Merge "Export extractDerSubjectFromCertificate() utility API for oem Hal usage"
diff --git a/identity/support/include/android/hardware/identity/support/IdentityCredentialSupport.h b/identity/support/include/android/hardware/identity/support/IdentityCredentialSupport.h
index 82746d6..952b69a 100644
--- a/identity/support/include/android/hardware/identity/support/IdentityCredentialSupport.h
+++ b/identity/support/include/android/hardware/identity/support/IdentityCredentialSupport.h
@@ -407,6 +407,10 @@
// may be smaller than |maxChunkSize|.
vector<vector<uint8_t>> chunkVector(const vector<uint8_t>& content, size_t maxChunkSize);
+// Extract the issuer subject name from the leaf cert in the given chain,
+// returning it as DER-encoded bytes.
+optional<vector<uint8_t>> extractDerSubjectFromCertificate(const vector<uint8_t>& certificate);
+
} // namespace support
} // namespace identity
} // namespace hardware
diff --git a/identity/support/src/IdentityCredentialSupport.cpp b/identity/support/src/IdentityCredentialSupport.cpp
index 36ecdb0..4c2f186 100644
--- a/identity/support/src/IdentityCredentialSupport.cpp
+++ b/identity/support/src/IdentityCredentialSupport.cpp
@@ -209,38 +209,6 @@
return keyPair;
}
-// Extract the issuer subject name from the leaf cert in the given chain,
-// returning it as DER-encoded bytes.
-optional<vector<uint8_t>> extractDerSubjectFromCertificate(const vector<uint8_t>& certificate) {
- const uint8_t* input = certificate.data();
- X509_Ptr cert(d2i_X509(/*cert=*/nullptr, &input, certificate.size()));
- if (!cert) {
- LOG(ERROR) << "Failed to parse certificate";
- return std::nullopt;
- }
-
- X509_NAME* subject = X509_get_subject_name(cert.get());
- if (!subject) {
- LOG(ERROR) << "Failed to retrieve subject name";
- return std::nullopt;
- }
-
- int encodedSubjectLength = i2d_X509_NAME(subject, /*out=*/nullptr);
- if (encodedSubjectLength < 0) {
- LOG(ERROR) << "Error obtaining encoded subject name length";
- return std::nullopt;
- }
-
- vector<uint8_t> encodedSubject(encodedSubjectLength);
- uint8_t* out = encodedSubject.data();
- if (encodedSubjectLength != i2d_X509_NAME(subject, &out)) {
- LOG(ERROR) << "Error encoding subject name";
- return std::nullopt;
- }
-
- return encodedSubject;
-}
-
// Generates the attestation certificate with the parameters passed in. Note
// that the passed in |activeTimeMilliSeconds| |expireTimeMilliSeconds| are in
// milli seconds since epoch. We are setting them to milliseconds due to
@@ -900,7 +868,7 @@
}
optional<vector<uint8_t>> derIssuerSubject =
- extractDerSubjectFromCertificate(attestationKeyCert);
+ support::extractDerSubjectFromCertificate(attestationKeyCert);
if (!derIssuerSubject) {
LOG(ERROR) << "Error error extracting issuer name from the given certificate chain";
return std::nullopt;
@@ -2325,6 +2293,36 @@
return testHardwareBoundKey;
}
+optional<vector<uint8_t>> extractDerSubjectFromCertificate(const vector<uint8_t>& certificate) {
+ const uint8_t* input = certificate.data();
+ X509_Ptr cert(d2i_X509(/*cert=*/nullptr, &input, certificate.size()));
+ if (!cert) {
+ LOG(ERROR) << "Failed to parse certificate";
+ return std::nullopt;
+ }
+
+ X509_NAME* subject = X509_get_subject_name(cert.get());
+ if (!subject) {
+ LOG(ERROR) << "Failed to retrieve subject name";
+ return std::nullopt;
+ }
+
+ int encodedSubjectLength = i2d_X509_NAME(subject, /*out=*/nullptr);
+ if (encodedSubjectLength < 0) {
+ LOG(ERROR) << "Error obtaining encoded subject name length";
+ return std::nullopt;
+ }
+
+ vector<uint8_t> encodedSubject(encodedSubjectLength);
+ uint8_t* out = encodedSubject.data();
+ if (encodedSubjectLength != i2d_X509_NAME(subject, &out)) {
+ LOG(ERROR) << "Error encoding subject name";
+ return std::nullopt;
+ }
+
+ return encodedSubject;
+}
+
} // namespace support
} // namespace identity
} // namespace hardware