yggdrasil/ring
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ring/pki/asn1_util.h
Bob Beck bc97b7a8e1 Bring in the core of chromium certificate verifier as libpki 
Initially this leaves the canonical source in chrome, Additions
and fillins are committed directly, the chrome files are coverted
using the IMPORT script run from the pki directory for the moment.

The intention here is to continue frequent automatic conversion
(and avoid wholesale cosmetic changes in here for now) until
chrome converts to use these files in place of it's versions.
At that point these will become the definiative files, and the
IMPORT script can be tossed out.

A middle step along the way will be to change google3's verify.cc
in third_party/chromium_certificate_verifier to use this instead
of it's own extracted copy.

Status (and what is not done yet) being roughly tracked in README.md

Bug: chromium:1322914

Change-Id: Ibdb5479bc68985fa61ce6b10f98f31f6b3a7cbdf
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60285
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2023-06-22 19:34:39 +00:00

76 lines
3.3 KiB
C++
Raw Blame History

// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef BSSL_PKI_ASN1_UTIL_H_
#define BSSL_PKI_ASN1_UTIL_H_
#include "fillins/openssl_util.h"
#include <string_view>
namespace bssl::asn1 {
// ExtractSubjectFromDERCert parses the DER encoded certificate in |cert| and
// extracts the bytes of the X.501 Subject. On successful return, |subject_out|
// is set to contain the Subject, pointing into |cert|.
OPENSSL_EXPORT bool ExtractSubjectFromDERCert(
std::string_view cert,
std::string_view* subject_out);
// ExtractSPKIFromDERCert parses the DER encoded certificate in |cert| and
// extracts the bytes of the SubjectPublicKeyInfo. On successful return,
// |spki_out| is set to contain the SPKI, pointing into |cert|.
OPENSSL_EXPORT bool ExtractSPKIFromDERCert(std::string_view cert,
std::string_view* spki_out);
// ExtractSubjectPublicKeyFromSPKI parses the DER encoded SubjectPublicKeyInfo
// in |spki| and extracts the bytes of the SubjectPublicKey. On successful
// return, |spk_out| is set to contain the public key, pointing into |spki|.
OPENSSL_EXPORT bool ExtractSubjectPublicKeyFromSPKI(
std::string_view spki,
std::string_view* spk_out);
// HasCanSignHttpExchangesDraftExtension parses the DER encoded certificate
// in |cert| and extracts the canSignHttpExchangesDraft extension
// (https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html)
// if present. Returns true if the extension was present, and false if
// the extension was not present or if there was a parsing failure.
OPENSSL_EXPORT bool HasCanSignHttpExchangesDraftExtension(std::string_view cert);
// Extracts the two (SEQUENCE) tag-length-values for the signature
// AlgorithmIdentifiers in a DER encoded certificate. Does not use strict
// parsing or validate the resulting AlgorithmIdentifiers.
//
// On success returns true, and assigns |cert_signature_algorithm_sequence| and
// |tbs_signature_algorithm_sequence| to point into |cert|:
//
// * |cert_signature_algorithm_sequence| points at the TLV for
// Certificate.signatureAlgorithm.
//
// * |tbs_signature_algorithm_sequence| points at the TLV for
// TBSCertificate.algorithm.
OPENSSL_EXPORT bool ExtractSignatureAlgorithmsFromDERCert(
std::string_view cert,
std::string_view* cert_signature_algorithm_sequence,
std::string_view* tbs_signature_algorithm_sequence);
// Extracts the contents of the extension (if any) with OID |extension_oid| from
// the DER-encoded, X.509 certificate in |cert|.
//
// Returns false on parse error or true if the parse was successful. Sets
// |*out_extension_present| to whether or not the extension was found. If found,
// sets |*out_extension_critical| to match the extension's "critical" flag, and
// sets |*out_contents| to the contents of the extension (after unwrapping the
// OCTET STRING).
OPENSSL_EXPORT bool ExtractExtensionFromDERCert(std::string_view cert,
std::string_view extension_oid,
bool* out_extension_present,
bool* out_extension_critical,
std::string_view* out_contents);
} // namespace net::asn1
#endif // BSSL_PKI_ASN1_UTIL_H_
Reference in New Issue View Git Blame Copy Permalink