| Index: net/third_party/mozilla_security_manager/nsKeygenHandler.cpp
|
| diff --git a/net/third_party/mozilla_security_manager/nsKeygenHandler.cpp b/net/third_party/mozilla_security_manager/nsKeygenHandler.cpp
|
| deleted file mode 100644
|
| index 51d15bd042667844e2db8cfd571221e05e61ee79..0000000000000000000000000000000000000000
|
| --- a/net/third_party/mozilla_security_manager/nsKeygenHandler.cpp
|
| +++ /dev/null
|
| @@ -1,257 +0,0 @@
|
| -/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
| - *
|
| - * ***** BEGIN LICENSE BLOCK *****
|
| - * Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
| - *
|
| - * The contents of this file are subject to the Mozilla Public License Version
|
| - * 1.1 (the "License"); you may not use this file except in compliance with
|
| - * the License. You may obtain a copy of the License at
|
| - * http://www.mozilla.org/MPL/
|
| - *
|
| - * Software distributed under the License is distributed on an "AS IS" basis,
|
| - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
| - * for the specific language governing rights and limitations under the
|
| - * License.
|
| - *
|
| - * The Original Code is mozilla.org code.
|
| - *
|
| - * The Initial Developer of the Original Code is
|
| - * Netscape Communications Corporation.
|
| - * Portions created by the Initial Developer are Copyright (C) 1998
|
| - * the Initial Developer. All Rights Reserved.
|
| - *
|
| - * Contributor(s):
|
| - * Vipul Gupta <vipul.gupta@sun.com>
|
| - * Douglas Stebila <douglas@stebila.ca>
|
| - *
|
| - * Alternatively, the contents of this file may be used under the terms of
|
| - * either the GNU General Public License Version 2 or later (the "GPL"), or
|
| - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
| - * in which case the provisions of the GPL or the LGPL are applicable instead
|
| - * of those above. If you wish to allow use of your version of this file only
|
| - * under the terms of either the GPL or the LGPL, and not to allow others to
|
| - * use your version of this file under the terms of the MPL, indicate your
|
| - * decision by deleting the provisions above and replace them with the notice
|
| - * and other provisions required by the GPL or the LGPL. If you do not delete
|
| - * the provisions above, a recipient may use your version of this file under
|
| - * the terms of any one of the MPL, the GPL or the LGPL.
|
| - *
|
| - * ***** END LICENSE BLOCK ***** */
|
| -
|
| -#include "net/third_party/mozilla_security_manager/nsKeygenHandler.h"
|
| -
|
| -#include <pk11pub.h>
|
| -#include <prerror.h> // PR_GetError()
|
| -#include <secmod.h>
|
| -#include <secder.h> // DER_Encode()
|
| -#include <cryptohi.h> // SEC_DerSignData()
|
| -#include <keyhi.h> // SECKEY_CreateSubjectPublicKeyInfo()
|
| -
|
| -#include "base/base64.h"
|
| -#include "base/logging.h"
|
| -#include "crypto/nss_util.h"
|
| -#include "url/gurl.h"
|
| -
|
| -namespace {
|
| -
|
| -// Template for creating the signed public key structure to be sent to the CA.
|
| -DERTemplate SECAlgorithmIDTemplate[] = {
|
| - { DER_SEQUENCE,
|
| - 0, NULL, sizeof(SECAlgorithmID) },
|
| - { DER_OBJECT_ID,
|
| - offsetof(SECAlgorithmID, algorithm), },
|
| - { DER_OPTIONAL | DER_ANY,
|
| - offsetof(SECAlgorithmID, parameters), },
|
| - { 0, }
|
| -};
|
| -
|
| -DERTemplate CERTSubjectPublicKeyInfoTemplate[] = {
|
| - { DER_SEQUENCE,
|
| - 0, NULL, sizeof(CERTSubjectPublicKeyInfo) },
|
| - { DER_INLINE,
|
| - offsetof(CERTSubjectPublicKeyInfo, algorithm),
|
| - SECAlgorithmIDTemplate, },
|
| - { DER_BIT_STRING,
|
| - offsetof(CERTSubjectPublicKeyInfo, subjectPublicKey), },
|
| - { 0, }
|
| -};
|
| -
|
| -DERTemplate CERTPublicKeyAndChallengeTemplate[] = {
|
| - { DER_SEQUENCE,
|
| - 0, NULL, sizeof(CERTPublicKeyAndChallenge) },
|
| - { DER_ANY,
|
| - offsetof(CERTPublicKeyAndChallenge, spki), },
|
| - { DER_IA5_STRING,
|
| - offsetof(CERTPublicKeyAndChallenge, challenge), },
|
| - { 0, }
|
| -};
|
| -
|
| -} // namespace
|
| -
|
| -namespace mozilla_security_manager {
|
| -
|
| -// This function is based on the nsKeygenFormProcessor::GetPublicKey function
|
| -// in mozilla/security/manager/ssl/src/nsKeygenHandler.cpp.
|
| -std::string GenKeyAndSignChallenge(int key_size_in_bits,
|
| - const std::string& challenge,
|
| - const GURL& url,
|
| - PK11SlotInfo* slot,
|
| - bool stores_key) {
|
| - // Key pair generation mechanism - only RSA is supported at present.
|
| - PRUint32 keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; // from nss/pkcs11t.h
|
| -
|
| - // Temporary structures used for generating the result
|
| - // in the right format.
|
| - PK11RSAGenParams rsaKeyGenParams; // Keygen parameters.
|
| - SECOidTag algTag; // used by SEC_DerSignData().
|
| - SECKEYPrivateKey *privateKey = NULL;
|
| - SECKEYPublicKey *publicKey = NULL;
|
| - CERTSubjectPublicKeyInfo *spkInfo = NULL;
|
| - PLArenaPool *arena = NULL;
|
| - SECStatus sec_rv =SECFailure;
|
| - SECItem spkiItem;
|
| - SECItem pkacItem;
|
| - SECItem signedItem;
|
| - CERTPublicKeyAndChallenge pkac;
|
| - void *keyGenParams;
|
| - bool isSuccess = true; // Set to false as soon as a step fails.
|
| -
|
| - std::string result_blob; // the result.
|
| -
|
| - switch (keyGenMechanism) {
|
| - case CKM_RSA_PKCS_KEY_PAIR_GEN:
|
| - rsaKeyGenParams.keySizeInBits = key_size_in_bits;
|
| - rsaKeyGenParams.pe = DEFAULT_RSA_KEYGEN_PE;
|
| - keyGenParams = &rsaKeyGenParams;
|
| -
|
| - algTag = DEFAULT_RSA_KEYGEN_ALG;
|
| - break;
|
| - default:
|
| - // TODO(gauravsh): If we ever support other mechanisms,
|
| - // this can be changed.
|
| - LOG(ERROR) << "Only RSA keygen mechanism is supported";
|
| - isSuccess = false;
|
| - goto failure;
|
| - }
|
| -
|
| - VLOG(1) << "Creating key pair...";
|
| - {
|
| - crypto::AutoNSSWriteLock lock;
|
| - privateKey = PK11_GenerateKeyPair(slot,
|
| - keyGenMechanism,
|
| - keyGenParams,
|
| - &publicKey,
|
| - PR_TRUE, // isPermanent?
|
| - PR_TRUE, // isSensitive?
|
| - NULL);
|
| - }
|
| - VLOG(1) << "done.";
|
| -
|
| - if (!privateKey) {
|
| - LOG(ERROR) << "Generation of Keypair failed!";
|
| - isSuccess = false;
|
| - goto failure;
|
| - }
|
| -
|
| - // Set friendly names for the keys.
|
| - if (url.has_host()) {
|
| - // TODO(davidben): Use something like "Key generated for
|
| - // example.com", but localize it.
|
| - const std::string& label = url.host();
|
| - {
|
| - crypto::AutoNSSWriteLock lock;
|
| - PK11_SetPublicKeyNickname(publicKey, label.c_str());
|
| - PK11_SetPrivateKeyNickname(privateKey, label.c_str());
|
| - }
|
| - }
|
| -
|
| - // The CA expects the signed public key in a specific format
|
| - // Let's create that now.
|
| -
|
| - // Create a subject public key info from the public key.
|
| - spkInfo = SECKEY_CreateSubjectPublicKeyInfo(publicKey);
|
| - if (!spkInfo) {
|
| - LOG(ERROR) << "Couldn't create SubjectPublicKeyInfo from public key";
|
| - isSuccess = false;
|
| - goto failure;
|
| - }
|
| -
|
| - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
| - if (!arena) {
|
| - LOG(ERROR) << "PORT_NewArena: Couldn't allocate memory";
|
| - isSuccess = false;
|
| - goto failure;
|
| - }
|
| -
|
| - // DER encode the whole subjectPublicKeyInfo.
|
| - sec_rv = DER_Encode(arena, &spkiItem, CERTSubjectPublicKeyInfoTemplate,
|
| - spkInfo);
|
| - if (SECSuccess != sec_rv) {
|
| - LOG(ERROR) << "Couldn't DER Encode subjectPublicKeyInfo";
|
| - isSuccess = false;
|
| - goto failure;
|
| - }
|
| -
|
| - // Set up the PublicKeyAndChallenge data structure, then DER encode it.
|
| - pkac.spki = spkiItem;
|
| - pkac.challenge.type = siBuffer;
|
| - pkac.challenge.len = challenge.length();
|
| - pkac.challenge.data = (unsigned char *)challenge.data();
|
| - sec_rv = DER_Encode(arena, &pkacItem, CERTPublicKeyAndChallengeTemplate,
|
| - &pkac);
|
| - if (SECSuccess != sec_rv) {
|
| - LOG(ERROR) << "Couldn't DER Encode PublicKeyAndChallenge";
|
| - isSuccess = false;
|
| - goto failure;
|
| - }
|
| -
|
| - // Sign the DER encoded PublicKeyAndChallenge.
|
| - sec_rv = SEC_DerSignData(arena, &signedItem, pkacItem.data, pkacItem.len,
|
| - privateKey, algTag);
|
| - if (SECSuccess != sec_rv) {
|
| - LOG(ERROR) << "Couldn't sign the DER encoded PublicKeyandChallenge";
|
| - isSuccess = false;
|
| - goto failure;
|
| - }
|
| -
|
| - // Convert the signed public key and challenge into base64/ascii.
|
| - base::Base64Encode(base::StringPiece(reinterpret_cast<char*>(signedItem.data),
|
| - signedItem.len),
|
| - &result_blob);
|
| -
|
| - failure:
|
| - if (!isSuccess) {
|
| - LOG(ERROR) << "SSL Keygen failed! (NSS error code " << PR_GetError() << ")";
|
| - } else {
|
| - VLOG(1) << "SSL Keygen succeeded!";
|
| - }
|
| -
|
| - // Do cleanups
|
| - if (privateKey) {
|
| - // On successful keygen we need to keep the private key, of course,
|
| - // or we won't be able to use the client certificate.
|
| - if (!isSuccess || !stores_key) {
|
| - crypto::AutoNSSWriteLock lock;
|
| - PK11_DestroyTokenObject(privateKey->pkcs11Slot, privateKey->pkcs11ID);
|
| - }
|
| - SECKEY_DestroyPrivateKey(privateKey);
|
| - }
|
| -
|
| - if (publicKey) {
|
| - if (!isSuccess || !stores_key) {
|
| - crypto::AutoNSSWriteLock lock;
|
| - PK11_DestroyTokenObject(publicKey->pkcs11Slot, publicKey->pkcs11ID);
|
| - }
|
| - SECKEY_DestroyPublicKey(publicKey);
|
| - }
|
| - if (spkInfo) {
|
| - SECKEY_DestroySubjectPublicKeyInfo(spkInfo);
|
| - }
|
| - if (arena) {
|
| - PORT_FreeArena(arena, PR_TRUE);
|
| - }
|
| -
|
| - return (isSuccess ? result_blob : std::string());
|
| -}
|
| -
|
| -} // namespace mozilla_security_manager
|
|
|
Chromium Code Reviews
Issue 2536993002:
Remove support for the keygen tag (Closed)
