OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/test/cert_test_util.h" | 5 #include "net/test/cert_test_util.h" |
6 | 6 |
7 #include <pk11pub.h> | 7 #include <pk11pub.h> |
8 #include <secmodt.h> | 8 #include <secmodt.h> |
9 | 9 |
10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
11 #include "base/files/file_util.h" | 11 #include "base/files/file_util.h" |
| 12 #include "crypto/nss_key_util.h" |
12 #include "crypto/nss_util.h" | 13 #include "crypto/nss_util.h" |
13 #include "crypto/rsa_private_key.h" | 14 #include "crypto/scoped_nss_types.h" |
14 #include "net/cert/cert_type.h" | 15 #include "net/cert/cert_type.h" |
15 | 16 |
16 namespace net { | 17 namespace net { |
17 | 18 |
18 scoped_ptr<crypto::RSAPrivateKey> ImportSensitiveKeyFromFile( | 19 bool ImportSensitiveKeyFromFile(const base::FilePath& dir, |
19 const base::FilePath& dir, | 20 const std::string& key_filename, |
20 const std::string& key_filename, | 21 PK11SlotInfo* slot) { |
21 PK11SlotInfo* slot) { | |
22 #if defined(USE_OPENSSL) | |
23 // TODO(davidben): Port RSAPrivateKey::CreateSensitiveFromPrivateKeyInfo away | |
24 // from RSAPrivateKey so it doesn't make assumptions about the internal crypto | |
25 // library. Instead, return a ScopedSECKEYPrivateKey or have this function | |
26 // just return bool. https://crbug.com/478777 | |
27 NOTIMPLEMENTED(); | |
28 return nullptr; | |
29 #else | |
30 base::FilePath key_path = dir.AppendASCII(key_filename); | 22 base::FilePath key_path = dir.AppendASCII(key_filename); |
31 std::string key_pkcs8; | 23 std::string key_pkcs8; |
32 bool success = base::ReadFileToString(key_path, &key_pkcs8); | 24 bool success = base::ReadFileToString(key_path, &key_pkcs8); |
33 if (!success) { | 25 if (!success) { |
34 LOG(ERROR) << "Failed to read file " << key_path.value(); | 26 LOG(ERROR) << "Failed to read file " << key_path.value(); |
35 return scoped_ptr<crypto::RSAPrivateKey>(); | 27 return false; |
36 } | 28 } |
37 | 29 |
38 const uint8* key_pkcs8_begin = | 30 const uint8* key_pkcs8_begin = |
39 reinterpret_cast<const uint8*>(key_pkcs8.data()); | 31 reinterpret_cast<const uint8*>(key_pkcs8.data()); |
40 std::vector<uint8> key_vector(key_pkcs8_begin, | 32 std::vector<uint8> key_vector(key_pkcs8_begin, |
41 key_pkcs8_begin + key_pkcs8.length()); | 33 key_pkcs8_begin + key_pkcs8.length()); |
42 | 34 |
43 scoped_ptr<crypto::RSAPrivateKey> private_key( | 35 crypto::ScopedSECKEYPrivateKey private_key( |
44 crypto::RSAPrivateKey::CreateSensitiveFromPrivateKeyInfo(slot, | 36 crypto::ImportNSSKeyFromPrivateKeyInfo(slot, key_vector, |
45 key_vector)); | 37 true /* permanent */)); |
46 LOG_IF(ERROR, !private_key) << "Could not create key from file " | 38 LOG_IF(ERROR, !private_key) << "Could not create key from file " |
47 << key_path.value(); | 39 << key_path.value(); |
48 return private_key.Pass(); | 40 return private_key; |
49 #endif | |
50 } | 41 } |
51 | 42 |
52 bool ImportClientCertToSlot(const scoped_refptr<X509Certificate>& cert, | 43 bool ImportClientCertToSlot(const scoped_refptr<X509Certificate>& cert, |
53 PK11SlotInfo* slot) { | 44 PK11SlotInfo* slot) { |
54 std::string nickname = cert->GetDefaultNickname(USER_CERT); | 45 std::string nickname = cert->GetDefaultNickname(USER_CERT); |
55 { | 46 { |
56 crypto::AutoNSSWriteLock lock; | 47 crypto::AutoNSSWriteLock lock; |
57 SECStatus rv = PK11_ImportCert(slot, | 48 SECStatus rv = PK11_ImportCert(slot, |
58 cert->os_cert_handle(), | 49 cert->os_cert_handle(), |
59 CK_INVALID_HANDLE, | 50 CK_INVALID_HANDLE, |
(...skipping 27 matching lines...) Expand all Loading... |
87 if (!ImportClientCertToSlot(cert, slot)) | 78 if (!ImportClientCertToSlot(cert, slot)) |
88 return NULL; | 79 return NULL; |
89 | 80 |
90 // |cert| continues to point to the original X509Certificate before the | 81 // |cert| continues to point to the original X509Certificate before the |
91 // import to |slot|. However this should not make a difference as NSS handles | 82 // import to |slot|. However this should not make a difference as NSS handles |
92 // state globally. | 83 // state globally. |
93 return cert; | 84 return cert; |
94 } | 85 } |
95 | 86 |
96 } // namespace net | 87 } // namespace net |
OLD | NEW |