Remove platform-specific implementations of RSAPrivateKey and SignatureCreator

net/cert/x509_certificate_mac.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/x509_certificate.h"
 
 #include <CommonCrypto/CommonDigest.h>
 #include <CoreServices/CoreServices.h>
 #include <Security/Security.h>
 
 #include <cert.h>
 
 #include <vector>
 
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/mac/mac_logging.h"
 #include "base/mac/scoped_cftyperef.h"
 #include "base/memory/singleton.h"
 #include "base/pickle.h"
 #include "base/sha1.h"
 #include "base/strings/string_piece.h"
 #include "base/strings/sys_string_conversions.h"
 #include "base/synchronization/lock.h"
 #include "crypto/cssm_init.h"
 #include "crypto/mac_security_services_lock.h"
 #include "crypto/nss_util.h"
-#include "crypto/rsa_private_key.h"
 #include "net/cert/x509_util_mac.h"
 
 using base::ScopedCFTypeRef;
 using base::Time;
 
 namespace net {
 
 namespace {
 
 void GetCertDistinguishedName(
@@ skipping 280 matching lines @@
     return true;
 
   for (OSCertHandles::iterator it = intermediate_ca_certs_.begin();
        it != intermediate_ca_certs_.end(); ++it) {
     if (IsCertIssuerInEncodedList(*it, valid_issuers))
       return true;
   }
   return false;
 }
 
-// static
-X509Certificate* X509Certificate::CreateSelfSigned(
-    crypto::RSAPrivateKey* key,
-    const std::string& subject,
-    uint32 serial_number,
-    base::TimeDelta valid_duration) {
-  DCHECK(key);
-  DCHECK(!subject.empty());
-
-  if (valid_duration.InSeconds() > kuint32max) {
-     LOG(ERROR) << "valid_duration too big " << valid_duration.InSeconds();
-     valid_duration = base::TimeDelta::FromSeconds(kuint32max);
-  }
-
-  // There is a comment in
-  // http://www.opensource.apple.com/source/security_certtool/security_certtool-31828/src/CertTool.cpp
-  // that serial_numbers being passed into CSSM_TP_SubmitCredRequest can't have
-  // their high bit set. We will continue though and mask it out below.
-  if (serial_number & 0x80000000)
-    LOG(ERROR) << "serial_number has high bit set " << serial_number;
-
-  // NSS is used to parse the subject string into a set of
-  // CSSM_OID/string pairs. There doesn't appear to be a system routine for
-  // parsing Distinguished Name strings.
-  crypto::EnsureNSSInit();
-
-  CSSMOIDStringVector subject_name_oids;
-  ScopedCertName subject_name(
-      CERT_AsciiToName(const_cast<char*>(subject.c_str())));
-  if (!CERTNameToCSSMOIDVector(subject_name, &subject_name_oids)) {
-    DLOG(ERROR) << "Unable to generate CSSMOIDMap from " << subject;
-    return NULL;
-  }
-
-  // Convert the map of oid/string pairs into an array of
-  // CSSM_APPLE_TP_NAME_OIDs.
-  std::vector<CSSM_APPLE_TP_NAME_OID> cssm_subject_names;
-  for (CSSMOIDStringVector::iterator iter = subject_name_oids.begin();
-      iter != subject_name_oids.end(); ++iter) {
-    CSSM_APPLE_TP_NAME_OID cssm_subject_name;
-    cssm_subject_name.oid = iter->oid_;
-    cssm_subject_name.string = iter->string_.c_str();
-    cssm_subject_names.push_back(cssm_subject_name);
-  }
-
-  if (cssm_subject_names.empty()) {
-    DLOG(ERROR) << "cssm_subject_names.size() == 0. Input: " << subject;
-    return NULL;
-  }
-
-  // Set up a certificate request.
-  CSSM_APPLE_TP_CERT_REQUEST certReq;
-  memset(&certReq, 0, sizeof(certReq));
-  certReq.cspHand = crypto::GetSharedCSPHandle();
-  certReq.clHand = crypto::GetSharedCLHandle();
-    // See comment about serial numbers above.
-  certReq.serialNumber = serial_number & 0x7fffffff;
-  certReq.numSubjectNames = cssm_subject_names.size();
-  certReq.subjectNames = &cssm_subject_names[0];
-  certReq.numIssuerNames = 0;  // Root.
-  certReq.issuerNames = NULL;
-  certReq.issuerNameX509 = NULL;
-  certReq.certPublicKey = key->public_key();
-  certReq.issuerPrivateKey = key->key();
-  // These are the Apple defaults.
-  certReq.signatureAlg = CSSM_ALGID_SHA1WithRSA;
-  certReq.signatureOid = CSSMOID_SHA1WithRSA;
-  certReq.notBefore = 0;
-  certReq.notAfter = static_cast<uint32>(valid_duration.InSeconds());
-  certReq.numExtensions = 0;
-  certReq.extensions = NULL;
-  certReq.challengeString = NULL;
-
-  CSSM_TP_REQUEST_SET reqSet;
-  reqSet.NumberOfRequests = 1;
-  reqSet.Requests = &certReq;
-
-  CSSM_FIELD policyId;
-  memset(&policyId, 0, sizeof(policyId));
-  policyId.FieldOid = CSSMOID_APPLE_TP_LOCAL_CERT_GEN;
-
-  CSSM_TP_CALLERAUTH_CONTEXT callerAuthContext;
-  memset(&callerAuthContext, 0, sizeof(callerAuthContext));
-  callerAuthContext.Policy.NumberOfPolicyIds = 1;
-  callerAuthContext.Policy.PolicyIds = &policyId;
-
-  CSSM_TP_HANDLE tp_handle = crypto::GetSharedTPHandle();
-  CSSM_DATA refId;
-  memset(&refId, 0, sizeof(refId));
-  sint32 estTime;
-  CSSM_RETURN crtn = CSSM_TP_SubmitCredRequest(tp_handle, NULL,
-      CSSM_TP_AUTHORITY_REQUEST_CERTISSUE, &reqSet, &callerAuthContext,
-       &estTime, &refId);
-  if (crtn) {
-    DLOG(ERROR) << "CSSM_TP_SubmitCredRequest failed " << crtn;
-    return NULL;
-  }
-
-  CSSM_BOOL confirmRequired;
-  CSSM_TP_RESULT_SET* resultSet = NULL;
-  crtn = CSSM_TP_RetrieveCredResult(tp_handle, &refId, NULL, &estTime,
-                                    &confirmRequired, &resultSet);
-  ScopedEncodedCertResults scopedResults(resultSet);
-  crypto::CSSMFree(refId.Data);
-  if (crtn) {
-    DLOG(ERROR) << "CSSM_TP_RetrieveCredResult failed " << crtn;
-    return NULL;
-  }
-
-  if (confirmRequired) {
-    // Potential leak here of resultSet. |confirmRequired| should never be
-    // true.
-    DLOG(ERROR) << "CSSM_TP_RetrieveCredResult required confirmation";
-    return NULL;
-  }
-
-  if (resultSet->NumberOfResults != 1) {
-     DLOG(ERROR) << "Unexpected number of results: "
-                 << resultSet->NumberOfResults;
-    return NULL;
-  }
-
-  CSSM_ENCODED_CERT* encCert =
-      reinterpret_cast<CSSM_ENCODED_CERT*>(resultSet->Results);
-  ScopedCFTypeRef<SecCertificateRef> scoped_cert;
-  SecCertificateRef certificate_ref = NULL;
-  OSStatus os_status =
-      SecCertificateCreateFromData(&encCert->CertBlob, encCert->CertType,
-                                   encCert->CertEncoding, &certificate_ref);
-  if (os_status != 0) {
-    OSSTATUS_DLOG(ERROR, os_status) << "SecCertificateCreateFromData failed";
-    return NULL;
-  }
-  scoped_cert.reset(certificate_ref);
-
-  return CreateFromHandle(scoped_cert, X509Certificate::OSCertHandles());
-}
-
 void X509Certificate::GetSubjectAltName(
     std::vector<std::string>* dns_names,
     std::vector<std::string>* ip_addrs) const {
   if (dns_names)
     dns_names->clear();
   if (ip_addrs)
     ip_addrs->clear();
 
   x509_util::CSSMCachedCertificate cached_cert;
   OSStatus status = cached_cert.Init(cert_handle_);
@@ skipping 264 matching lines @@
       *type = kPublicKeyTypeDH;
       break;
     default:
       *type = kPublicKeyTypeUnknown;
       *size_bits = 0;
       break;
   }
 }
 
 }  // namespace net