Implemented profile-aware owner key loading.

crypto/rsa_private_key_nss.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "crypto/rsa_private_key.h"
 
 #include <cryptohi.h>
 #include <keyhi.h>
 #include <pk11pub.h>
 #include <secmod.h>
@@ skipping 20 matching lines @@
   if (rv != SECSuccess) {
     NOTREACHED();
     return false;
   }
 
   output->assign(item.data, item.data + item.len);
   SECITEM_FreeItem(&item, PR_FALSE);
   return true;
 }
 
+#if defined(USE_NSS)
+struct PublicKeyInfoDeleter {
+  inline void operator()(CERTSubjectPublicKeyInfo* spki) {
+    SECKEY_DestroySubjectPublicKeyInfo(spki);
+  }
+};
+
+typedef scoped_ptr<CERTSubjectPublicKeyInfo, PublicKeyInfoDeleter>
+    ScopedPublicKeyInfo;
+
+// The function decodes RSA public key from the |input|. The caller
+// takes ownership of the returned value.

[wtc, 2014/05/19 17:23:54]

Nit: I think it is OK to not document the return value now that you switched to
returning a scoped type. Up to you.

[ygorshenin1, 2014/05/20 07:53:50]

Done.

[wtc, 2014/05/20 16:46:39]

Nit: I think we can keep the "The function decodes RSA public key from the
|input|." part of the comment.

[ygorshenin1, 2014/05/20 17:01:34]

Done.

+crypto::ScopedSECKEYPublicKey GetRSAPublicKey(const std::vector<uint8>& input) {
+  // First, decode and save the public key.
+  SECItem key_der;
+  key_der.type = siBuffer;
+  key_der.data = const_cast<unsigned char*>(&input[0]);
+  key_der.len = input.size();
+
+  ScopedPublicKeyInfo spki(SECKEY_DecodeDERSubjectPublicKeyInfo(&key_der));
+  if (!spki)
+    return crypto::ScopedSECKEYPublicKey();
+
+  crypto::ScopedSECKEYPublicKey result(SECKEY_ExtractPublicKey(spki.get()));
+
+  // Make sure the key is an RSA key.. If not, that's an error.
+  if (!result || result->keyType != rsaKey)
+    return crypto::ScopedSECKEYPublicKey();
+  return result.Pass();
+}
+#endif  // defined(USE_NSS)
+
 }  // namespace
 
 namespace crypto {
 
 RSAPrivateKey::~RSAPrivateKey() {
   if (key_)
     SECKEY_DestroyPrivateKey(key_);
   if (public_key_)
     SECKEY_DestroyPublicKey(public_key_);
 }
@@ skipping 54 matching lines @@
     NOTREACHED();
     delete copy;
     return NULL;
   }
   return copy;
 }
 
 // static
 RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo(
     const std::vector<uint8>& input) {
-  EnsureNSSInit();
-
-  scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey);
-
-  // First, decode and save the public key.
-  SECItem key_der;
-  key_der.type = siBuffer;
-  key_der.data = const_cast<unsigned char*>(&input[0]);
-  key_der.len = input.size();
-
-  CERTSubjectPublicKeyInfo* spki =
-      SECKEY_DecodeDERSubjectPublicKeyInfo(&key_der);
-  if (!spki) {
-    NOTREACHED();
+  scoped_ptr<RSAPrivateKey> result(InitPublicPart(input));
+  if (!result)
     return NULL;
-  }
-
-  result->public_key_ = SECKEY_ExtractPublicKey(spki);
-  SECKEY_DestroySubjectPublicKeyInfo(spki);
-  if (!result->public_key_) {
-    NOTREACHED();
-    return NULL;
-  }
-
-  // Make sure the key is an RSA key.  If not, that's an error
-  if (result->public_key_->keyType != rsaKey) {
-    NOTREACHED();
-    return NULL;
-  }
 
   ScopedSECItem ck_id(
       PK11_MakeIDFromPubKey(&(result->public_key_->u.rsa.modulus)));
   if (!ck_id.get()) {
     NOTREACHED();
     return NULL;
   }
 
   // Search all slots in all modules for the key with the given ID.
   AutoSECMODListReadLock auto_lock;
   SECMODModuleList* head = SECMOD_GetDefaultModuleList();
   for (SECMODModuleList* item = head; item != NULL; item = item->next) {
     int slot_count = item->module->loaded ? item->module->slotCount : 0;
     for (int i = 0; i < slot_count; i++) {
       // Finally...Look for the key!
       result->key_ = PK11_FindKeyByKeyID(item->module->slots[i],
                                          ck_id.get(), NULL);
       if (result->key_)
         return result.release();
     }
   }
 
   // We didn't find the key.
   return NULL;
 }
+
+// static
+RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfoInSlot(
+    const std::vector<uint8>& input,
+    PK11SlotInfo* slot) {
+  if (!slot)
+    return NULL;
+
+  scoped_ptr<RSAPrivateKey> result(InitPublicPart(input));
+  if (!result)
+    return NULL;
+
+  ScopedSECItem ck_id(
+      PK11_MakeIDFromPubKey(&(result->public_key_->u.rsa.modulus)));
+  if (!ck_id.get()) {
+    NOTREACHED();
+    return NULL;
+  }
+
+  result->key_ = PK11_FindKeyByKeyID(slot, ck_id.get(), NULL);
+  if (!result->key_)
+    return NULL;
+  return result.release();
+}
 #endif
 
 RSAPrivateKey* RSAPrivateKey::Copy() const {
   RSAPrivateKey* copy = new RSAPrivateKey();
   copy->key_ = SECKEY_CopyPrivateKey(key_);
   copy->public_key_ = SECKEY_CopyPublicKey(public_key_);
   return copy;
 }
 
 bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) const {
@@ skipping 87 matching lines @@
 
   result->public_key_ = SECKEY_ConvertToPublicKey(result->key_);
   if (!result->public_key_) {
     NOTREACHED();
     return NULL;
   }
 
   return result.release();
 }
 
+#if defined(USE_NSS)
+// static
+RSAPrivateKey* RSAPrivateKey::InitPublicPart(const std::vector<uint8>& input) {
+  EnsureNSSInit();
+
+  scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey());
+  result->public_key_ = GetRSAPublicKey(input).release();
+  if (!result->public_key_) {
+    NOTREACHED();
+    return NULL;
+  }
+
+  return result.release();
+}
+#endif  // defined(USE_NSS)
+
 }  // namespace crypto