• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef BSSL_PKI_ASN1_UTIL_H_
6 #define BSSL_PKI_ASN1_UTIL_H_
7 
8 #include "fillins/openssl_util.h"
9 #include <string_view>
10 
11 
12 
13 namespace bssl::asn1 {
14 
15 // ExtractSubjectFromDERCert parses the DER encoded certificate in |cert| and
16 // extracts the bytes of the X.501 Subject. On successful return, |subject_out|
17 // is set to contain the Subject, pointing into |cert|.
18 OPENSSL_EXPORT bool ExtractSubjectFromDERCert(
19     std::string_view cert,
20     std::string_view* subject_out);
21 
22 // ExtractSPKIFromDERCert parses the DER encoded certificate in |cert| and
23 // extracts the bytes of the SubjectPublicKeyInfo. On successful return,
24 // |spki_out| is set to contain the SPKI, pointing into |cert|.
25 OPENSSL_EXPORT bool ExtractSPKIFromDERCert(std::string_view cert,
26                                                std::string_view* spki_out);
27 
28 // ExtractSubjectPublicKeyFromSPKI parses the DER encoded SubjectPublicKeyInfo
29 // in |spki| and extracts the bytes of the SubjectPublicKey. On successful
30 // return, |spk_out| is set to contain the public key, pointing into |spki|.
31 OPENSSL_EXPORT bool ExtractSubjectPublicKeyFromSPKI(
32     std::string_view spki,
33     std::string_view* spk_out);
34 
35 // HasCanSignHttpExchangesDraftExtension parses the DER encoded certificate
36 // in |cert| and extracts the canSignHttpExchangesDraft extension
37 // (https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html)
38 // if present. Returns true if the extension was present, and false if
39 // the extension was not present or if there was a parsing failure.
40 OPENSSL_EXPORT bool HasCanSignHttpExchangesDraftExtension(std::string_view cert);
41 
42 // Extracts the two (SEQUENCE) tag-length-values for the signature
43 // AlgorithmIdentifiers in a DER encoded certificate. Does not use strict
44 // parsing or validate the resulting AlgorithmIdentifiers.
45 //
46 // On success returns true, and assigns |cert_signature_algorithm_sequence| and
47 // |tbs_signature_algorithm_sequence| to point into |cert|:
48 //
49 // * |cert_signature_algorithm_sequence| points at the TLV for
50 //   Certificate.signatureAlgorithm.
51 //
52 // * |tbs_signature_algorithm_sequence| points at the TLV for
53 //   TBSCertificate.algorithm.
54 OPENSSL_EXPORT bool ExtractSignatureAlgorithmsFromDERCert(
55     std::string_view cert,
56     std::string_view* cert_signature_algorithm_sequence,
57     std::string_view* tbs_signature_algorithm_sequence);
58 
59 // Extracts the contents of the extension (if any) with OID |extension_oid| from
60 // the DER-encoded, X.509 certificate in |cert|.
61 //
62 // Returns false on parse error or true if the parse was successful. Sets
63 // |*out_extension_present| to whether or not the extension was found. If found,
64 // sets |*out_extension_critical| to match the extension's "critical" flag, and
65 // sets |*out_contents| to the contents of the extension (after unwrapping the
66 // OCTET STRING).
67 OPENSSL_EXPORT bool ExtractExtensionFromDERCert(std::string_view cert,
68                                             std::string_view extension_oid,
69                                             bool* out_extension_present,
70                                             bool* out_extension_critical,
71                                             std::string_view* out_contents);
72 
73 }  // namespace bssl::asn1
74 
75 #endif // BSSL_PKI_ASN1_UTIL_H_
76