Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(526)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/mozilla_security_manager/nsKeygenHandler.cpp

Issue 6805019: Move crypto files out of base, to a top level directory. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Fixes comments by eroman Created 9 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket/ssl_server_socket_unittest.cc ('k') | net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- 1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * 2 *
3 * ***** BEGIN LICENSE BLOCK ***** 3 * ***** BEGIN LICENSE BLOCK *****
4 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 4 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
5 * 5 *
6 * The contents of this file are subject to the Mozilla Public License Version 6 * The contents of this file are subject to the Mozilla Public License Version
7 * 1.1 (the "License"); you may not use this file except in compliance with 7 * 1.1 (the "License"); you may not use this file except in compliance with
8 * the License. You may obtain a copy of the License at 8 * the License. You may obtain a copy of the License at
9 * http://www.mozilla.org/MPL/ 9 * http://www.mozilla.org/MPL/
10 * 10 *
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
42 42
43 #include <pk11pub.h> 43 #include <pk11pub.h>
44 #include <prerror.h> // PR_GetError() 44 #include <prerror.h> // PR_GetError()
45 #include <secmod.h> 45 #include <secmod.h>
46 #include <secder.h> // DER_Encode() 46 #include <secder.h> // DER_Encode()
47 #include <cryptohi.h> // SEC_DerSignData() 47 #include <cryptohi.h> // SEC_DerSignData()
48 #include <keyhi.h> // SECKEY_CreateSubjectPublicKeyInfo() 48 #include <keyhi.h> // SECKEY_CreateSubjectPublicKeyInfo()
49 49
50 #include "base/base64.h" 50 #include "base/base64.h"
51 #include "base/logging.h" 51 #include "base/logging.h"
52 #include "base/nss_util.h" 52 #include "crypto/nss_util.h"
53 #include "googleurl/src/gurl.h" 53 #include "googleurl/src/gurl.h"
54 54
55 namespace { 55 namespace {
56 56
57 // Template for creating the signed public key structure to be sent to the CA. 57 // Template for creating the signed public key structure to be sent to the CA.
58 DERTemplate SECAlgorithmIDTemplate[] = { 58 DERTemplate SECAlgorithmIDTemplate[] = {
59 { DER_SEQUENCE, 59 { DER_SEQUENCE,
60 0, NULL, sizeof(SECAlgorithmID) }, 60 0, NULL, sizeof(SECAlgorithmID) },
61 { DER_OBJECT_ID, 61 { DER_OBJECT_ID,
62 offsetof(SECAlgorithmID, algorithm), }, 62 offsetof(SECAlgorithmID, algorithm), },
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after
129 default: 129 default:
130 // TODO(gauravsh): If we ever support other mechanisms, 130 // TODO(gauravsh): If we ever support other mechanisms,
131 // this can be changed. 131 // this can be changed.
132 LOG(ERROR) << "Only RSA keygen mechanism is supported"; 132 LOG(ERROR) << "Only RSA keygen mechanism is supported";
133 isSuccess = false; 133 isSuccess = false;
134 goto failure; 134 goto failure;
135 } 135 }
136 136
137 VLOG(1) << "Creating key pair..."; 137 VLOG(1) << "Creating key pair...";
138 { 138 {
139 base::AutoNSSWriteLock lock; 139 crypto::AutoNSSWriteLock lock;
140 privateKey = PK11_GenerateKeyPair(slot, 140 privateKey = PK11_GenerateKeyPair(slot,
141 keyGenMechanism, 141 keyGenMechanism,
142 keyGenParams, 142 keyGenParams,
143 &publicKey, 143 &publicKey,
144 PR_TRUE, // isPermanent? 144 PR_TRUE, // isPermanent?
145 PR_TRUE, // isSensitive? 145 PR_TRUE, // isSensitive?
146 NULL); 146 NULL);
147 } 147 }
148 VLOG(1) << "done."; 148 VLOG(1) << "done.";
149 149
150 if (!privateKey) { 150 if (!privateKey) {
151 VLOG(1) << "Generation of Keypair failed!"; 151 VLOG(1) << "Generation of Keypair failed!";
152 isSuccess = false; 152 isSuccess = false;
153 goto failure; 153 goto failure;
154 } 154 }
155 155
156 // Set friendly names for the keys. 156 // Set friendly names for the keys.
157 if (url.has_host()) { 157 if (url.has_host()) {
158 // TODO(davidben): Use something like "Key generated for 158 // TODO(davidben): Use something like "Key generated for
159 // example.com", but localize it. 159 // example.com", but localize it.
160 const std::string& label = url.host(); 160 const std::string& label = url.host();
161 { 161 {
162 base::AutoNSSWriteLock lock; 162 crypto::AutoNSSWriteLock lock;
163 PK11_SetPublicKeyNickname(publicKey, label.c_str()); 163 PK11_SetPublicKeyNickname(publicKey, label.c_str());
164 PK11_SetPrivateKeyNickname(privateKey, label.c_str()); 164 PK11_SetPrivateKeyNickname(privateKey, label.c_str());
165 } 165 }
166 } 166 }
167 167
168 // The CA expects the signed public key in a specific format 168 // The CA expects the signed public key in a specific format
169 // Let's create that now. 169 // Let's create that now.
170 170
171 // Create a subject public key info from the public key. 171 // Create a subject public key info from the public key.
172 spkInfo = SECKEY_CreateSubjectPublicKeyInfo(publicKey); 172 spkInfo = SECKEY_CreateSubjectPublicKeyInfo(publicKey);
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
228 LOG(ERROR) << "SSL Keygen failed! (NSS error code " << PR_GetError() << ")"; 228 LOG(ERROR) << "SSL Keygen failed! (NSS error code " << PR_GetError() << ")";
229 } else { 229 } else {
230 VLOG(1) << "SSL Keygen succeeded!"; 230 VLOG(1) << "SSL Keygen succeeded!";
231 } 231 }
232 232
233 // Do cleanups 233 // Do cleanups
234 if (privateKey) { 234 if (privateKey) {
235 // On successful keygen we need to keep the private key, of course, 235 // On successful keygen we need to keep the private key, of course,
236 // or we won't be able to use the client certificate. 236 // or we won't be able to use the client certificate.
237 if (!isSuccess || !stores_key) { 237 if (!isSuccess || !stores_key) {
238 base::AutoNSSWriteLock lock; 238 crypto::AutoNSSWriteLock lock;
239 PK11_DestroyTokenObject(privateKey->pkcs11Slot, privateKey->pkcs11ID); 239 PK11_DestroyTokenObject(privateKey->pkcs11Slot, privateKey->pkcs11ID);
240 } 240 }
241 SECKEY_DestroyPrivateKey(privateKey); 241 SECKEY_DestroyPrivateKey(privateKey);
242 } 242 }
243 243
244 if (publicKey) { 244 if (publicKey) {
245 if (!isSuccess || !stores_key) { 245 if (!isSuccess || !stores_key) {
246 base::AutoNSSWriteLock lock; 246 crypto::AutoNSSWriteLock lock;
247 PK11_DestroyTokenObject(publicKey->pkcs11Slot, publicKey->pkcs11ID); 247 PK11_DestroyTokenObject(publicKey->pkcs11Slot, publicKey->pkcs11ID);
248 } 248 }
249 SECKEY_DestroyPublicKey(publicKey); 249 SECKEY_DestroyPublicKey(publicKey);
250 } 250 }
251 if (spkInfo) { 251 if (spkInfo) {
252 SECKEY_DestroySubjectPublicKeyInfo(spkInfo); 252 SECKEY_DestroySubjectPublicKeyInfo(spkInfo);
253 } 253 }
254 if (arena) { 254 if (arena) {
255 PORT_FreeArena(arena, PR_TRUE); 255 PORT_FreeArena(arena, PR_TRUE);
256 } 256 }
257 257
258 return (isSuccess ? result_blob : std::string()); 258 return (isSuccess ? result_blob : std::string());
259 } 259 }
260 260
261 } // namespace mozilla_security_manager 261 } // namespace mozilla_security_manager
OLDNEW
« no previous file with comments | « net/socket/ssl_server_socket_unittest.cc ('k') | net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698