Remove certificates from Channel ID

net/cert/x509_util_nss.cc

Index: net/cert/x509_util_nss.cc
diff --git a/net/cert/x509_util_nss.cc b/net/cert/x509_util_nss.cc
index b138bd405af42ed79ea51220bed302de41b2c5a9..fe7551d1f46bd3bbb3b6e76373944dcbb1af4723 100644
--- a/net/cert/x509_util_nss.cc
+++ b/net/cert/x509_util_nss.cc
@@ -291,83 +291,6 @@ bool IsSupportedValidityRange(base::Time not_valid_before,
   return true;
 }
 
-bool CreateChannelIDEC(crypto::ECPrivateKey* key,
-                       DigestAlgorithm alg,
-                       const std::string& domain,
-                       uint32 serial_number,
-                       base::Time not_valid_before,
-                       base::Time not_valid_after,
-                       std::string* der_cert) {
-  DCHECK(key);
-
-  CERTCertificate* cert = CreateCertificate(key->public_key(),
-                                            "CN=anonymous.invalid",
-                                            serial_number,
-                                            not_valid_before,
-                                            not_valid_after);
-
-  if (!cert)
-    return false;
-
-  // Create opaque handle used to add extensions later.
-  void* cert_handle;
-  if ((cert_handle = CERT_StartCertExtensions(cert)) == NULL) {
-    LOG(ERROR) << "Unable to get opaque handle for adding extensions";
-    CERT_DestroyCertificate(cert);
-    return false;
-  }
-
-  // Create SECItem for IA5String encoding.
-  SECItem domain_string_item = {
-    siAsciiString,
-    (unsigned char*)domain.data(),
-    static_cast<unsigned>(domain.size())
-  };
-
-  // IA5Encode and arena allocate SECItem
-  SECItem* asn1_domain_string = SEC_ASN1EncodeItem(
-      cert->arena, NULL, &domain_string_item,
-      SEC_ASN1_GET(SEC_IA5StringTemplate));
-  if (asn1_domain_string == NULL) {
-    LOG(ERROR) << "Unable to get ASN1 encoding for domain in domain_bound_cert"
-                  " extension";
-    CERT_DestroyCertificate(cert);
-    return false;
-  }
-
-  // Add the extension to the opaque handle
-  if (CERT_AddExtension(
-      cert_handle,
-      ChannelIDOIDWrapper::GetInstance()->domain_bound_cert_oid_tag(),
-      asn1_domain_string,
-      PR_TRUE,
-      PR_TRUE) != SECSuccess){
-    LOG(ERROR) << "Unable to add domain bound cert extension to opaque handle";
-    CERT_DestroyCertificate(cert);
-    return false;
-  }
-
-  // Copy extension into x509 cert
-  if (CERT_FinishExtensions(cert_handle) != SECSuccess){
-    LOG(ERROR) << "Unable to copy extension to X509 cert";
-    CERT_DestroyCertificate(cert);
-    return false;
-  }
-
-  if (!SignCertificate(cert, key->key(), ToSECOid(alg))) {
-    CERT_DestroyCertificate(cert);
-    return false;
-  }
-
-  DCHECK(cert->derCert.len);
-  // XXX copied from X509Certificate::GetDEREncoded
-  der_cert->clear();
-  der_cert->append(reinterpret_cast<char*>(cert->derCert.data),
-                   cert->derCert.len);
-  CERT_DestroyCertificate(cert);
-  return true;
-}
-
 #if defined(USE_NSS) || defined(OS_IOS)
 void ParsePrincipal(CERTName* name, CertPrincipal* principal) {
 // Starting in NSS 3.15, CERTGetNameFunc takes a const CERTName* argument.