Added SecCertificateCopyExtensionValue

Author: AlexanderOMara

sec/SecCertificate.test.ts

@@ -1,15 +1,17 @@
+import { Bool8Ptr, Int32Ptr, Uint8Ptr } from '@hqtsm/struct';
 import { assertEquals, assertInstanceOf } from '@std/assert';
 import { INT32_MAX, INT32_MIN, UINT32_MAX } from '../libc/stdint.ts';
 import { digest } from '../spec/hash.ts';
 import {
 	__SecCertificate,
 	GetDecimalValueOfString,
+	SecCertificateCopyExtensionValue,
 	SecCertificateCopyIssuerSHA256Digest,
 	SecCertificateCopySHA1Digest,
 	SecCertificateCreateOidDataFromString,
+	SecCertificateExtension,
 	SecCertificateIsOidString,
 } from './SecCertificate.ts';
-import { Int32Ptr, Uint8Ptr } from '@hqtsm/struct';
 
 export const ABCD = new Uint8Array([...'ABCD'].map((c) => c.charCodeAt(0)));
 
@@ -131,3 +133,35 @@ Deno.test('SecCertificateCreateOidDataFromString', () => {
 		new Uint8Array([40 + 39, 0x87, 0xFF, 0xFF, 0xFF, 0x7F]),
 	);
 });
+
+Deno.test('SecCertificateCopyExtensionValue', () => {
+	const b = new Bool8Ptr(new ArrayBuffer(1));
+	const sce = new SecCertificateExtension();
+	const sc = new __SecCertificate();
+	const oid = '1.2.3';
+	const oidData = SecCertificateCreateOidDataFromString(oid)!;
+
+	sce.extnID.data = new Uint8Ptr(oidData.buffer);
+	sce.extnID.length = oidData.byteLength;
+	sce.critical = true;
+	sce.extnValue.data = new Uint8Ptr(ABCD.buffer.slice());
+	sce.extnValue.length = ABCD.byteLength;
+
+	sc._extensionCount = 1;
+	sc._extensions = [sce];
+
+	assertEquals(SecCertificateCopyExtensionValue(null, null, null), null);
+	assertEquals(SecCertificateCopyExtensionValue(sc, null, null), null);
+	assertEquals(SecCertificateCopyExtensionValue(sc, '', null), null);
+	assertEquals(SecCertificateCopyExtensionValue(sc, 'BAD', null), null);
+
+	assertEquals(SecCertificateCopyExtensionValue(sc, oid, b), ABCD);
+	assertEquals(b[0], true);
+
+	sce.critical = false;
+
+	assertEquals(SecCertificateCopyExtensionValue(sc, oidData, b), ABCD);
+	assertEquals(b[0], false);
+
+	assertEquals(SecCertificateCopyExtensionValue(sc, '1.1.1', b), null);
+});

sec/SecCertificate.ts

@@ -2,12 +2,18 @@ import { toStringTag } from '@hqtsm/class';
 import { Int32Ptr, type Ptr } from '@hqtsm/struct';
 import type { CFIndex } from '../CoreFoundation/CFBase.ts';
 import type { SubtleCryptoDigest } from '../helpers/crypto.ts';
-import { bufferBytes } from '../helpers/memory.ts';
+import {
+	type ArrayBufferLikeData,
+	bufferBytes,
+	pointerBytes,
+	viewBytes,
+} from '../helpers/memory.ts';
 import type { bool } from '../libc/c.ts';
 import { INT32_MAX, type int32_t } from '../libc/stdint.ts';
 import { DERItem } from '../libDER/DERItem.ts';
 import type { SecCertificateRef } from '../Security/SecBase.ts';
 import { SecSHA1DigestCreate, SecSHA256DigestCreate } from './SecDigest.ts';
+import { memcmp } from '../libc/string.ts';
 
 /**
  * X.509 certificate extension.
@@ -199,3 +205,45 @@ export function SecCertificateCreateOidDataFromString(
 
 	return new Uint8Array(bytes);
 }
+
+/**
+ * Get extension value.
+ *
+ * @param certificate Certificate.
+ * @param extensionOID OID.
+ * @param isCritical Is critical.
+ * @returns Extension value.
+ */
+export function SecCertificateCopyExtensionValue(
+	certificate: SecCertificateRef | null,
+	extensionOID: string | ArrayBufferLikeData | null,
+	isCritical: Ptr<bool> | null,
+): Uint8Array<ArrayBuffer> | null {
+	if (!certificate || !extensionOID) {
+		return null;
+	}
+
+	const oidData = typeof extensionOID === 'string'
+		? SecCertificateCreateOidDataFromString(extensionOID)
+		: viewBytes(extensionOID);
+	if (!oidData) {
+		return null;
+	}
+
+	const oidLen = oidData.byteLength;
+	for (let ix = 0; ix < certificate._extensionCount; ++ix) {
+		const extn = certificate._extensions![ix];
+		if (
+			extn.extnID.length === oidLen &&
+			!memcmp(extn.extnID.data!, oidData, oidLen)
+		) {
+			if (isCritical) {
+				isCritical[0] = extn.critical;
+			}
+			return pointerBytes(extn.extnValue.data!, extn.extnValue.length)
+				.slice();
+		}
+	}
+
+	return null;
+}