Implemented profile-aware owner key loading.

crypto/rsa_private_key_nss.cc

Index: crypto/rsa_private_key_nss.cc
diff --git a/crypto/rsa_private_key_nss.cc b/crypto/rsa_private_key_nss.cc
index bd54c2e4037131b536a6134305e1027fdf804b73..5f7c48d8bb50555deb6272e945f35133dacbbb7a 100644
--- a/crypto/rsa_private_key_nss.cc
+++ b/crypto/rsa_private_key_nss.cc
@@ -38,6 +38,26 @@ static bool ReadAttribute(SECKEYPrivateKey* key,
   return true;
 }
 
+#if defined(USE_NSS)
+SECKEYPublicKey* GetRSAPublicKey(const std::vector<uint8>& input) {

[wtc, 2014/05/16 15:06:36]

Nit: please document this function, especially the ownership of the return
value.

[ygorshenin1, 2014/05/19 09:43:50]

Done.

+  // First, decode and save the public key.
+  SECItem key_der;
+  key_der.type = siBuffer;
+  key_der.data = const_cast<unsigned char*>(&input[0]);
+  key_der.len = input.size();
+
+  CERTSubjectPublicKeyInfo* spki =
+      SECKEY_DecodeDERSubjectPublicKeyInfo(&key_der);
+  if (!spki)
+    return NULL;
+  SECKEYPublicKey* result = SECKEY_ExtractPublicKey(spki);
+  SECKEY_DestroySubjectPublicKeyInfo(spki);
+  if (!result || result->keyType != rsaKey)

[wtc, 2014/05/16 15:06:36]

BUG: in the result->keyType != rsaKey case, we need to destroy |result| (with
SECKEY_DestroyPublicKey) before returning NULL.

[ygorshenin1, 2014/05/19 09:43:50]

Done.

+    return NULL;
+  return result;
+}
+#endif  // defined(USE_NSS)
+
 }  // namespace
 
 namespace crypto {
@@ -114,34 +134,13 @@ RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo(
     const std::vector<uint8>& input) {
   EnsureNSSInit();
 
-  scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey);
-
-  // First, decode and save the public key.
-  SECItem key_der;
-  key_der.type = siBuffer;
-  key_der.data = const_cast<unsigned char*>(&input[0]);
-  key_der.len = input.size();
-
-  CERTSubjectPublicKeyInfo* spki =
-      SECKEY_DecodeDERSubjectPublicKeyInfo(&key_der);
-  if (!spki) {
-    NOTREACHED();
-    return NULL;
-  }
-
-  result->public_key_ = SECKEY_ExtractPublicKey(spki);
-  SECKEY_DestroySubjectPublicKeyInfo(spki);
+  scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey());
+  result->public_key_ = GetRSAPublicKey(input);
   if (!result->public_key_) {
     NOTREACHED();
     return NULL;
   }
 
-  // Make sure the key is an RSA key.  If not, that's an error

[wtc, 2014/05/16 15:06:36]

Please copy this comment to the new GetRSAPublicKey function.

[ygorshenin1, 2014/05/19 09:43:50]

Done.

-  if (result->public_key_->keyType != rsaKey) {
-    NOTREACHED();
-    return NULL;
-  }
-
   ScopedSECItem ck_id(
       PK11_MakeIDFromPubKey(&(result->public_key_->u.rsa.modulus)));
   if (!ck_id.get()) {
@@ -166,6 +165,35 @@ RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo(
   // We didn't find the key.
   return NULL;
 }
+
+// static
+RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfoInSlot(
+    const std::vector<uint8>& input,
+    PK11SlotInfo* slot) {
+  EnsureNSSInit();
+
+  if (!slot)
+    return NULL;
+
+  scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey());
+  result->public_key_ = GetRSAPublicKey(input);
+  if (!result->public_key_) {
+    NOTREACHED();
+    return NULL;
+  }
+
+  ScopedSECItem ck_id(
+      PK11_MakeIDFromPubKey(&(result->public_key_->u.rsa.modulus)));
+  if (!ck_id.get()) {
+    NOTREACHED();
+    return NULL;
+  }

[wtc, 2014/05/16 15:06:36]

Nit: we can work harder and share more code between these two functions. The
code up to this line (except for the null pointer check for |slot|) is the same
between the two functions.

[ygorshenin1, 2014/05/19 09:43:50]

Done.

+
+  result->key_ = PK11_FindKeyByKeyID(slot, ck_id.get(), NULL);
+  if (!result->key_)
+    return NULL;
+  return result.release();
+}
 #endif
 
 RSAPrivateKey* RSAPrivateKey::Copy() const {