// Copyright 2013 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/40284755): Remove this and spanify to fix the errors. #pragma allow_unsafe_buffers #endif #include "net/cert/ct_objects_extractor.h" #include <string.h> #include <string_view> #include "base/hash/sha1.h" #include "base/logging.h" #include "base/strings/string_util.h" #include "crypto/sha2.h" #include "net/cert/asn1_util.h" #include "net/cert/signed_certificate_timestamp.h" #include "net/cert/x509_util.h" #include "third_party/boringssl/src/include/openssl/bytestring.h" #include "third_party/boringssl/src/include/openssl/mem.h" namespace net::ct { namespace { // The wire form of the OID 1.3.6.1.4.1.11129.2.4.5 - OCSP SingleExtension for // X.509v3 Certificate Transparency Signed Certificate Timestamp List, see // Section 3.3 of RFC6962. const uint8_t kOCSPExtensionOid[] = …; // The wire form of the OID 1.3.6.1.5.5.7.48.1.1. See RFC 6960. const uint8_t kOCSPBasicResponseOid[] = …; // The wire form of the OID 1.3.14.3.2.26. const uint8_t kSHA1Oid[] = …; // The wire form of the OID 2.16.840.1.101.3.4.2.1. const uint8_t kSHA256Oid[] = …; bool StringEqualToCBS(const std::string& value1, const CBS* value2) { … } bool SkipElements(CBS* cbs, int count) { … } bool SkipOptionalElement(CBS* cbs, unsigned tag) { … } // Copies all the bytes in |outer| which are before |inner| to |out|. |inner| // must be a subset of |outer|. bool CopyBefore(const CBS& outer, const CBS& inner, CBB* out) { … } // Copies all the bytes in |outer| which are after |inner| to |out|. |inner| // must be a subset of |outer|. bool CopyAfter(const CBS& outer, const CBS& inner, CBB* out) { … } // Skips |tbs_cert|, which must be a TBSCertificate body, to just before the // extensions element. bool SkipTBSCertificateToExtensions(CBS* tbs_cert) { … } // Looks for the extension with the specified OID in |extensions|, which must // contain the contents of a SEQUENCE of X.509 extension structures. If found, // returns true and sets |*out| to the full extension element. bool FindExtensionElement(const CBS& extensions, const uint8_t* oid, size_t oid_len, CBS* out) { … } // Finds the SignedCertificateTimestampList in an extension with OID |oid| in // |x509_exts|. If found, returns true and sets |*out_sct_list| to the encoded // SCT list. bool ParseSCTListFromExtensions(const CBS& extensions, const uint8_t* oid, size_t oid_len, std::string* out_sct_list) { … } // Finds the SingleResponse in |responses| which matches |issuer| and // |cert_serial_number|. On success, returns true and sets // |*out_single_response| to the body of the SingleResponse starting at the // |certStatus| field. bool FindMatchingSingleResponse(CBS* responses, const CRYPTO_BUFFER* issuer, const std::string& cert_serial_number, CBS* out_single_response) { … } } // namespace bool ExtractEmbeddedSCTList(const CRYPTO_BUFFER* cert, std::string* sct_list) { … } bool GetPrecertSignedEntry(const CRYPTO_BUFFER* leaf, const CRYPTO_BUFFER* issuer, SignedEntryData* result) { … } bool GetX509SignedEntry(const CRYPTO_BUFFER* leaf, SignedEntryData* result) { … } bool ExtractSCTListFromOCSPResponse(const CRYPTO_BUFFER* issuer, const std::string& cert_serial_number, std::string_view ocsp_response, std::string* sct_list) { … } } // namespace net::ct
Codebase Browser
chromium