Index: net/cert/x509_util_nss.cc |
diff --git a/net/cert/x509_util_nss.cc b/net/cert/x509_util_nss.cc |
index b138bd405af42ed79ea51220bed302de41b2c5a9..fe7551d1f46bd3bbb3b6e76373944dcbb1af4723 100644 |
--- a/net/cert/x509_util_nss.cc |
+++ b/net/cert/x509_util_nss.cc |
@@ -291,83 +291,6 @@ bool IsSupportedValidityRange(base::Time not_valid_before, |
return true; |
} |
-bool CreateChannelIDEC(crypto::ECPrivateKey* key, |
- DigestAlgorithm alg, |
- const std::string& domain, |
- uint32 serial_number, |
- base::Time not_valid_before, |
- base::Time not_valid_after, |
- std::string* der_cert) { |
- DCHECK(key); |
- |
- CERTCertificate* cert = CreateCertificate(key->public_key(), |
- "CN=anonymous.invalid", |
- serial_number, |
- not_valid_before, |
- not_valid_after); |
- |
- if (!cert) |
- return false; |
- |
- // Create opaque handle used to add extensions later. |
- void* cert_handle; |
- if ((cert_handle = CERT_StartCertExtensions(cert)) == NULL) { |
- LOG(ERROR) << "Unable to get opaque handle for adding extensions"; |
- CERT_DestroyCertificate(cert); |
- return false; |
- } |
- |
- // Create SECItem for IA5String encoding. |
- SECItem domain_string_item = { |
- siAsciiString, |
- (unsigned char*)domain.data(), |
- static_cast<unsigned>(domain.size()) |
- }; |
- |
- // IA5Encode and arena allocate SECItem |
- SECItem* asn1_domain_string = SEC_ASN1EncodeItem( |
- cert->arena, NULL, &domain_string_item, |
- SEC_ASN1_GET(SEC_IA5StringTemplate)); |
- if (asn1_domain_string == NULL) { |
- LOG(ERROR) << "Unable to get ASN1 encoding for domain in domain_bound_cert" |
- " extension"; |
- CERT_DestroyCertificate(cert); |
- return false; |
- } |
- |
- // Add the extension to the opaque handle |
- if (CERT_AddExtension( |
- cert_handle, |
- ChannelIDOIDWrapper::GetInstance()->domain_bound_cert_oid_tag(), |
- asn1_domain_string, |
- PR_TRUE, |
- PR_TRUE) != SECSuccess){ |
- LOG(ERROR) << "Unable to add domain bound cert extension to opaque handle"; |
- CERT_DestroyCertificate(cert); |
- return false; |
- } |
- |
- // Copy extension into x509 cert |
- if (CERT_FinishExtensions(cert_handle) != SECSuccess){ |
- LOG(ERROR) << "Unable to copy extension to X509 cert"; |
- CERT_DestroyCertificate(cert); |
- return false; |
- } |
- |
- if (!SignCertificate(cert, key->key(), ToSECOid(alg))) { |
- CERT_DestroyCertificate(cert); |
- return false; |
- } |
- |
- DCHECK(cert->derCert.len); |
- // XXX copied from X509Certificate::GetDEREncoded |
- der_cert->clear(); |
- der_cert->append(reinterpret_cast<char*>(cert->derCert.data), |
- cert->derCert.len); |
- CERT_DestroyCertificate(cert); |
- return true; |
-} |
- |
#if defined(USE_NSS) || defined(OS_IOS) |
void ParsePrincipal(CERTName* name, CertPrincipal* principal) { |
// Starting in NSS 3.15, CERTGetNameFunc takes a const CERTName* argument. |