1 // Copyright 2015 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "extended_key_usage.h" 6 7 #include <openssl/bytestring.h> 8 9 #include "input.h" 10 #include "parser.h" 11 12 namespace bssl { 13 ParseEKUExtension(der::Input extension_value,std::vector<der::Input> * eku_oids)14bool ParseEKUExtension(der::Input extension_value, 15 std::vector<der::Input> *eku_oids) { 16 der::Parser extension_parser(extension_value); 17 der::Parser sequence_parser; 18 if (!extension_parser.ReadSequence(&sequence_parser)) { 19 return false; 20 } 21 22 // Section 4.2.1.12 of RFC 5280 defines ExtKeyUsageSyntax as: 23 // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId 24 // 25 // Therefore, the sequence must contain at least one KeyPurposeId. 26 if (!sequence_parser.HasMore()) { 27 return false; 28 } 29 while (sequence_parser.HasMore()) { 30 der::Input eku_oid; 31 if (!sequence_parser.ReadTag(CBS_ASN1_OBJECT, &eku_oid)) { 32 // The SEQUENCE OF must contain only KeyPurposeIds (OIDs). 33 return false; 34 } 35 eku_oids->push_back(eku_oid); 36 } 37 if (extension_parser.HasMore()) { 38 // The extension value must follow ExtKeyUsageSyntax - there is no way that 39 // it could be extended to allow for something after the SEQUENCE OF. 40 return false; 41 } 42 return true; 43 } 44 45 } // namespace bssl 46