1 // Copyright 2012 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_CERT_ASN1_UTIL_H_ 6 #define NET_CERT_ASN1_UTIL_H_ 7 8 #include <string_view> 9 10 #include "net/base/net_export.h" 11 12 namespace net::asn1 { 13 14 // ExtractSubjectFromDERCert parses the DER encoded certificate in |cert| and 15 // extracts the bytes of the X.501 Subject. On successful return, |subject_out| 16 // is set to contain the Subject, pointing into |cert|. 17 NET_EXPORT_PRIVATE bool ExtractSubjectFromDERCert( 18 std::string_view cert, 19 std::string_view* subject_out); 20 21 // ExtractSPKIFromDERCert parses the DER encoded certificate in |cert| and 22 // extracts the bytes of the SubjectPublicKeyInfo. On successful return, 23 // |spki_out| is set to contain the SPKI, pointing into |cert|. 24 NET_EXPORT bool ExtractSPKIFromDERCert(std::string_view cert, 25 std::string_view* spki_out); 26 27 // ExtractSubjectPublicKeyFromSPKI parses the DER encoded SubjectPublicKeyInfo 28 // in |spki| and extracts the bytes of the SubjectPublicKey. On successful 29 // return, |spk_out| is set to contain the public key, pointing into |spki|. 30 NET_EXPORT_PRIVATE bool ExtractSubjectPublicKeyFromSPKI( 31 std::string_view spki, 32 std::string_view* spk_out); 33 34 // HasCanSignHttpExchangesDraftExtension parses the DER encoded certificate 35 // in |cert| and extracts the canSignHttpExchangesDraft extension 36 // (https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html) 37 // if present. Returns true if the extension was present, and false if 38 // the extension was not present or if there was a parsing failure. 39 NET_EXPORT bool HasCanSignHttpExchangesDraftExtension(std::string_view cert); 40 41 // Extracts the two (SEQUENCE) tag-length-values for the signature 42 // AlgorithmIdentifiers in a DER encoded certificate. Does not use strict 43 // parsing or validate the resulting AlgorithmIdentifiers. 44 // 45 // On success returns true, and assigns |cert_signature_algorithm_sequence| and 46 // |tbs_signature_algorithm_sequence| to point into |cert|: 47 // 48 // * |cert_signature_algorithm_sequence| points at the TLV for 49 // Certificate.signatureAlgorithm. 50 // 51 // * |tbs_signature_algorithm_sequence| points at the TLV for 52 // TBSCertificate.algorithm. 53 NET_EXPORT_PRIVATE bool ExtractSignatureAlgorithmsFromDERCert( 54 std::string_view cert, 55 std::string_view* cert_signature_algorithm_sequence, 56 std::string_view* tbs_signature_algorithm_sequence); 57 58 // Extracts the contents of the extension (if any) with OID |extension_oid| from 59 // the DER-encoded, X.509 certificate in |cert|. 60 // 61 // Returns false on parse error or true if the parse was successful. Sets 62 // |*out_extension_present| to whether or not the extension was found. If found, 63 // sets |*out_extension_critical| to match the extension's "critical" flag, and 64 // sets |*out_contents| to the contents of the extension (after unwrapping the 65 // OCTET STRING). 66 NET_EXPORT bool ExtractExtensionFromDERCert(std::string_view cert, 67 std::string_view extension_oid, 68 bool* out_extension_present, 69 bool* out_extension_critical, 70 std::string_view* out_contents); 71 72 } // namespace net::asn1 73 74 #endif // NET_CERT_ASN1_UTIL_H_ 75