• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_CERT_ASN1_UTIL_H_
6 #define NET_CERT_ASN1_UTIL_H_
7 
8 #include "base/strings/string_piece.h"
9 #include "net/base/net_export.h"
10 
11 namespace net::asn1 {
12 
13 // ExtractSubjectFromDERCert parses the DER encoded certificate in |cert| and
14 // extracts the bytes of the X.501 Subject. On successful return, |subject_out|
15 // is set to contain the Subject, pointing into |cert|.
16 NET_EXPORT_PRIVATE bool ExtractSubjectFromDERCert(
17     base::StringPiece cert,
18     base::StringPiece* subject_out);
19 
20 // ExtractSPKIFromDERCert parses the DER encoded certificate in |cert| and
21 // extracts the bytes of the SubjectPublicKeyInfo. On successful return,
22 // |spki_out| is set to contain the SPKI, pointing into |cert|.
23 NET_EXPORT_PRIVATE bool ExtractSPKIFromDERCert(base::StringPiece cert,
24                                                base::StringPiece* spki_out);
25 
26 // ExtractSubjectPublicKeyFromSPKI parses the DER encoded SubjectPublicKeyInfo
27 // in |spki| and extracts the bytes of the SubjectPublicKey. On successful
28 // return, |spk_out| is set to contain the public key, pointing into |spki|.
29 NET_EXPORT_PRIVATE bool ExtractSubjectPublicKeyFromSPKI(
30     base::StringPiece spki,
31     base::StringPiece* spk_out);
32 
33 // HasCanSignHttpExchangesDraftExtension parses the DER encoded certificate
34 // in |cert| and extracts the canSignHttpExchangesDraft extension
35 // (https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html)
36 // if present. Returns true if the extension was present, and false if
37 // the extension was not present or if there was a parsing failure.
38 NET_EXPORT bool HasCanSignHttpExchangesDraftExtension(base::StringPiece cert);
39 
40 // Extracts the two (SEQUENCE) tag-length-values for the signature
41 // AlgorithmIdentifiers in a DER encoded certificate. Does not use strict
42 // parsing or validate the resulting AlgorithmIdentifiers.
43 //
44 // On success returns true, and assigns |cert_signature_algorithm_sequence| and
45 // |tbs_signature_algorithm_sequence| to point into |cert|:
46 //
47 // * |cert_signature_algorithm_sequence| points at the TLV for
48 //   Certificate.signatureAlgorithm.
49 //
50 // * |tbs_signature_algorithm_sequence| points at the TLV for
51 //   TBSCertificate.algorithm.
52 NET_EXPORT_PRIVATE bool ExtractSignatureAlgorithmsFromDERCert(
53     base::StringPiece cert,
54     base::StringPiece* cert_signature_algorithm_sequence,
55     base::StringPiece* tbs_signature_algorithm_sequence);
56 
57 // Extracts the contents of the extension (if any) with OID |extension_oid| from
58 // the DER-encoded, X.509 certificate in |cert|.
59 //
60 // Returns false on parse error or true if the parse was successful. Sets
61 // |*out_extension_present| to whether or not the extension was found. If found,
62 // sets |*out_extension_critical| to match the extension's "critical" flag, and
63 // sets |*out_contents| to the contents of the extension (after unwrapping the
64 // OCTET STRING).
65 NET_EXPORT bool ExtractExtensionFromDERCert(base::StringPiece cert,
66                                             base::StringPiece extension_oid,
67                                             bool* out_extension_present,
68                                             bool* out_extension_critical,
69                                             base::StringPiece* out_contents);
70 
71 }  // namespace net::asn1
72 
73 #endif // NET_CERT_ASN1_UTIL_H_
74