diff --git a/identity/support/include/android/hardware/identity/support/IdentityCredentialSupport.h b/identity/support/include/android/hardware/identity/support/IdentityCredentialSupport.h index 82746d6da5..952b69a020 100644 --- a/identity/support/include/android/hardware/identity/support/IdentityCredentialSupport.h +++ b/identity/support/include/android/hardware/identity/support/IdentityCredentialSupport.h @@ -407,6 +407,10 @@ const vector& getTestHardwareBoundKey(); // may be smaller than |maxChunkSize|. vector> chunkVector(const vector& content, size_t maxChunkSize); +// Extract the issuer subject name from the leaf cert in the given chain, +// returning it as DER-encoded bytes. +optional> extractDerSubjectFromCertificate(const vector& certificate); + } // namespace support } // namespace identity } // namespace hardware diff --git a/identity/support/src/IdentityCredentialSupport.cpp b/identity/support/src/IdentityCredentialSupport.cpp index 36ecdb04e5..4c2f186f53 100644 --- a/identity/support/src/IdentityCredentialSupport.cpp +++ b/identity/support/src/IdentityCredentialSupport.cpp @@ -209,38 +209,6 @@ optional> derEncodeKeyPair(const EVP_PKEY& pkey) { return keyPair; } -// Extract the issuer subject name from the leaf cert in the given chain, -// returning it as DER-encoded bytes. -optional> extractDerSubjectFromCertificate(const vector& certificate) { - const uint8_t* input = certificate.data(); - X509_Ptr cert(d2i_X509(/*cert=*/nullptr, &input, certificate.size())); - if (!cert) { - LOG(ERROR) << "Failed to parse certificate"; - return std::nullopt; - } - - X509_NAME* subject = X509_get_subject_name(cert.get()); - if (!subject) { - LOG(ERROR) << "Failed to retrieve subject name"; - return std::nullopt; - } - - int encodedSubjectLength = i2d_X509_NAME(subject, /*out=*/nullptr); - if (encodedSubjectLength < 0) { - LOG(ERROR) << "Error obtaining encoded subject name length"; - return std::nullopt; - } - - vector encodedSubject(encodedSubjectLength); - uint8_t* out = encodedSubject.data(); - if (encodedSubjectLength != i2d_X509_NAME(subject, &out)) { - LOG(ERROR) << "Error encoding subject name"; - return std::nullopt; - } - - return encodedSubject; -} - // Generates the attestation certificate with the parameters passed in. Note // that the passed in |activeTimeMilliSeconds| |expireTimeMilliSeconds| are in // milli seconds since epoch. We are setting them to milliseconds due to @@ -900,7 +868,7 @@ optional, vector>> createEcKeyPairWithAttesta } optional> derIssuerSubject = - extractDerSubjectFromCertificate(attestationKeyCert); + support::extractDerSubjectFromCertificate(attestationKeyCert); if (!derIssuerSubject) { LOG(ERROR) << "Error error extracting issuer name from the given certificate chain"; return std::nullopt; @@ -2325,6 +2293,36 @@ const vector& getTestHardwareBoundKey() { return testHardwareBoundKey; } +optional> extractDerSubjectFromCertificate(const vector& certificate) { + const uint8_t* input = certificate.data(); + X509_Ptr cert(d2i_X509(/*cert=*/nullptr, &input, certificate.size())); + if (!cert) { + LOG(ERROR) << "Failed to parse certificate"; + return std::nullopt; + } + + X509_NAME* subject = X509_get_subject_name(cert.get()); + if (!subject) { + LOG(ERROR) << "Failed to retrieve subject name"; + return std::nullopt; + } + + int encodedSubjectLength = i2d_X509_NAME(subject, /*out=*/nullptr); + if (encodedSubjectLength < 0) { + LOG(ERROR) << "Error obtaining encoded subject name length"; + return std::nullopt; + } + + vector encodedSubject(encodedSubjectLength); + uint8_t* out = encodedSubject.data(); + if (encodedSubjectLength != i2d_X509_NAME(subject, &out)) { + LOG(ERROR) << "Error encoding subject name"; + return std::nullopt; + } + + return encodedSubject; +} + } // namespace support } // namespace identity } // namespace hardware