xref: /aosp_15_r20/external/cronet/third_party/boringssl/src/pki/verify_name_match.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2015 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef BSSL_PKI_VERIFY_NAME_MATCH_H_
6 #define BSSL_PKI_VERIFY_NAME_MATCH_H_
7 
8 #include <string>
9 #include <vector>
10 
11 #include <openssl/base.h>
12 
13 namespace bssl {
14 
15 class CertErrors;
16 
17 namespace der {
18 class Input;
19 }  // namespace der
20 
21 // Normalizes DER-encoded X.501 Name |name_rdn_sequence| (which should not
22 // include the Sequence tag).  If successful, returns true and stores the
23 // normalized DER-encoded Name into |normalized_rdn_sequence| (not including an
24 // outer Sequence tag). Returns false if there was an error parsing or
25 // normalizing the input, and adds error information to |errors|. |errors| must
26 // be non-null.
27 OPENSSL_EXPORT bool NormalizeName(der::Input name_rdn_sequence,
28                                   std::string *normalized_rdn_sequence,
29                                   CertErrors *errors);
30 
31 // Compares DER-encoded X.501 Name values according to RFC 5280 rules.
32 // |a_rdn_sequence| and |b_rdn_sequence| should be the DER-encoded RDNSequence
33 // values (not including the Sequence tag).
34 // Returns true if |a_rdn_sequence| and |b_rdn_sequence| match.
35 OPENSSL_EXPORT bool VerifyNameMatch(der::Input a_rdn_sequence,
36                                     der::Input b_rdn_sequence);
37 
38 // Compares |name_rdn_sequence| and |parent_rdn_sequence| and return true if
39 // |name_rdn_sequence| is within the subtree defined by |parent_rdn_sequence| as
40 // defined by RFC 5280 section 7.1. |name_rdn_sequence| and
41 // |parent_rdn_sequence| should be the DER-encoded sequence values (not
42 // including the Sequence tag).
43 OPENSSL_EXPORT bool VerifyNameInSubtree(der::Input name_rdn_sequence,
44                                         der::Input parent_rdn_sequence);
45 
46 // Helper functions:
47 
48 // Find all emailAddress attribute values in |name_rdn_sequence|.
49 // Returns true if parsing was successful, in which case
50 // |*contained_email_address| will contain zero or more values.  The values
51 // returned in |*contained_email_addresses| will be UTF8 strings and have been
52 // checked that they were valid strings for the string type of the attribute
53 // tag, but otherwise have not been validated.
54 // Returns false if there was a parsing error.
55 [[nodiscard]] bool FindEmailAddressesInName(
56     der::Input name_rdn_sequence,
57     std::vector<std::string> *contained_email_addresses);
58 
59 }  // namespace bssl
60 
61 #endif  // BSSL_PKI_VERIFY_NAME_MATCH_H_
62