chromium/net/cert/pki/general_names.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef NET_CERT_PKI_GENERAL_NAMES_H_
#define NET_CERT_PKI_GENERAL_NAMES_H_

#include <memory>
#include <vector>

#include "base/strings/string_piece_forward.h"
#include "net/base/ip_address.h"
#include "net/base/net_export.h"
#include "net/cert/pki/cert_error_id.h"

namespace net {

class CertErrors;

NET_EXPORT extern const CertErrorId kFailedParsingGeneralName;

namespace der {
class Input;
}  // namespace der

// Bitfield values for the GeneralName types defined in RFC 5280. The ordering
// and exact values are not important, but match the order from the RFC for
// convenience.
enum GeneralNameTypes {
  GENERAL_NAME_NONE = 0,
  GENERAL_NAME_OTHER_NAME = 1 << 0,
  GENERAL_NAME_RFC822_NAME = 1 << 1,
  GENERAL_NAME_DNS_NAME = 1 << 2,
  GENERAL_NAME_X400_ADDRESS = 1 << 3,
  GENERAL_NAME_DIRECTORY_NAME = 1 << 4,
  GENERAL_NAME_EDI_PARTY_NAME = 1 << 5,
  GENERAL_NAME_UNIFORM_RESOURCE_IDENTIFIER = 1 << 6,
  GENERAL_NAME_IP_ADDRESS = 1 << 7,
  GENERAL_NAME_REGISTERED_ID = 1 << 8,
  GENERAL_NAME_ALL_TYPES = (1 << 9) - 1,
};

// Represents a GeneralNames structure. When processing GeneralNames, it is
// often necessary to know which types of names were present, and to check
// all the names of a certain type. Therefore, a bitfield of all the name
// types is kept, and the names are split into members for each type.
struct NET_EXPORT GeneralNames {
  // Controls parsing of iPAddress names in ParseGeneralName.
  // IP_ADDRESS_ONLY parses the iPAddress names as a 4 or 16 byte IP address.
  // IP_ADDRESS_AND_NETMASK parses the iPAddress names as 8 or 32 bytes
  // containing an IP address followed by a netmask.
  enum ParseGeneralNameIPAddressType {
    IP_ADDRESS_ONLY,
    IP_ADDRESS_AND_NETMASK,
  };

  GeneralNames();
  ~GeneralNames();

  // Create a GeneralNames object representing the DER-encoded
  // |general_names_tlv|. The returned object may reference data from
  // |general_names_tlv|, so is only valid as long as |general_names_tlv| is.
  // Returns nullptr on failure, and may fill |errors| with
  // additional information. |errors| must be non-null.
  static std::unique_ptr<GeneralNames> Create(
      const der::Input& general_names_tlv,
      CertErrors* errors);

  // As above, but takes the GeneralNames sequence value, without the tag and
  // length.
  static std::unique_ptr<GeneralNames> CreateFromValue(
      const der::Input& general_names_value,
      CertErrors* errors);

  // DER-encoded OtherName values.
  std::vector<der::Input> other_names;

  // ASCII rfc822names.
  std::vector<base::StringPiece> rfc822_names;

  // ASCII hostnames.
  std::vector<base::StringPiece> dns_names;

  // DER-encoded ORAddress values.
  std::vector<der::Input> x400_addresses;

  // DER-encoded Name values (not including the Sequence tag).
  std::vector<der::Input> directory_names;

  // DER-encoded EDIPartyName values.
  std::vector<der::Input> edi_party_names;

  // ASCII URIs.
  std::vector<base::StringPiece> uniform_resource_identifiers;

  // iPAddresses as sequences of octets in network byte order. This will be
  // populated if the GeneralNames represents a Subject Alternative Name.
  std::vector<IPAddress> ip_addresses;

  // iPAddress ranges, as <IP, prefix length> pairs. This will be populated
  // if the GeneralNames represents a Name Constraints.
  std::vector<std::pair<IPAddress, unsigned>> ip_address_ranges;

  // DER-encoded OBJECT IDENTIFIERs.
  std::vector<der::Input> registered_ids;

  // Which name types were present, as a bitfield of GeneralNameTypes.
  int present_name_types = GENERAL_NAME_NONE;
};

// Parses a GeneralName value and adds it to |subtrees|.
// |ip_address_type| specifies how to parse iPAddress names.
// Returns false on failure, and may fill |errors| with additional information.
// |errors| must be non-null.
// TODO(mattm): should this be a method on GeneralNames?
[[nodiscard]] NET_EXPORT bool ParseGeneralName(
    const der::Input& input,
    GeneralNames::ParseGeneralNameIPAddressType ip_address_type,
    GeneralNames* subtrees,
    CertErrors* errors);

}  // namespace net

#endif  // NET_CERT_PKI_GENERAL_NAMES_H_