xref: /aosp_15_r20/external/cronet/net/tools/cert_verify_tool/cert_verify_tool_util.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2016 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_TOOLS_CERT_VERIFY_TOOL_CERT_VERIFY_TOOL_UTIL_H_
6 #define NET_TOOLS_CERT_VERIFY_TOOL_CERT_VERIFY_TOOL_UTIL_H_
7 
8 #include <string>
9 #include <vector>
10 #include "third_party/boringssl/src/include/openssl/base.h"
11 
12 #include "base/files/file_path.h"
13 #include "third_party/boringssl/src/pki/trust_store.h"
14 
15 namespace net {
16 class X509Certificate;
17 }  // namespace net
18 
19 // Stores DER certificate bytes and details about where they were read from.
20 // This allows decoupling the input file reading from the certificate parsing
21 // while retaining useful error messages.
22 struct CertInput {
23   // DER-encoded certificate data. This is not validated.
24   std::string der_cert;
25 
26   // The source file the data was read from.
27   base::FilePath source_file_path;
28 
29   // Human-readable details about the source of the data, for logging purposes.
30   // For example, if the |source_file_path| contained multiple certificates,
31   // this might indicate which part of the file |der_cert| came from.
32   std::string source_details;
33 };
34 
35 // Stores DER certificate bytes as well as a trust setting that should be
36 // applied to them.
37 struct CertInputWithTrustSetting {
38   CertInput cert_input;
39   bssl::CertificateTrust trust;
40 };
41 
42 // Parses |file_path| as a single DER cert or a PEM certificate list.
43 bool ReadCertificatesFromFile(const base::FilePath& file_path,
44                               std::vector<CertInput>* certs);
45 
46 // Parses |file_path| as a DER cert or PEM chain. If more than one cert is
47 // present, the first will be used as the target certificate and the rest will
48 // be used as intermediates. Returns true on success. Note if the input
49 // contains no certificates then the return value is true however
50 // nothing is written to |target| or |intermediates|.
51 bool ReadChainFromFile(const base::FilePath& file_path,
52                        CertInput* target,
53                        std::vector<CertInput>* intermediates);
54 
55 // Reads from a file and prints an error message if it failed.
56 bool ReadFromFile(const base::FilePath& file_path, std::string* file_data);
57 
58 // Writes a file and prints an error message if it failed.
59 bool WriteToFile(const base::FilePath& file_path, const std::string& data);
60 
61 // Prints an error about the input |cert|. This will include the file the cert
62 // was read from, as well as which block in the file if it was a PEM file.
63 void PrintCertError(const std::string& error, const CertInput& cert);
64 
65 // Returns a hex-encoded sha256 of the DER-encoding of |cert_handle|.
66 std::string FingerPrintCryptoBuffer(const CRYPTO_BUFFER* cert_handle);
67 
68 // Returns a textual representation of the Subject of |cert|.
69 std::string SubjectFromX509Certificate(const net::X509Certificate* cert);
70 
71 // Returns a textual representation of the Subject of |cert_handle|.
72 std::string SubjectFromCryptoBuffer(CRYPTO_BUFFER* cert_handle);
73 
74 #endif  // NET_TOOLS_CERT_VERIFY_TOOL_CERT_VERIFY_TOOL_UTIL_H_
75