// Copyright 2019 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include <algorithm> #include <iterator> #include <openssl/base.h> #include <openssl/bytestring.h> #include "cert_errors.h" #include "crl.h" #include "input.h" #include "parse_values.h" #include "parser.h" #include "revocation_util.h" #include "signature_algorithm.h" #include "verify_name_match.h" #include "verify_signed_data.h" BSSL_NAMESPACE_BEGIN namespace { // id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 } // In dotted notation: 2.5.29.28 inline constexpr uint8_t kIssuingDistributionPointOid[] = …; [[nodiscard]] bool NormalizeNameTLV(der::Input name_tlv, std::string *out_normalized_name) { … } bool ContainsExactMatchingName(std::vector<std::string_view> a, std::vector<std::string_view> b) { … } } // namespace bool ParseCrlCertificateList(der::Input crl_tlv, der::Input *out_tbs_cert_list_tlv, der::Input *out_signature_algorithm_tlv, der::BitString *out_signature_value) { … } bool ParseCrlTbsCertList(der::Input tbs_tlv, ParsedCrlTbsCertList *out) { … } bool ParseIssuingDistributionPoint( der::Input extension_value, std::unique_ptr<GeneralNames> *out_distribution_point_names, ContainedCertsType *out_only_contains_cert_type) { … } CRLRevocationStatus GetCRLStatusForCert( der::Input cert_serial, CrlVersion crl_version, const std::optional<der::Input> &revoked_certificates_tlv) { … } ParsedCrlTbsCertList::ParsedCrlTbsCertList() = default; ParsedCrlTbsCertList::~ParsedCrlTbsCertList() = default; CRLRevocationStatus CheckCRL(std::string_view raw_crl, const ParsedCertificateList &valid_chain, size_t target_cert_index, const ParsedDistributionPoint &cert_dp, int64_t verify_time_epoch_seconds, std::optional<int64_t> max_age_seconds) { … } BSSL_NAMESPACE_END
Codebase Browser
chromium