1 // Copyright 2012 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_CERT_ASN1_UTIL_H_ 6 #define NET_CERT_ASN1_UTIL_H_ 7 8 #include <string_view> 9 10 #include "base/containers/span.h" 11 #include "net/base/net_export.h" 12 13 namespace net::asn1 { 14 15 // ExtractSubjectFromDERCert parses the DER encoded certificate in |cert| and 16 // extracts the bytes of the X.501 Subject. On successful return, |subject_out| 17 // is set to contain the Subject, pointing into |cert|. 18 NET_EXPORT_PRIVATE bool ExtractSubjectFromDERCert( 19 std::string_view cert, 20 std::string_view* subject_out); 21 22 // ExtractIssuerAndSubjectFromDERCert parses the DER encoded certificate in 23 // |cert| and extracts the bytes of the X.501 Issuer and Subject. On successful 24 // return, |issuer_out| is set to the Issuer and |subject_out| is set to 25 // contain the Subject, pointing into |cert|. 26 NET_EXPORT_PRIVATE bool ExtractIssuerAndSubjectFromDERCert( 27 base::span<const uint8_t> cert, 28 base::span<const uint8_t>* issuer_out, 29 base::span<const uint8_t>* subject_out); 30 31 // ExtractSPKIFromDERCert parses the DER encoded certificate in |cert| and 32 // extracts the bytes of the SubjectPublicKeyInfo. On successful return, 33 // |spki_out| is set to contain the SPKI, pointing into |cert|. 34 NET_EXPORT bool ExtractSPKIFromDERCert(std::string_view cert, 35 std::string_view* spki_out); 36 37 // ExtractSubjectPublicKeyFromSPKI parses the DER encoded SubjectPublicKeyInfo 38 // in |spki| and extracts the bytes of the SubjectPublicKey. On successful 39 // return, |spk_out| is set to contain the public key, pointing into |spki|. 40 NET_EXPORT_PRIVATE bool ExtractSubjectPublicKeyFromSPKI( 41 std::string_view spki, 42 std::string_view* spk_out); 43 44 // HasCanSignHttpExchangesDraftExtension parses the DER encoded certificate 45 // in |cert| and extracts the canSignHttpExchangesDraft extension 46 // (https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html) 47 // if present. Returns true if the extension was present, and false if 48 // the extension was not present or if there was a parsing failure. 49 NET_EXPORT bool HasCanSignHttpExchangesDraftExtension(std::string_view cert); 50 51 // Extracts the two (SEQUENCE) tag-length-values for the signature 52 // AlgorithmIdentifiers in a DER encoded certificate. Does not use strict 53 // parsing or validate the resulting AlgorithmIdentifiers. 54 // 55 // On success returns true, and assigns |cert_signature_algorithm_sequence| and 56 // |tbs_signature_algorithm_sequence| to point into |cert|: 57 // 58 // * |cert_signature_algorithm_sequence| points at the TLV for 59 // Certificate.signatureAlgorithm. 60 // 61 // * |tbs_signature_algorithm_sequence| points at the TLV for 62 // TBSCertificate.algorithm. 63 NET_EXPORT_PRIVATE bool ExtractSignatureAlgorithmsFromDERCert( 64 std::string_view cert, 65 std::string_view* cert_signature_algorithm_sequence, 66 std::string_view* tbs_signature_algorithm_sequence); 67 68 // Extracts the contents of the extension (if any) with OID |extension_oid| from 69 // the DER-encoded, X.509 certificate in |cert|. 70 // 71 // Returns false on parse error or true if the parse was successful. Sets 72 // |*out_extension_present| to whether or not the extension was found. If found, 73 // sets |*out_extension_critical| to match the extension's "critical" flag, and 74 // sets |*out_contents| to the contents of the extension (after unwrapping the 75 // OCTET STRING). 76 NET_EXPORT bool ExtractExtensionFromDERCert(std::string_view cert, 77 std::string_view extension_oid, 78 bool* out_extension_present, 79 bool* out_extension_critical, 80 std::string_view* out_contents); 81 82 } // namespace net::asn1 83 84 #endif // NET_CERT_ASN1_UTIL_H_ 85