Export extractDerSubjectFromCertificate() utility API for oem Hal usage (5341ebba) · Commits · e / os / android_hardware_interfaces

identity/support/include/android/hardware/identity/support/IdentityCredentialSupport.h

+4 −0

Original line number	Diff line number	Diff line
		@@ -407,6 +407,10 @@ const vector<uint8_t>& getTestHardwareBoundKey();
		// may be smaller than \|maxChunkSize\|.
		vector<vector<uint8_t>> chunkVector(const vector<uint8_t>& content, size_t maxChunkSize);

		// Extract the issuer subject name from the leaf cert in the given chain,
		// returning it as DER-encoded bytes.
		optional<vector<uint8_t>> extractDerSubjectFromCertificate(const vector<uint8_t>& certificate);

		} // namespace support
		} // namespace identity
		} // namespace hardware

identity/support/src/IdentityCredentialSupport.cpp

+31 −33

Original line number	Diff line number	Diff line
		@@ -209,38 +209,6 @@ optional<vector<uint8_t>> derEncodeKeyPair(const EVP_PKEY& pkey) {
		return keyPair;
		}

		// Extract the issuer subject name from the leaf cert in the given chain,
		// returning it as DER-encoded bytes.
		optional<vector<uint8_t>> extractDerSubjectFromCertificate(const vector<uint8_t>& certificate) {
		const uint8_t* input = certificate.data();
		X509_Ptr cert(d2i_X509(/cert=/nullptr, &input, certificate.size()));
		if (!cert) {
		LOG(ERROR) << "Failed to parse certificate";
		return std::nullopt;
		}

		X509_NAME* subject = X509_get_subject_name(cert.get());
		if (!subject) {
		LOG(ERROR) << "Failed to retrieve subject name";
		return std::nullopt;
		}

		int encodedSubjectLength = i2d_X509_NAME(subject, /out=/nullptr);
		if (encodedSubjectLength < 0) {
		LOG(ERROR) << "Error obtaining encoded subject name length";
		return std::nullopt;
		}

		vector<uint8_t> encodedSubject(encodedSubjectLength);
		uint8_t* out = encodedSubject.data();
		if (encodedSubjectLength != i2d_X509_NAME(subject, &out)) {
		LOG(ERROR) << "Error encoding subject name";
		return std::nullopt;
		}

		return encodedSubject;
		}

		// Generates the attestation certificate with the parameters passed in. Note
		// that the passed in \|activeTimeMilliSeconds\| \|expireTimeMilliSeconds\| are in
		// milli seconds since epoch. We are setting them to milliseconds due to
		@@ -900,7 +868,7 @@ optional<std::pair<vector<uint8_t>, vector<uint8_t>>> createEcKeyPairWithAttesta
		}

		optional<vector<uint8_t>> derIssuerSubject =
		extractDerSubjectFromCertificate(attestationKeyCert);
		support::extractDerSubjectFromCertificate(attestationKeyCert);
		if (!derIssuerSubject) {
		LOG(ERROR) << "Error error extracting issuer name from the given certificate chain";
		return std::nullopt;
		@@ -2325,6 +2293,36 @@ const vector<uint8_t>& getTestHardwareBoundKey() {
		return testHardwareBoundKey;
		}

		optional<vector<uint8_t>> extractDerSubjectFromCertificate(const vector<uint8_t>& certificate) {
		const uint8_t* input = certificate.data();
		X509_Ptr cert(d2i_X509(/cert=/nullptr, &input, certificate.size()));
		if (!cert) {
		LOG(ERROR) << "Failed to parse certificate";
		return std::nullopt;
		}

		X509_NAME* subject = X509_get_subject_name(cert.get());
		if (!subject) {
		LOG(ERROR) << "Failed to retrieve subject name";
		return std::nullopt;
		}

		int encodedSubjectLength = i2d_X509_NAME(subject, /out=/nullptr);
		if (encodedSubjectLength < 0) {
		LOG(ERROR) << "Error obtaining encoded subject name length";
		return std::nullopt;
		}

		vector<uint8_t> encodedSubject(encodedSubjectLength);
		uint8_t* out = encodedSubject.data();
		if (encodedSubjectLength != i2d_X509_NAME(subject, &out)) {
		LOG(ERROR) << "Error encoding subject name";
		return std::nullopt;
		}

		return encodedSubject;
		}

		} // namespace support
		} // namespace identity
		} // namespace hardware