sequence| (not including an
25 // outer Sequence tag). Returns false if there was an error parsing or
26 // normalizing the input, and adds error information to |errors|. |errors| must
27 // be non-null.
28 OPENSSL_EXPORT bool NormalizeName(const der::Input& name_rdn_sequence,
29                               std::string* normalized_rdn_sequence,
30                               CertErrors* errors);
31 
32 // Compares DER-encoded X.501 Name values according to RFC 5280 rules.
33 // |a_rdn_sequence| and |b_rdn_sequence| should be the DER-encoded RDNSequence
34 // values (not including the Sequence tag).
35 // Returns true if |a_rdn_sequence| and |b_rdn_sequence| match.
36 OPENSSL_EXPORT bool VerifyNameMatch(const der::Input& a_rdn_sequence,
37                                 const der::Input& b_rdn_sequence);
38 
39 // Compares |name_rdn_sequence| and |parent_rdn_sequence| and return true if
40 // |name_rdn_sequence| is within the subtree defined by |parent_rdn_sequence| as
41 // defined by RFC 5280 section 7.1. |name_rdn_sequence| and
42 // |parent_rdn_sequence| should be the DER-encoded sequence values (not
43 // including the Sequence tag).
44 OPENSSL_EXPORT bool VerifyNameInSubtree(const der::Input& name_rdn_sequence,
45                                     const der::Input& parent_rdn_sequence);
46 
47 // Helper functions:
48 
49 // Find all emailAddress attribute values in |name_rdn_sequence|.
50 // Returns true if parsing was successful, in which case
51 // |*contained_email_address| will contain zero or more values.  The values
52 // returned in |*contained_email_addresses| will be UTF8 strings and have been
53 // checked that they were valid strings for the string type of the attribute
54 // tag, but otherwise have not been validated.
55 // Returns false if there was a parsing error.
56 [[nodiscard]] bool FindEmailAddressesInName(
57     const der::Input& name_rdn_sequence,
58     std::vector<std::string>* contained_email_addresses);
59 
60 }  // namespace net
61 
62 #endif  // BSSL_PKI_VERIFY_NAME_MATCH_H_
63