Index: net/cert/x509_util_nss.cc |
diff --git a/net/cert/x509_util_nss.cc b/net/cert/x509_util_nss.cc |
deleted file mode 100644 |
index db6a97ae2aedcea0b3e16a40d2f9b564db18b18c..0000000000000000000000000000000000000000 |
--- a/net/cert/x509_util_nss.cc |
+++ /dev/null |
@@ -1,191 +0,0 @@ |
-// Copyright (c) 2012 The Chromium Authors. All rights reserved. |
davidben
2016/04/18 19:36:45
Should we rename x509_util_nss_certs.cc to x509_ut
svaldez
2016/04/18 20:21:39
Done.
|
-// Use of this source code is governed by a BSD-style license that can be |
-// found in the LICENSE file. |
- |
-#include "net/cert/x509_util.h" |
-#include "net/cert/x509_util_nss.h" |
- |
-#include <cert.h> // Must be included before certdb.h |
-#include <certdb.h> |
-#include <cryptohi.h> |
-#include <nss.h> |
-#include <pk11pub.h> |
-#include <prerror.h> |
-#include <secder.h> |
-#include <secmod.h> |
-#include <secport.h> |
- |
-#include "base/debug/leak_annotations.h" |
-#include "base/logging.h" |
-#include "base/memory/scoped_ptr.h" |
-#include "base/memory/singleton.h" |
-#include "base/pickle.h" |
-#include "base/strings/stringprintf.h" |
-#include "crypto/ec_private_key.h" |
-#include "crypto/nss_util.h" |
-#include "crypto/nss_util_internal.h" |
-#include "crypto/rsa_private_key.h" |
-#include "crypto/scoped_nss_types.h" |
-#include "crypto/third_party/nss/chromium-nss.h" |
-#include "net/cert/x509_certificate.h" |
- |
-namespace net { |
- |
-namespace { |
- |
-// Creates a Certificate object that may be passed to the SignCertificate |
-// method to generate an X509 certificate. |
-// Returns NULL if an error is encountered in the certificate creation |
-// process. |
-// Caller responsible for freeing returned certificate object. |
-CERTCertificate* CreateCertificate(SECKEYPublicKey* public_key, |
- const std::string& subject, |
- uint32_t serial_number, |
- base::Time not_valid_before, |
- base::Time not_valid_after) { |
- // Create info about public key. |
- CERTSubjectPublicKeyInfo* spki = |
- SECKEY_CreateSubjectPublicKeyInfo(public_key); |
- if (!spki) |
- return NULL; |
- |
- // Create the certificate request. |
- CERTName* subject_name = |
- CERT_AsciiToName(const_cast<char*>(subject.c_str())); |
- CERTCertificateRequest* cert_request = |
- CERT_CreateCertificateRequest(subject_name, spki, NULL); |
- SECKEY_DestroySubjectPublicKeyInfo(spki); |
- |
- if (!cert_request) { |
- PRErrorCode prerr = PR_GetError(); |
- LOG(ERROR) << "Failed to create certificate request: " << prerr; |
- CERT_DestroyName(subject_name); |
- return NULL; |
- } |
- |
- CERTValidity* validity = CERT_CreateValidity( |
- crypto::BaseTimeToPRTime(not_valid_before), |
- crypto::BaseTimeToPRTime(not_valid_after)); |
- if (!validity) { |
- PRErrorCode prerr = PR_GetError(); |
- LOG(ERROR) << "Failed to create certificate validity object: " << prerr; |
- CERT_DestroyName(subject_name); |
- CERT_DestroyCertificateRequest(cert_request); |
- return NULL; |
- } |
- CERTCertificate* cert = CERT_CreateCertificate(serial_number, subject_name, |
- validity, cert_request); |
- if (!cert) { |
- PRErrorCode prerr = PR_GetError(); |
- LOG(ERROR) << "Failed to create certificate: " << prerr; |
- } |
- |
- // Cleanup for resources used to generate the cert. |
- CERT_DestroyName(subject_name); |
- CERT_DestroyValidity(validity); |
- CERT_DestroyCertificateRequest(cert_request); |
- |
- return cert; |
-} |
- |
-SECOidTag ToSECOid(x509_util::DigestAlgorithm alg) { |
- switch (alg) { |
- case x509_util::DIGEST_SHA1: |
- return SEC_OID_SHA1; |
- case x509_util::DIGEST_SHA256: |
- return SEC_OID_SHA256; |
- } |
- return SEC_OID_UNKNOWN; |
-} |
- |
-// Signs a certificate object, with |key| generating a new X509Certificate |
-// and destroying the passed certificate object (even when NULL is returned). |
-// The logic of this method references SignCert() in NSS utility certutil: |
-// http://mxr.mozilla.org/security/ident?i=SignCert. |
-// Returns true on success or false if an error is encountered in the |
-// certificate signing process. |
-bool SignCertificate( |
- CERTCertificate* cert, |
- SECKEYPrivateKey* key, |
- SECOidTag hash_algorithm) { |
- // |arena| is used to encode the cert. |
- PLArenaPool* arena = cert->arena; |
- SECOidTag algo_id = SEC_GetSignatureAlgorithmOidTag(key->keyType, |
- hash_algorithm); |
- if (algo_id == SEC_OID_UNKNOWN) |
- return false; |
- |
- SECStatus rv = SECOID_SetAlgorithmID(arena, &cert->signature, algo_id, 0); |
- if (rv != SECSuccess) |
- return false; |
- |
- // Generate a cert of version 3. |
- *(cert->version.data) = 2; |
- cert->version.len = 1; |
- |
- SECItem der = { siBuffer, NULL, 0 }; |
- |
- // Use ASN1 DER to encode the cert. |
- void* encode_result = SEC_ASN1EncodeItem( |
- NULL, &der, cert, SEC_ASN1_GET(CERT_CertificateTemplate)); |
- if (!encode_result) |
- return false; |
- |
- // Allocate space to contain the signed cert. |
- SECItem result = { siBuffer, NULL, 0 }; |
- |
- // Sign the ASN1 encoded cert and save it to |result|. |
- rv = DerSignData(arena, &result, &der, key, algo_id); |
- PORT_Free(der.data); |
- if (rv != SECSuccess) { |
- DLOG(ERROR) << "DerSignData: " << PORT_GetError(); |
- return false; |
- } |
- |
- // Save the signed result to the cert. |
- cert->derCert = result; |
- |
- return true; |
-} |
- |
-} // namespace |
- |
-namespace x509_util { |
- |
-bool CreateSelfSignedCert(crypto::RSAPrivateKey* key, |
- DigestAlgorithm alg, |
- const std::string& subject, |
- uint32_t serial_number, |
- base::Time not_valid_before, |
- base::Time not_valid_after, |
- std::string* der_cert) { |
- DCHECK(key); |
- DCHECK(!strncmp(subject.c_str(), "CN=", 3U)); |
- CERTCertificate* cert = CreateCertificate(key->public_key(), |
- subject, |
- serial_number, |
- not_valid_before, |
- not_valid_after); |
- if (!cert) |
- return false; |
- |
- if (!SignCertificate(cert, key->key(), ToSECOid(alg))) { |
- CERT_DestroyCertificate(cert); |
- return false; |
- } |
- |
- der_cert->assign(reinterpret_cast<char*>(cert->derCert.data), |
- cert->derCert.len); |
- CERT_DestroyCertificate(cert); |
- return true; |
-} |
- |
-bool GetTLSServerEndPointChannelBinding(const X509Certificate& certificate, |
- std::string* token) { |
- NOTIMPLEMENTED(); |
- return false; |
-} |
- |
-} // namespace x509_util |
- |
-} // namespace net |