x509_util.cc | Explore in Territory

// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "net/cert/x509_util.h"

#include <string.h>

#include <map>
#include <memory>
#include <string_view>

#include "base/logging.h"
#include "base/memory/raw_ptr.h"
#include "base/notreached.h"
#include "base/strings/string_split.h"
#include "base/strings/string_util.h"
#include "base/time/time.h"
#include "build/build_config.h"
#include "crypto/openssl_util.h"
#include "crypto/rsa_private_key.h"
#include "crypto/sha2.h"
#include "net/base/hash_value.h"
#include "net/cert/asn1_util.h"
#include "net/cert/time_conversions.h"
#include "net/cert/x509_certificate.h"
#include "third_party/boringssl/src/include/openssl/bytestring.h"
#include "third_party/boringssl/src/include/openssl/digest.h"
#include "third_party/boringssl/src/include/openssl/ec.h"
#include "third_party/boringssl/src/include/openssl/ec_key.h"
#include "third_party/boringssl/src/include/openssl/evp.h"
#include "third_party/boringssl/src/include/openssl/mem.h"
#include "third_party/boringssl/src/include/openssl/pkcs7.h"
#include "third_party/boringssl/src/include/openssl/pool.h"
#include "third_party/boringssl/src/include/openssl/stack.h"
#include "third_party/boringssl/src/pki/cert_errors.h"
#include "third_party/boringssl/src/pki/input.h"
#include "third_party/boringssl/src/pki/name_constraints.h"
#include "third_party/boringssl/src/pki/parse_certificate.h"
#include "third_party/boringssl/src/pki/parse_name.h"
#include "third_party/boringssl/src/pki/parse_values.h"
#include "third_party/boringssl/src/pki/signature_algorithm.h"

namespace net::x509_util {

namespace {

bool AddSignatureAlgorithm(CBB* cbb,
                           base::span<const uint8_t> oid_bytes,
                           bool null_param) { … }

bool AddSignatureAlgorithm(CBB* cbb,
                           const EVP_PKEY* pkey,
                           DigestAlgorithm digest_alg) { … }

const EVP_MD* ToEVP(DigestAlgorithm alg) { … }

}  // namespace

// Adds an X.509 Name with the specified distinguished name to |cbb|.
bool AddName(CBB* cbb, std::string_view name) { … }

NET_EXPORT net::CertificateList ConvertToX509CertificatesIgnoreErrors(
    const std::vector<std::vector<uint8_t>>& certs_bytes) { … }

bssl::ParsedCertificateList ParseAllValidCerts(
    const CertificateList& x509_certs) { … }

bool CBBAddTime(CBB* cbb, base::Time time) { … }

bool GetTLSServerEndPointChannelBinding(const X509Certificate& certificate,
                                        std::string* token) { … }

// RSA keys created by CreateKeyAndSelfSignedCert will be of this length.
static const uint16_t kRSAKeyLength = …;

// Certificates made by CreateKeyAndSelfSignedCert will be signed using this
// digest algorithm.
static const DigestAlgorithm kSignatureDigestAlgorithm = …;

bool CreateKeyAndSelfSignedCert(std::string_view subject,
                                uint32_t serial_number,
                                base::Time not_valid_before,
                                base::Time not_valid_after,
                                std::unique_ptr<crypto::RSAPrivateKey>* key,
                                std::string* der_cert) { … }

Extension::Extension(base::span<const uint8_t> in_oid,
                     bool in_critical,
                     base::span<const uint8_t> in_contents)
    : … { … }
Extension::~Extension() = default;
Extension::Extension(const Extension&) = default;

bool CreateCert(EVP_PKEY* subject_key,
                DigestAlgorithm digest_alg,
                std::string_view subject,
                uint32_t serial_number,
                base::Time not_valid_before,
                base::Time not_valid_after,
                const std::vector<Extension>& extension_specs,
                std::string_view issuer,
                EVP_PKEY* issuer_key,
                std::string* der_encoded) { … }

bool CreateSelfSignedCert(EVP_PKEY* key,
                          DigestAlgorithm digest_alg,
                          std::string_view subject,
                          uint32_t serial_number,
                          base::Time not_valid_before,
                          base::Time not_valid_after,
                          const std::vector<Extension>& extension_specs,
                          std::string* der_encoded) { … }

CRYPTO_BUFFER_POOL* GetBufferPool() { … }

bssl::UniquePtr<CRYPTO_BUFFER> CreateCryptoBuffer(
    base::span<const uint8_t> data) { … }

bssl::UniquePtr<CRYPTO_BUFFER> CreateCryptoBuffer(std::string_view data) { … }

bssl::UniquePtr<CRYPTO_BUFFER> CreateCryptoBufferFromStaticDataUnsafe(
    base::span<const uint8_t> data) { … }

bool CryptoBufferEqual(const CRYPTO_BUFFER* a, const CRYPTO_BUFFER* b) { … }

std::string_view CryptoBufferAsStringPiece(const CRYPTO_BUFFER* buffer) { … }

base::span<const uint8_t> CryptoBufferAsSpan(const CRYPTO_BUFFER* buffer) { … }

scoped_refptr<X509Certificate> CreateX509CertificateFromBuffers(
    const STACK_OF(CRYPTO_BUFFER) * buffers) { … }

bool CreateCertBuffersFromPKCS7Bytes(
    base::span<const uint8_t> data,
    std::vector<bssl::UniquePtr<CRYPTO_BUFFER>>* handles) { … }

bssl::ParseCertificateOptions DefaultParseCertificateOptions() { … }

bool CalculateSha256SpkiHash(const CRYPTO_BUFFER* buffer, HashValue* hash) { … }

bool SignatureVerifierInitWithCertificate(
    crypto::SignatureVerifier* verifier,
    crypto::SignatureVerifier::SignatureAlgorithm signature_algorithm,
    base::span<const uint8_t> signature,
    const CRYPTO_BUFFER* certificate) { … }

bool HasRsaPkcs1Sha1Signature(const CRYPTO_BUFFER* cert_buffer) { … }

}  // namespace net::x509_util
chromium/net/cert/x509_util.cc
