Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(245)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/test/cert_test_util_nss.cc

Issue 1106103003: Don't use RSAPrivateKey in NSS integration code. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@ocsp-refactor
Patch Set: pneubeck comments Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« components/ownership.gypi ('K') | « net/test/cert_test_util.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/test/cert_test_util.h" 5 #include "net/test/cert_test_util.h"
6 6
7 #include <pk11pub.h> 7 #include <pk11pub.h>
8 #include <secmodt.h> 8 #include <secmodt.h>
9 9
10 #include "base/files/file_path.h" 10 #include "base/files/file_path.h"
11 #include "base/files/file_util.h" 11 #include "base/files/file_util.h"
12 #include "crypto/nss_key_util.h"
12 #include "crypto/nss_util.h" 13 #include "crypto/nss_util.h"
13 #include "crypto/rsa_private_key.h" 14 #include "crypto/scoped_nss_types.h"
14 #include "net/cert/cert_type.h" 15 #include "net/cert/cert_type.h"
15 16
16 namespace net { 17 namespace net {
17 18
18 scoped_ptr<crypto::RSAPrivateKey> ImportSensitiveKeyFromFile( 19 bool ImportSensitiveKeyFromFile(const base::FilePath& dir,
19 const base::FilePath& dir, 20 const std::string& key_filename,
20 const std::string& key_filename, 21 PK11SlotInfo* slot) {
21 PK11SlotInfo* slot) {
22 #if defined(USE_OPENSSL)
23 // TODO(davidben): Port RSAPrivateKey::CreateSensitiveFromPrivateKeyInfo away
24 // from RSAPrivateKey so it doesn't make assumptions about the internal crypto
25 // library. Instead, return a ScopedSECKEYPrivateKey or have this function
26 // just return bool. https://crbug.com/478777
27 NOTIMPLEMENTED();
28 return nullptr;
29 #else
30 base::FilePath key_path = dir.AppendASCII(key_filename); 22 base::FilePath key_path = dir.AppendASCII(key_filename);
31 std::string key_pkcs8; 23 std::string key_pkcs8;
32 bool success = base::ReadFileToString(key_path, &key_pkcs8); 24 bool success = base::ReadFileToString(key_path, &key_pkcs8);
33 if (!success) { 25 if (!success) {
34 LOG(ERROR) << "Failed to read file " << key_path.value(); 26 LOG(ERROR) << "Failed to read file " << key_path.value();
35 return scoped_ptr<crypto::RSAPrivateKey>(); 27 return false;
36 } 28 }
37 29
38 const uint8* key_pkcs8_begin = 30 const uint8* key_pkcs8_begin =
39 reinterpret_cast<const uint8*>(key_pkcs8.data()); 31 reinterpret_cast<const uint8*>(key_pkcs8.data());
40 std::vector<uint8> key_vector(key_pkcs8_begin, 32 std::vector<uint8> key_vector(key_pkcs8_begin,
41 key_pkcs8_begin + key_pkcs8.length()); 33 key_pkcs8_begin + key_pkcs8.length());
42 34
43 scoped_ptr<crypto::RSAPrivateKey> private_key( 35 crypto::ScopedSECKEYPrivateKey private_key(
44 crypto::RSAPrivateKey::CreateSensitiveFromPrivateKeyInfo(slot, 36 crypto::ImportNSSKeyFromPrivateKeyInfo(slot, key_vector,
45 key_vector)); 37 true /* permanent */));
46 LOG_IF(ERROR, !private_key) << "Could not create key from file " 38 LOG_IF(ERROR, !private_key) << "Could not create key from file "
47 << key_path.value(); 39 << key_path.value();
48 return private_key.Pass(); 40 return private_key;
49 #endif
50 } 41 }
51 42
52 bool ImportClientCertToSlot(const scoped_refptr<X509Certificate>& cert, 43 bool ImportClientCertToSlot(const scoped_refptr<X509Certificate>& cert,
53 PK11SlotInfo* slot) { 44 PK11SlotInfo* slot) {
54 std::string nickname = cert->GetDefaultNickname(USER_CERT); 45 std::string nickname = cert->GetDefaultNickname(USER_CERT);
55 { 46 {
56 crypto::AutoNSSWriteLock lock; 47 crypto::AutoNSSWriteLock lock;
57 SECStatus rv = PK11_ImportCert(slot, 48 SECStatus rv = PK11_ImportCert(slot,
58 cert->os_cert_handle(), 49 cert->os_cert_handle(),
59 CK_INVALID_HANDLE, 50 CK_INVALID_HANDLE,
(...skipping 27 matching lines...) Expand all
87 if (!ImportClientCertToSlot(cert, slot)) 78 if (!ImportClientCertToSlot(cert, slot))
88 return NULL; 79 return NULL;
89 80
90 // |cert| continues to point to the original X509Certificate before the 81 // |cert| continues to point to the original X509Certificate before the
91 // import to |slot|. However this should not make a difference as NSS handles 82 // import to |slot|. However this should not make a difference as NSS handles
92 // state globally. 83 // state globally.
93 return cert; 84 return cert;
94 } 85 }
95 86
96 } // namespace net 87 } // namespace net
OLDNEW
« components/ownership.gypi ('K') | « net/test/cert_test_util.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698