Resolve certificate references in ONC by PEM.

net/cert/x509_certificate.cc

Index: net/cert/x509_certificate.cc
diff --git a/net/cert/x509_certificate.cc b/net/cert/x509_certificate.cc
index 942078b5d5a390c492ce83a9a790a062bd7cc75a..63e7e5cbdb51e5e1b2dddacff5a04042fdf654f1 100644
--- a/net/cert/x509_certificate.cc
+++ b/net/cert/x509_certificate.cc
@@ -216,6 +216,33 @@ void SplitOnChar(const base::StringPiece& src,
   }
 }
 
+// Returns the PEM encoded data from an OSCertHandle. If the return value is
+// true, then the PEM encoded certificate is written to |pem_encoded|.
+bool GetPEMEncoded(X509Certificate::OSCertHandle cert_handle,
+                   std::string* pem_encoded) {
+  std::string der_encoded;
+  if (!X509Certificate::GetDEREncoded(cert_handle, &der_encoded) ||
+      der_encoded.empty()) {
+    return false;
+  }
+  std::string b64_encoded;
+  if (!base::Base64Encode(der_encoded, &b64_encoded) || b64_encoded.empty())
+    return false;
+  *pem_encoded = "-----BEGIN CERTIFICATE-----\n";
+
+  // Divide the Base-64 encoded data into 64-character chunks, as per
+  // 4.3.2.4 of RFC 1421.
+  static const size_t kChunkSize = 64;
+  size_t chunks = (b64_encoded.size() + (kChunkSize - 1)) / kChunkSize;
+  for (size_t i = 0, chunk_offset = 0; i < chunks;
+       ++i, chunk_offset += kChunkSize) {
+    pem_encoded->append(b64_encoded, chunk_offset, kChunkSize);
+    pem_encoded->append("\n");
+  }
+  pem_encoded->append("-----END CERTIFICATE-----\n");
+  return true;
+}
+
 }  // namespace
 
 bool X509Certificate::LessThan::operator()(X509Certificate* lhs,
@@ -654,39 +681,19 @@ bool X509Certificate::VerifyNameMatch(const std::string& hostname) const {
   return VerifyHostname(hostname, subject_.common_name, dns_names, ip_addrs);
 }
 
-// static
-bool X509Certificate::GetPEMEncoded(OSCertHandle cert_handle,
-                                    std::string* pem_encoded) {
-  std::string der_encoded;
-  if (!GetDEREncoded(cert_handle, &der_encoded) || der_encoded.empty())
-    return false;
-  std::string b64_encoded;
-  if (!base::Base64Encode(der_encoded, &b64_encoded) || b64_encoded.empty())
-    return false;
-  *pem_encoded = "-----BEGIN CERTIFICATE-----\n";
-
-  // Divide the Base-64 encoded data into 64-character chunks, as per
-  // 4.3.2.4 of RFC 1421.
-  static const size_t kChunkSize = 64;
-  size_t chunks = (b64_encoded.size() + (kChunkSize - 1)) / kChunkSize;
-  for (size_t i = 0, chunk_offset = 0; i < chunks;
-       ++i, chunk_offset += kChunkSize) {
-    pem_encoded->append(b64_encoded, chunk_offset, kChunkSize);
-    pem_encoded->append("\n");
-  }
-  pem_encoded->append("-----END CERTIFICATE-----\n");
-  return true;
+bool X509Certificate::GetPEMEncoded(std::string* pem_encoded) const {
+  return net::GetPEMEncoded(os_cert_handle(), pem_encoded);

[Mattias Nissler (ping if slow), 2013/06/14 12:56:44]

net qualifier not needed?

[pneubeck (no reviews), 2013/06/21 12:53:56]

Otherwise, GCC doesn't resolve to the function in the anonymous namespace.

 }
 
 bool X509Certificate::GetPEMEncodedChain(
     std::vector<std::string>* pem_encoded) const {
   std::vector<std::string> encoded_chain;
   std::string pem_data;
-  if (!GetPEMEncoded(os_cert_handle(), &pem_data))
+  if (!GetPEMEncoded(&pem_data))
     return false;
   encoded_chain.push_back(pem_data);
   for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {
-    if (!GetPEMEncoded(intermediate_ca_certs_[i], &pem_data))
+    if (!net::GetPEMEncoded(intermediate_ca_certs_[i], &pem_data))

[Mattias Nissler (ping if slow), 2013/06/14 12:56:44]

no need for the net qualifier?

[pneubeck (no reviews), 2013/06/21 12:53:56]

ditto.

       return false;
     encoded_chain.push_back(pem_data);
   }