1*6777b538SAndroid Build Coastguard Worker // Copyright 2012 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef NET_CERT_ASN1_UTIL_H_ 6*6777b538SAndroid Build Coastguard Worker #define NET_CERT_ASN1_UTIL_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include <string_view> 9*6777b538SAndroid Build Coastguard Worker 10*6777b538SAndroid Build Coastguard Worker #include "net/base/net_export.h" 11*6777b538SAndroid Build Coastguard Worker 12*6777b538SAndroid Build Coastguard Worker namespace net::asn1 { 13*6777b538SAndroid Build Coastguard Worker 14*6777b538SAndroid Build Coastguard Worker // ExtractSubjectFromDERCert parses the DER encoded certificate in |cert| and 15*6777b538SAndroid Build Coastguard Worker // extracts the bytes of the X.501 Subject. On successful return, |subject_out| 16*6777b538SAndroid Build Coastguard Worker // is set to contain the Subject, pointing into |cert|. 17*6777b538SAndroid Build Coastguard Worker NET_EXPORT_PRIVATE bool ExtractSubjectFromDERCert( 18*6777b538SAndroid Build Coastguard Worker std::string_view cert, 19*6777b538SAndroid Build Coastguard Worker std::string_view* subject_out); 20*6777b538SAndroid Build Coastguard Worker 21*6777b538SAndroid Build Coastguard Worker // ExtractSPKIFromDERCert parses the DER encoded certificate in |cert| and 22*6777b538SAndroid Build Coastguard Worker // extracts the bytes of the SubjectPublicKeyInfo. On successful return, 23*6777b538SAndroid Build Coastguard Worker // |spki_out| is set to contain the SPKI, pointing into |cert|. 24*6777b538SAndroid Build Coastguard Worker NET_EXPORT bool ExtractSPKIFromDERCert(std::string_view cert, 25*6777b538SAndroid Build Coastguard Worker std::string_view* spki_out); 26*6777b538SAndroid Build Coastguard Worker 27*6777b538SAndroid Build Coastguard Worker // ExtractSubjectPublicKeyFromSPKI parses the DER encoded SubjectPublicKeyInfo 28*6777b538SAndroid Build Coastguard Worker // in |spki| and extracts the bytes of the SubjectPublicKey. On successful 29*6777b538SAndroid Build Coastguard Worker // return, |spk_out| is set to contain the public key, pointing into |spki|. 30*6777b538SAndroid Build Coastguard Worker NET_EXPORT_PRIVATE bool ExtractSubjectPublicKeyFromSPKI( 31*6777b538SAndroid Build Coastguard Worker std::string_view spki, 32*6777b538SAndroid Build Coastguard Worker std::string_view* spk_out); 33*6777b538SAndroid Build Coastguard Worker 34*6777b538SAndroid Build Coastguard Worker // HasCanSignHttpExchangesDraftExtension parses the DER encoded certificate 35*6777b538SAndroid Build Coastguard Worker // in |cert| and extracts the canSignHttpExchangesDraft extension 36*6777b538SAndroid Build Coastguard Worker // (https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html) 37*6777b538SAndroid Build Coastguard Worker // if present. Returns true if the extension was present, and false if 38*6777b538SAndroid Build Coastguard Worker // the extension was not present or if there was a parsing failure. 39*6777b538SAndroid Build Coastguard Worker NET_EXPORT bool HasCanSignHttpExchangesDraftExtension(std::string_view cert); 40*6777b538SAndroid Build Coastguard Worker 41*6777b538SAndroid Build Coastguard Worker // Extracts the two (SEQUENCE) tag-length-values for the signature 42*6777b538SAndroid Build Coastguard Worker // AlgorithmIdentifiers in a DER encoded certificate. Does not use strict 43*6777b538SAndroid Build Coastguard Worker // parsing or validate the resulting AlgorithmIdentifiers. 44*6777b538SAndroid Build Coastguard Worker // 45*6777b538SAndroid Build Coastguard Worker // On success returns true, and assigns |cert_signature_algorithm_sequence| and 46*6777b538SAndroid Build Coastguard Worker // |tbs_signature_algorithm_sequence| to point into |cert|: 47*6777b538SAndroid Build Coastguard Worker // 48*6777b538SAndroid Build Coastguard Worker // * |cert_signature_algorithm_sequence| points at the TLV for 49*6777b538SAndroid Build Coastguard Worker // Certificate.signatureAlgorithm. 50*6777b538SAndroid Build Coastguard Worker // 51*6777b538SAndroid Build Coastguard Worker // * |tbs_signature_algorithm_sequence| points at the TLV for 52*6777b538SAndroid Build Coastguard Worker // TBSCertificate.algorithm. 53*6777b538SAndroid Build Coastguard Worker NET_EXPORT_PRIVATE bool ExtractSignatureAlgorithmsFromDERCert( 54*6777b538SAndroid Build Coastguard Worker std::string_view cert, 55*6777b538SAndroid Build Coastguard Worker std::string_view* cert_signature_algorithm_sequence, 56*6777b538SAndroid Build Coastguard Worker std::string_view* tbs_signature_algorithm_sequence); 57*6777b538SAndroid Build Coastguard Worker 58*6777b538SAndroid Build Coastguard Worker // Extracts the contents of the extension (if any) with OID |extension_oid| from 59*6777b538SAndroid Build Coastguard Worker // the DER-encoded, X.509 certificate in |cert|. 60*6777b538SAndroid Build Coastguard Worker // 61*6777b538SAndroid Build Coastguard Worker // Returns false on parse error or true if the parse was successful. Sets 62*6777b538SAndroid Build Coastguard Worker // |*out_extension_present| to whether or not the extension was found. If found, 63*6777b538SAndroid Build Coastguard Worker // sets |*out_extension_critical| to match the extension's "critical" flag, and 64*6777b538SAndroid Build Coastguard Worker // sets |*out_contents| to the contents of the extension (after unwrapping the 65*6777b538SAndroid Build Coastguard Worker // OCTET STRING). 66*6777b538SAndroid Build Coastguard Worker NET_EXPORT bool ExtractExtensionFromDERCert(std::string_view cert, 67*6777b538SAndroid Build Coastguard Worker std::string_view extension_oid, 68*6777b538SAndroid Build Coastguard Worker bool* out_extension_present, 69*6777b538SAndroid Build Coastguard Worker bool* out_extension_critical, 70*6777b538SAndroid Build Coastguard Worker std::string_view* out_contents); 71*6777b538SAndroid Build Coastguard Worker 72*6777b538SAndroid Build Coastguard Worker } // namespace net::asn1 73*6777b538SAndroid Build Coastguard Worker 74*6777b538SAndroid Build Coastguard Worker #endif // NET_CERT_ASN1_UTIL_H_ 75