pki/verify_name_match.h - boringssl - Git at Google

 // Copyright 2015 The Chromium Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     https://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 #ifndef BSSL_PKI_VERIFY_NAME_MATCH_H_
 #define BSSL_PKI_VERIFY_NAME_MATCH_H_

 #include <string>
 #include <vector>

 #include <openssl/base.h>

 BSSL_NAMESPACE_BEGIN

 class CertErrors;

 namespace der {
 class Input;
 }  // namespace der

 // Normalizes DER-encoded X.501 Name `name_rdn_sequence` (which should not
 // include the Sequence tag).  If successful, returns true and stores the
 // normalized DER-encoded Name into `normalized_rdn_sequence` (not including an
 // outer Sequence tag). Returns false if there was an error parsing or
 // normalizing the input, and adds error information to `errors`. `errors` must
 // be non-null.
 OPENSSL_EXPORT bool NormalizeName(der::Input name_rdn_sequence,
                                   std::string *normalized_rdn_sequence,
                                   CertErrors *errors);

 // Compares DER-encoded X.501 Name values according to RFC 5280 rules.
 // `a_rdn_sequence` and `b_rdn_sequence` should be the DER-encoded RDNSequence
 // values (not including the Sequence tag).
 // Returns true if `a_rdn_sequence` and `b_rdn_sequence` match.
 OPENSSL_EXPORT bool VerifyNameMatch(der::Input a_rdn_sequence,
                                     der::Input b_rdn_sequence);

 // Compares `name_rdn_sequence` and `parent_rdn_sequence` and return true if
 // `name_rdn_sequence` is within the subtree defined by `parent_rdn_sequence` as
 // defined by RFC 5280 section 7.1. `name_rdn_sequence` and
 // `parent_rdn_sequence` should be the DER-encoded sequence values (not
 // including the Sequence tag).
 OPENSSL_EXPORT bool VerifyNameInSubtree(der::Input name_rdn_sequence,
                                         der::Input parent_rdn_sequence);

 // Helper functions:

 // Find all emailAddress attribute values in `name_rdn_sequence`.
 // Returns true if parsing was successful, in which case
 // `*contained_email_address` will contain zero or more values.  The values
 // returned in `*contained_email_addresses` will be UTF8 strings and have been
 // checked that they were valid strings for the string type of the attribute
 // tag, but otherwise have not been validated.
 // Returns false if there was a parsing error.
 [[nodiscard]] bool FindEmailAddressesInName(
     der::Input name_rdn_sequence,
     std::vector<std::string> *contained_email_addresses);

 BSSL_NAMESPACE_END

 #endif  // BSSL_PKI_VERIFY_NAME_MATCH_H_
	// Copyright 2015 The Chromium Authors
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// https://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	#ifndef BSSL_PKI_VERIFY_NAME_MATCH_H_
	#define BSSL_PKI_VERIFY_NAME_MATCH_H_

	#include <string>
	#include <vector>

	#include <openssl/base.h>

	BSSL_NAMESPACE_BEGIN

	class CertErrors;

	namespace der {
	class Input;
	} // namespace der

	// Normalizes DER-encoded X.501 Name `name_rdn_sequence` (which should not
	// include the Sequence tag). If successful, returns true and stores the
	// normalized DER-encoded Name into `normalized_rdn_sequence` (not including an
	// outer Sequence tag). Returns false if there was an error parsing or
	// normalizing the input, and adds error information to `errors`. `errors` must
	// be non-null.
	OPENSSL_EXPORT bool NormalizeName(der::Input name_rdn_sequence,
	std::string *normalized_rdn_sequence,
	CertErrors *errors);

	// Compares DER-encoded X.501 Name values according to RFC 5280 rules.
	// `a_rdn_sequence` and `b_rdn_sequence` should be the DER-encoded RDNSequence
	// values (not including the Sequence tag).
	// Returns true if `a_rdn_sequence` and `b_rdn_sequence` match.
	OPENSSL_EXPORT bool VerifyNameMatch(der::Input a_rdn_sequence,
	der::Input b_rdn_sequence);

	// Compares `name_rdn_sequence` and `parent_rdn_sequence` and return true if
	// `name_rdn_sequence` is within the subtree defined by `parent_rdn_sequence` as
	// defined by RFC 5280 section 7.1. `name_rdn_sequence` and
	// `parent_rdn_sequence` should be the DER-encoded sequence values (not
	// including the Sequence tag).
	OPENSSL_EXPORT bool VerifyNameInSubtree(der::Input name_rdn_sequence,
	der::Input parent_rdn_sequence);

	// Helper functions:

	// Find all emailAddress attribute values in `name_rdn_sequence`.
	// Returns true if parsing was successful, in which case
	// `*contained_email_address` will contain zero or more values. The values
	// returned in `*contained_email_addresses` will be UTF8 strings and have been
	// checked that they were valid strings for the string type of the attribute
	// tag, but otherwise have not been validated.
	// Returns false if there was a parsing error.
	[[nodiscard]] bool FindEmailAddressesInName(
	der::Input name_rdn_sequence,
	std::vector<std::string> *contained_email_addresses);

	BSSL_NAMESPACE_END

	#endif // BSSL_PKI_VERIFY_NAME_MATCH_H_