Lines Matching full:certificate
45 X509* certificate) {
104 if (!X509_add_ext(certificate, key_usage_extension.get() /* Don't release; copied */,
175 static bool add_public_key(EVP_PKEY* key, X509* certificate, keymaster_error_t* error) {
176 if (!X509_set_pubkey(certificate, key)) {
186 const KeymasterContext& context, X509* certificate,
194 if (!X509_add_ext(certificate, attest_extension.get() /* Don't release; copied */,
203 static keymaster_error_t get_certificate_blob(X509* certificate, keymaster_blob_t* blob) {
204 int len = i2d_X509(certificate, nullptr);
213 i2d_X509(certificate, &p);
239 // certificate.
252 chain->entries[0].data = nullptr; // Leave empty for the leaf certificate.
281 X509_Ptr certificate(X509_new());
282 if (!certificate.get())
285 if (!X509_set_version(certificate.get(), 2 /* version 3, but zero-based */))
290 !X509_set_serialNumber(certificate.get(), serialNumber.get() /* Don't release; copied */))
298 !X509_set_subject_name(certificate.get(), subjectName.get() /* Don't release; copied */))
305 !X509_set_notBefore(certificate.get(), notBefore.get() /* Don't release; copied */))
316 !X509_set_notAfter(certificate.get(), notAfter.get() /* Don't release; copied */))
319 keymaster_error_t error = add_key_usage_extension(tee_enforced, sw_enforced, certificate.get());
327 !add_public_key(pkey.get(), certificate.get(), &error) ||
329 certificate.get(), &error))
348 // Set issuer to subject of batch certificate.
353 if (!X509_set_issuer_name(certificate.get(), issuerSubject)) {
361 X509V3_set_ctx(x509v3_ctx.get(), signing_cert.get(), certificate.get(), nullptr /* req */,
368 !X509_add_ext(certificate.get(), auth_key_id.get() /* Don't release; copied */,
373 if (!X509_sign(certificate.get(), sign_key.get(), EVP_sha256()))
376 return get_certificate_blob(certificate.get(), &cert_chain->entries[0]);
