1 // Copyright 2016 The Chromium Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // https://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 #ifndef BSSL_PKI_PARSE_NAME_H_ 16 #define BSSL_PKI_PARSE_NAME_H_ 17 18 #include <vector> 19 20 #include <openssl/base.h> 21 #include <openssl/bytestring.h> 22 23 #include "input.h" 24 #include "parser.h" 25 26 BSSL_NAMESPACE_BEGIN 27 28 // id-at-commonName: 2.5.4.3 (RFC 5280) 29 inline constexpr uint8_t kTypeCommonNameOid[] = {0x55, 0x04, 0x03}; 30 // id-at-surname: 2.5.4.4 (RFC 5280) 31 inline constexpr uint8_t kTypeSurnameOid[] = {0x55, 0x04, 0x04}; 32 // id-at-serialNumber: 2.5.4.5 (RFC 5280) 33 inline constexpr uint8_t kTypeSerialNumberOid[] = {0x55, 0x04, 0x05}; 34 // id-at-countryName: 2.5.4.6 (RFC 5280) 35 inline constexpr uint8_t kTypeCountryNameOid[] = {0x55, 0x04, 0x06}; 36 // id-at-localityName: 2.5.4.7 (RFC 5280) 37 inline constexpr uint8_t kTypeLocalityNameOid[] = {0x55, 0x04, 0x07}; 38 // id-at-stateOrProvinceName: 2.5.4.8 (RFC 5280) 39 inline constexpr uint8_t kTypeStateOrProvinceNameOid[] = {0x55, 0x04, 0x08}; 40 // street (streetAddress): 2.5.4.9 (RFC 4519) 41 inline constexpr uint8_t kTypeStreetAddressOid[] = {0x55, 0x04, 0x09}; 42 // id-at-organizationName: 2.5.4.10 (RFC 5280) 43 inline constexpr uint8_t kTypeOrganizationNameOid[] = {0x55, 0x04, 0x0a}; 44 // id-at-organizationalUnitName: 2.5.4.11 (RFC 5280) 45 inline constexpr uint8_t kTypeOrganizationUnitNameOid[] = {0x55, 0x04, 0x0b}; 46 // id-at-title: 2.5.4.12 (RFC 5280) 47 inline constexpr uint8_t kTypeTitleOid[] = {0x55, 0x04, 0x0c}; 48 // id-at-name: 2.5.4.41 (RFC 5280) 49 inline constexpr uint8_t kTypeNameOid[] = {0x55, 0x04, 0x29}; 50 // id-at-givenName: 2.5.4.42 (RFC 5280) 51 inline constexpr uint8_t kTypeGivenNameOid[] = {0x55, 0x04, 0x2a}; 52 // id-at-initials: 2.5.4.43 (RFC 5280) 53 inline constexpr uint8_t kTypeInitialsOid[] = {0x55, 0x04, 0x2b}; 54 // id-at-generationQualifier: 2.5.4.44 (RFC 5280) 55 inline constexpr uint8_t kTypeGenerationQualifierOid[] = {0x55, 0x04, 0x2c}; 56 // dc (domainComponent): 0.9.2342.19200300.100.1.25 (RFC 4519) 57 inline constexpr uint8_t kTypeDomainComponentOid[] = { 58 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19}; 59 // RFC 5280 section A.1: 60 // 61 // pkcs-9 OBJECT IDENTIFIER ::= 62 // { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } 63 // 64 // id-emailAddress AttributeType ::= { pkcs-9 1 } 65 // 66 // In dotted form: 1.2.840.113549.1.9.1 67 inline constexpr uint8_t kTypeEmailAddressOid[] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 68 0x0D, 0x01, 0x09, 0x01}; 69 70 // X509NameAttribute contains a representation of a DER-encoded RFC 2253 71 // "AttributeTypeAndValue". 72 // 73 // AttributeTypeAndValue ::= SEQUENCE { 74 // type AttributeType, 75 // value AttributeValue 76 // } 77 struct OPENSSL_EXPORT X509NameAttribute { X509NameAttributeX509NameAttribute78 X509NameAttribute(der::Input in_type, CBS_ASN1_TAG in_value_tag, 79 der::Input in_value) 80 : type(in_type), value_tag(in_value_tag), value(in_value) {} 81 82 // Configures handling of PrintableString in the attribute value. Do 83 // not use non-default handling without consulting //net owners. With 84 // kAsUTF8Hack, PrintableStrings are interpreted as UTF-8 strings. 85 enum class PrintableStringHandling { kDefault, kAsUTF8Hack }; 86 87 // Attempts to convert the value represented by this struct into a 88 // UTF-8 string and store it in |out|, returning whether the conversion 89 // was successful. 90 [[nodiscard]] bool ValueAsString(std::string *out) const; 91 92 // Attempts to convert the value represented by this struct into a 93 // UTF-8 string and store it in |out|, returning whether the conversion 94 // was successful. Allows configuring some non-standard string handling 95 // options. 96 // 97 // Do not use without consulting //net owners. 98 [[nodiscard]] bool ValueAsStringWithUnsafeOptions( 99 PrintableStringHandling printable_string_handling, 100 std::string *out) const; 101 102 // Attempts to convert the value represented by this struct into a 103 // std::string and store it in |out|, returning whether the conversion was 104 // successful. Due to some encodings being incompatible, the caller must 105 // verify the attribute |value_tag|. 106 // 107 // Note: Don't use this function unless you know what you're doing. Use 108 // ValueAsString instead. 109 // 110 // Note: The conversion doesn't verify that the value corresponds to the 111 // ASN.1 definition of the value type. 112 [[nodiscard]] bool ValueAsStringUnsafe(std::string *out) const; 113 114 // Formats the NameAttribute per RFC2253 into an ASCII string and stores 115 // the result in |out|, returning whether the conversion was successful. 116 [[nodiscard]] bool AsRFC2253String(std::string *out) const; 117 118 der::Input type; 119 CBS_ASN1_TAG value_tag; 120 der::Input value; 121 }; 122 123 typedef std::vector<X509NameAttribute> RelativeDistinguishedName; 124 typedef std::vector<RelativeDistinguishedName> RDNSequence; 125 126 // Parses all the ASN.1 AttributeTypeAndValue elements in |parser| and stores 127 // each as an AttributeTypeAndValue object in |out|. 128 // 129 // AttributeTypeAndValue is defined in RFC 5280 section 4.1.2.4: 130 // 131 // AttributeTypeAndValue ::= SEQUENCE { 132 // type AttributeType, 133 // value AttributeValue } 134 // 135 // AttributeType ::= OBJECT IDENTIFIER 136 // 137 // AttributeValue ::= ANY -- DEFINED BY AttributeType 138 // 139 // DirectoryString ::= CHOICE { 140 // teletexString TeletexString (SIZE (1..MAX)), 141 // printableString PrintableString (SIZE (1..MAX)), 142 // universalString UniversalString (SIZE (1..MAX)), 143 // utf8String UTF8String (SIZE (1..MAX)), 144 // bmpString BMPString (SIZE (1..MAX)) } 145 // 146 // The type of the component AttributeValue is determined by the AttributeType; 147 // in general it will be a DirectoryString. 148 [[nodiscard]] OPENSSL_EXPORT bool ReadRdn(der::Parser *parser, 149 RelativeDistinguishedName *out); 150 151 // Parses a DER-encoded "Name" as specified by 5280. Returns true on success 152 // and sets the results in |out|. 153 [[nodiscard]] OPENSSL_EXPORT bool ParseName(der::Input name_tlv, 154 RDNSequence *out); 155 // Parses a DER-encoded "Name" value (without the sequence tag & length) as 156 // specified by 5280. Returns true on success and sets the results in |out|. 157 [[nodiscard]] OPENSSL_EXPORT bool ParseNameValue(der::Input name_value, 158 RDNSequence *out); 159 160 // Formats a RDNSequence |rdn_sequence| per RFC2253 as an ASCII string and 161 // stores the result into |out|, and returns whether the conversion was 162 // successful. 163 [[nodiscard]] OPENSSL_EXPORT bool ConvertToRFC2253( 164 const RDNSequence &rdn_sequence, std::string *out); 165 BSSL_NAMESPACE_END 166 167 #endif // BSSL_PKI_PARSE_NAME_H_ 168