| // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "net/base/asn1_util.h" |
| |
| namespace net { |
| |
| namespace asn1 { |
| |
| bool ParseElement(base::StringPiece* in, |
| unsigned tag_value, |
| base::StringPiece* out, |
| unsigned *out_header_len) { |
| const uint8* data = reinterpret_cast<const uint8*>(in->data()); |
| |
| if (in->size() < 2) |
| return false; |
| |
| if (static_cast<unsigned char>(data[0]) != tag_value) |
| return false; |
| |
| size_t len = 0; |
| if ((data[1] & 0x80) == 0) { |
| // short form length |
| if (out_header_len) |
| *out_header_len = 2; |
| len = static_cast<size_t>(data[1]) + 2; |
| } else { |
| // long form length |
| const unsigned num_bytes = data[1] & 0x7f; |
| if (num_bytes == 0 || num_bytes > 2) |
| return false; |
| if (in->size() < 2 + num_bytes) |
| return false; |
| len = data[2]; |
| if (num_bytes == 2) { |
| if (len == 0) { |
| // the length encoding must be minimal. |
| return false; |
| } |
| len <<= 8; |
| len += data[3]; |
| } |
| if (len < 128) { |
| // the length should have been encoded in short form. This distinguishes |
| // DER from BER encoding. |
| return false; |
| } |
| if (out_header_len) |
| *out_header_len = 2 + num_bytes; |
| len += 2 + num_bytes; |
| } |
| |
| if (in->size() < len) |
| return false; |
| if (out) |
| *out = base::StringPiece(in->data(), len); |
| in->remove_prefix(len); |
| return true; |
| } |
| |
| bool GetElement(base::StringPiece* in, |
| unsigned tag_value, |
| base::StringPiece* out) { |
| unsigned header_len; |
| if (!ParseElement(in, tag_value, out, &header_len)) |
| return false; |
| if (out) |
| out->remove_prefix(header_len); |
| return true; |
| } |
| |
| bool ExtractSPKIFromDERCert(base::StringPiece cert, |
| base::StringPiece* spki_out) { |
| // From RFC 5280, section 4.1 |
| // Certificate ::= SEQUENCE { |
| // tbsCertificate TBSCertificate, |
| // signatureAlgorithm AlgorithmIdentifier, |
| // signatureValue BIT STRING } |
| |
| // TBSCertificate ::= SEQUENCE { |
| // version [0] EXPLICIT Version DEFAULT v1, |
| // serialNumber CertificateSerialNumber, |
| // signature AlgorithmIdentifier, |
| // issuer Name, |
| // validity Validity, |
| // subject Name, |
| // subjectPublicKeyInfo SubjectPublicKeyInfo, |
| |
| base::StringPiece certificate; |
| if (!asn1::GetElement(&cert, asn1::kSEQUENCE, &certificate)) |
| return false; |
| |
| base::StringPiece tbs_certificate; |
| if (!asn1::GetElement(&certificate, asn1::kSEQUENCE, &tbs_certificate)) |
| return false; |
| |
| // The version is optional, so a failure to parse it is fine. |
| asn1::GetElement(&tbs_certificate, |
| asn1::kCompound | asn1::kContextSpecific | 0, |
| NULL); |
| |
| // serialNumber |
| if (!asn1::GetElement(&tbs_certificate, asn1::kINTEGER, NULL)) |
| return false; |
| // signature |
| if (!asn1::GetElement(&tbs_certificate, asn1::kSEQUENCE, NULL)) |
| return false; |
| // issuer |
| if (!asn1::GetElement(&tbs_certificate, asn1::kSEQUENCE, NULL)) |
| return false; |
| // validity |
| if (!asn1::GetElement(&tbs_certificate, asn1::kSEQUENCE, NULL)) |
| return false; |
| // subject |
| if (!asn1::GetElement(&tbs_certificate, asn1::kSEQUENCE, NULL)) |
| return false; |
| // subjectPublicKeyInfo |
| if (!asn1::ParseElement(&tbs_certificate, asn1::kSEQUENCE, spki_out, NULL)) |
| return false; |
| return true; |
| } |
| |
| } // namespace asn1 |
| |
| } // namespace net |
