From 98b9e24d6f383ea85f588e83861fd604c36368cf Mon Sep 17 00:00:00 2001 From: klzgrad Date: Sun, 16 May 2021 00:47:27 +0800 Subject: [PATCH] cert: Handle AIA response in PKCS#7 format --- .../cert/internal/cert_issuer_source_aia.cc | 27 ++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/src/net/cert/internal/cert_issuer_source_aia.cc b/src/net/cert/internal/cert_issuer_source_aia.cc index 7892006f4e..f9130765ef 100644 --- a/src/net/cert/internal/cert_issuer_source_aia.cc +++ b/src/net/cert/internal/cert_issuer_source_aia.cc @@ -9,6 +9,7 @@ #include "net/cert/cert_net_fetcher.h" #include "net/cert/internal/cert_errors.h" #include "net/cert/pem.h" +#include "net/cert/x509_certificate.h" #include "net/cert/x509_util.h" #include "url/gurl.h" @@ -52,6 +53,28 @@ bool ParseCertFromPem(const uint8_t* data, pem_tokenizer.data().size(), results); } +bool ParseCertFromAuto(const uint8_t* data, + size_t length, + ParsedCertificateList* results) { + CertificateList certs = X509Certificate::CreateCertificateListFromBytes( + reinterpret_cast(data), length, + X509Certificate::FORMAT_AUTO); + bool ok = false; + for (const auto& cert : certs) { + CertErrors errors; + auto parsed = ParsedCertificate::Create( + bssl::UpRef(cert->cert_buffer()), + x509_util::DefaultParseCertificateOptions(), &errors); + if (parsed) { + results->push_back(parsed); + ok = true; + } else { + LOG(ERROR) << errors.ToDebugString(); + } + } + return ok; +} + class AiaRequest : public CertIssuerSource::Request { public: AiaRequest() = default; @@ -117,7 +140,9 @@ bool AiaRequest::AddCompletedFetchToResults(Error error, // is not part of RFC 5280's profile. return ParseCertFromDer(fetched_bytes.data(), fetched_bytes.size(), results) || - ParseCertFromPem(fetched_bytes.data(), fetched_bytes.size(), results); + ParseCertFromPem(fetched_bytes.data(), fetched_bytes.size(), + results) || + ParseCertFromAuto(fetched_bytes.data(), fetched_bytes.size(), results); } } // namespace