Chromium Code Reviews Chromium Code Reviews
Issue 17265013:
Remove platform-specific implementations of RSAPrivateKey and SignatureCreator (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/x509_util.h" | 5 #include "net/cert/x509_util.h" |
| 6 #include "net/cert/x509_util_nss.h" | 6 #include "net/cert/x509_util_nss.h" |
| 7 | 7 |
| 8 #include <cert.h> // Must be included before certdb.h | 8 #include <cert.h> // Must be included before certdb.h |
| 9 #include <certdb.h> | 9 #include <certdb.h> |
| 10 #include <cryptohi.h> | 10 #include <cryptohi.h> |
| 11 #include <nss.h> | 11 #include <nss.h> |
| 12 #include <pk11pub.h> | 12 #include <pk11pub.h> |
| 13 #include <prerror.h> | 13 #include <prerror.h> |
| 14 #include <secder.h> | 14 #include <secder.h> |
| 15 #include <secmod.h> | 15 #include <secmod.h> |
| 16 #include <secport.h> | 16 #include <secport.h> |
| 17 | 17 |
| 18 #include "base/debug/leak_annotations.h" | 18 #include "base/debug/leak_annotations.h" |
| 19 #include "base/logging.h" | 19 #include "base/logging.h" |
| 20 #include "base/memory/scoped_ptr.h" | 20 #include "base/memory/scoped_ptr.h" |
| 21 #include "base/memory/singleton.h" | 21 #include "base/memory/singleton.h" |
| 22 #include "base/pickle.h" | 22 #include "base/pickle.h" |
| 23 #include "base/strings/stringprintf.h" | 23 #include "base/strings/stringprintf.h" |
| 24 #include "crypto/ec_private_key.h" | 24 #include "crypto/ec_private_key.h" |
| 25 #include "crypto/nss_util.h" | 25 #include "crypto/nss_util.h" |
| 26 #include "crypto/nss_util_internal.h" | 26 #include "crypto/nss_util_internal.h" |
| 27 #include "crypto/rsa_private_key.h" | |
| 27 #include "crypto/scoped_nss_types.h" | 28 #include "crypto/scoped_nss_types.h" |
| 28 #include "crypto/third_party/nss/chromium-nss.h" | 29 #include "crypto/third_party/nss/chromium-nss.h" |
| 29 #include "net/cert/x509_certificate.h" | 30 #include "net/cert/x509_certificate.h" |
| 30 | 31 |
| 31 namespace net { | 32 namespace net { |
| 32 | 33 |
| 33 namespace { | 34 namespace { |
| 34 | 35 |
| 35 class DomainBoundCertOIDWrapper { | 36 class DomainBoundCertOIDWrapper { |
| 36 public: | 37 public: |
| (...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 175 DLOG(ERROR) << "DerSignData: " << PORT_GetError(); | 176 DLOG(ERROR) << "DerSignData: " << PORT_GetError(); |
| 176 return false; | 177 return false; |
| 177 } | 178 } |
| 178 | 179 |
| 179 // Save the signed result to the cert. | 180 // Save the signed result to the cert. |
| 180 cert->derCert = result; | 181 cert->derCert = result; |
| 181 | 182 |
| 182 return true; | 183 return true; |
| 183 } | 184 } |
| 184 | 185 |
| 186 CERTCertificate* CreateSelfSignedCertInternal( | |
| 187 SECKEYPublicKey* public_key, | |
| 188 SECKEYPrivateKey* private_key, | |
| 189 const std::string& subject, | |
| 190 uint32 serial_number, | |
| 191 base::Time not_valid_before, | |
| 192 base::Time not_valid_after) { | |
| 193 CERTCertificate* cert = CreateCertificate(public_key, | |
| 194 subject, | |
| 195 serial_number, | |
| 196 not_valid_before, | |
| 197 not_valid_after); | |
| 198 if (!cert) | |
| 199 return NULL; | |
| 200 | |
| 201 if (!SignCertificate(cert, private_key)) { | |
| 202 CERT_DestroyCertificate(cert); | |
| 203 return NULL; | |
| 204 } | |
| 205 | |
| 206 return cert; | |
| 207 } | |
| 208 | |
| 185 bool CreateDomainBoundCertInternal( | 209 bool CreateDomainBoundCertInternal( |
| 186 SECKEYPublicKey* public_key, | 210 SECKEYPublicKey* public_key, |
| 187 SECKEYPrivateKey* private_key, | 211 SECKEYPrivateKey* private_key, |
| 188 const std::string& domain, | 212 const std::string& domain, |
| 189 uint32 serial_number, | 213 uint32 serial_number, |
| 190 base::Time not_valid_before, | 214 base::Time not_valid_before, |
| 191 base::Time not_valid_after, | 215 base::Time not_valid_after, |
| 192 std::string* der_cert) { | 216 std::string* der_cert) { |
| 193 CERTCertificate* cert = CreateCertificate(public_key, | 217 CERTCertificate* cert = CreateCertificate(public_key, |
| 194 "CN=anonymous.invalid", | 218 "CN=anonymous.invalid", |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 305 | 329 |
| 306 return name.release(); | 330 return name.release(); |
| 307 } | 331 } |
| 308 | 332 |
| 309 #endif // defined(USE_NSS) || defined(OS_IOS) | 333 #endif // defined(USE_NSS) || defined(OS_IOS) |
| 310 | 334 |
| 311 } // namespace | 335 } // namespace |
| 312 | 336 |
| 313 namespace x509_util { | 337 namespace x509_util { |
| 314 | 338 |
| 315 CERTCertificate* CreateSelfSignedCert( | 339 bool CreateSelfSignedCert(crypto::RSAPrivateKey* key, |
| 316 SECKEYPublicKey* public_key, | 340 const std::string& common_name, |
| 317 SECKEYPrivateKey* private_key, | 341 uint32 serial_number, |
| 318 const std::string& subject, | 342 base::Time not_valid_before, |
| 319 uint32 serial_number, | 343 base::Time not_valid_after, |
| 320 base::Time not_valid_before, | 344 std::string* der_encoded) { |
| 321 base::Time not_valid_after) { | 345 CERTCertificate* cert = CreateSelfSignedCertInternal( |
|
wtc
2013/06/20 21:35:56
I think we can just inline CreateSelfSignedCertInt
| |
| 322 CERTCertificate* cert = CreateCertificate(public_key, | 346 key->public_key(), |
| 323 subject, | 347 key->key(), |
| 324 serial_number, | 348 common_name, |
| 325 not_valid_before, | 349 serial_number, |
| 326 not_valid_after); | 350 not_valid_before, |
| 351 not_valid_after); | |
| 327 if (!cert) | 352 if (!cert) |
| 328 return NULL; | 353 return false; |
| 329 | 354 |
| 330 if (!SignCertificate(cert, private_key)) { | 355 der_encoded->assign(reinterpret_cast<char*>(cert->derCert.data), |
| 331 CERT_DestroyCertificate(cert); | 356 cert->derCert.len); |
| 332 return NULL; | 357 CERT_DestroyCertificate(cert); |
| 333 } | 358 return true; |
| 334 | |
| 335 return cert; | |
| 336 } | 359 } |
| 337 | 360 |
| 338 bool IsSupportedValidityRange(base::Time not_valid_before, | 361 bool IsSupportedValidityRange(base::Time not_valid_before, |
| 339 base::Time not_valid_after) { | 362 base::Time not_valid_after) { |
| 340 CERTValidity* validity = CERT_CreateValidity( | 363 CERTValidity* validity = CERT_CreateValidity( |
| 341 crypto::BaseTimeToPRTime(not_valid_before), | 364 crypto::BaseTimeToPRTime(not_valid_before), |
| 342 crypto::BaseTimeToPRTime(not_valid_after)); | 365 crypto::BaseTimeToPRTime(not_valid_after)); |
| 343 | 366 |
| 344 if (!validity) | 367 if (!validity) |
| 345 return false; | 368 return false; |
| 346 | 369 |
| 347 CERT_DestroyValidity(validity); | 370 CERT_DestroyValidity(validity); |
| 348 return true; | 371 return true; |
| 349 } | 372 } |
| 350 | 373 |
| 351 bool CreateDomainBoundCertEC( | 374 bool CreateDomainBoundCertEC( |
| 352 crypto::ECPrivateKey* key, | 375 crypto::ECPrivateKey* key, |
| 353 const std::string& domain, | 376 const std::string& domain, |
| 354 uint32 serial_number, | 377 uint32 serial_number, |
| 355 base::Time not_valid_before, | 378 base::Time not_valid_before, |
| 356 base::Time not_valid_after, | 379 base::Time not_valid_after, |
| 357 std::string* der_cert) { | 380 std::string* der_cert) { |
| 358 DCHECK(key); | 381 DCHECK(key); |
| 359 return CreateDomainBoundCertInternal(key->public_key(), | 382 return CreateDomainBoundCertInternal(key->public_key(), |
|
wtc
2013/06/20 21:35:56
CreateDomainBoundCertInternal is only used here. I
| |
| 360 key->key(), | 383 key->key(), |
| 361 domain, | 384 domain, |
| 362 serial_number, | 385 serial_number, |
| 363 not_valid_before, | 386 not_valid_before, |
| 364 not_valid_after, | 387 not_valid_after, |
| 365 der_cert); | 388 der_cert); |
| 366 } | 389 } |
| 367 | 390 |
| 368 #if defined(USE_NSS) || defined(OS_IOS) | 391 #if defined(USE_NSS) || defined(OS_IOS) |
| 369 void ParsePrincipal(CERTName* name, CertPrincipal* principal) { | 392 void ParsePrincipal(CERTName* name, CertPrincipal* principal) { |
| (...skipping 256 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 626 } | 649 } |
| 627 | 650 |
| 628 return new_name; | 651 return new_name; |
| 629 } | 652 } |
| 630 | 653 |
| 631 #endif // defined(USE_NSS) || defined(OS_IOS) | 654 #endif // defined(USE_NSS) || defined(OS_IOS) |
| 632 | 655 |
| 633 } // namespace x509_util | 656 } // namespace x509_util |
| 634 | 657 |
| 635 } // namespace net | 658 } // namespace net |
| OLD | NEW |
