Bug 1154399 - Part 4: Simplify certificate parsing in OCSP responses. r=keeler

--HG--
extra : rebase_source : caf903d29b0adc22fcc7e87e4fa0019cfa48007e
This commit is contained in:
Brian Smith 2015-04-14 05:33:03 -10:00
Родитель f124561818
Коммит 95bd8011e6
1 изменённых файлов: 15 добавлений и 29 удалений

Просмотреть файл

@ -407,40 +407,26 @@ BasicResponse(Reader& input, Context& context)
}
// Parse certificates, if any
NonOwningDERArray certs;
if (!input.AtEnd()) {
// We ignore the lengths of the wrappers because we'll detect bad lengths
// during parsing--too short and we'll run out of input for parsing a cert,
// and too long and we'll have leftover data that won't parse as a cert.
// [0] wrapper
Reader wrapped;
rv = der::ExpectTagAndGetValueAtEnd(
input, der::CONTEXT_SPECIFIC | der::CONSTRUCTED | 0, wrapped);
if (rv != Success) {
return rv;
}
// SEQUENCE wrapper
Reader certsSequence;
rv = der::ExpectTagAndGetValueAtEnd(wrapped, der::SEQUENCE, certsSequence);
if (rv != Success) {
return rv;
}
// sequence of certificates
while (!certsSequence.AtEnd()) {
rv = der::Nested(input, der::CONTEXT_SPECIFIC | der::CONSTRUCTED | 0,
der::SEQUENCE, [&certs](Reader& certsDER) -> Result {
while (!certsDER.AtEnd()) {
Input cert;
rv = der::ExpectTagAndGetTLV(certsSequence, der::SEQUENCE, cert);
Result rv = der::ExpectTagAndGetTLV(certsDER, der::SEQUENCE, cert);
if (rv != Success) {
return rv;
}
rv = certs.Append(cert);
if (rv != Success) {
return rv;
return Result::ERROR_BAD_DER; // Too many certs
}
}
return Success;
});
if (rv != Success) {
return rv;
}
}
return ResponseData(tbsResponseData, context, signedData, certs);