Revert 52799 - Add support for parsing certificate formats other than raw, DE...

net/base/x509_certificate_mac.cc

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/x509_certificate.h"
 
 #include <CommonCrypto/CommonDigest.h>
 #include <Security/Security.h>
 #include <time.h>
 
+#include "base/scoped_cftyperef.h"
 #include "base/logging.h"
 #include "base/pickle.h"
-#include "base/scoped_cftyperef.h"
 #include "base/sys_string_conversions.h"
 #include "net/base/cert_status_flags.h"
 #include "net/base/cert_verify_result.h"
 #include "net/base/net_errors.h"
 
 using base::Time;
 
 namespace net {
 
 class MacTrustedCertificates {
@@ skipping 341 matching lines @@
                             const CSSM_OID* purpose) {
   for (unsigned p = 0; p < usage->numPurposes; ++p) {
     if (CSSMOIDEqual(&usage->purposes[p], purpose))
       return true;
     if (CSSMOIDEqual(&usage->purposes[p], &CSSMOID_ExtendedKeyUsageAny))
       return true;
   }
   return false;
 }
 
-// Parses |data| of length |length|, attempting to decode it as the specified
-// |format|. If |data| is in the specified format, any certificates contained
-// within are stored into |output|.
-void AddCertificatesFromBytes(const char* data, size_t length,
-                              SecExternalFormat format,
-                              X509Certificate::OSCertHandles* output) {
-  SecExternalFormat input_format = format;
-  scoped_cftyperef<CFDataRef> local_data(CFDataCreateWithBytesNoCopy(
-      kCFAllocatorDefault, reinterpret_cast<const UInt8*>(data),
-      length, kCFAllocatorNull));
-
-  CFArrayRef items = NULL;
-  OSStatus status = SecKeychainItemImport(local_data, NULL, &input_format,
-                                          NULL, 0, NULL, NULL, &items);
-  if (status) {
-    DLOG(WARNING) << status << " Unable to import items from data of length "
-                  << length;
-    return;
-  }
-
-  scoped_cftyperef<CFArrayRef> scoped_items(items);
-  CFTypeID cert_type_id = SecCertificateGetTypeID();
-
-  for (CFIndex i = 0; i < CFArrayGetCount(items); ++i) {
-    SecKeychainItemRef item = reinterpret_cast<SecKeychainItemRef>(
-        const_cast<void*>(CFArrayGetValueAtIndex(items, i)));
-
-    // While inputFormat implies only certificates will be imported, if/when
-    // other formats (eg: PKCS#12) are supported, this may also include
-    // private keys or other items types, so filter appropriately.
-    if (CFGetTypeID(item) == cert_type_id) {
-      SecCertificateRef cert = reinterpret_cast<SecCertificateRef>(item);
-      CFRetain(cert);
-      output->push_back(cert);
-    }
-  }
-}
-
 }  // namespace
 
 void X509Certificate::Initialize() {
   const CSSM_X509_NAME* name;
   OSStatus status = SecCertificateGetSubject(cert_handle_, &name);
   if (!status) {
     subject_.Parse(name);
   }
   status = SecCertificateGetIssuer(cert_handle_, &name);
   if (!status) {
@@ skipping 277 matching lines @@
 // static
 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes(
     const char* data, int length) {
   CSSM_DATA cert_data;
   cert_data.Data = const_cast<uint8*>(reinterpret_cast<const uint8*>(data));
   cert_data.Length = length;
 
   OSCertHandle cert_handle = NULL;
   OSStatus status = SecCertificateCreateFromData(&cert_data,
                                                  CSSM_CERT_X_509v3,
-                                                 CSSM_CERT_ENCODING_DER,
+                                                 CSSM_CERT_ENCODING_BER,
                                                  &cert_handle);
   if (status)
     return NULL;
 
-  // SecCertificateCreateFromData() unfortunately will not return any
-  // errors, as long as simply all pointers are present. The actual decoding
-  // of the certificate does not happen until an API that requires a CDSA
-  // handle is called. While SecCertificateGetCLHandle is the most likely
-  // candidate, as it initializes the parsing, it does not check whether the
-  // parsing was successful. Instead, SecCertificateGetSubject is used
-  // (supported since 10.3), as a means to double-check that the parsed
-  // parsed certificate is valid.
-  const CSSM_X509_NAME* sanity_check = NULL;
-  status = SecCertificateGetSubject(cert_handle, &sanity_check);
-  if (status || !sanity_check) {
-    CFRelease(cert_handle);
-    return NULL;
-  }
-
   return cert_handle;
 }
 
 // static
-X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes(
-    const char* data, int length, Format format) {
-  OSCertHandles results;
-
-  switch (format) {
-    case FORMAT_DER: {
-      OSCertHandle handle = CreateOSCertHandleFromBytes(data, length);
-      if (handle)
-        results.push_back(handle);
-      break;
-    }
-    case FORMAT_PKCS7:
-      AddCertificatesFromBytes(data, length, kSecFormatPKCS7, &results);
-      break;
-    default:
-      NOTREACHED() << "Certificate format " << format << " unimplemented";
-      break;
-  }
-
-  return results;
-}
-
-// static
 X509Certificate::OSCertHandle X509Certificate::DupOSCertHandle(
     OSCertHandle handle) {
   if (!handle)
     return NULL;
   return reinterpret_cast<OSCertHandle>(const_cast<void*>(CFRetain(handle)));
 }
 
 // static
 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {
   CFRelease(cert_handle);
@@ skipping 202 matching lines @@
     }
     CFRelease(cert_chain);
   }
 exit:
   if (result)
     LOG(ERROR) << "CreateIdentityCertificateChain error " << result;
   return chain.release();
 }
 
 }  // namespace net