Move the Mozilla-derived code in net/base/keygen_handler_nss.cc...

net/third_party/mozilla_security_manager/nsKeygenHandler.cpp

-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Vipul Gupta <vipul.gupta@sun.com>
+ *   Douglas Stebila <douglas@stebila.ca>
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
 
-#include "net/base/keygen_handler.h"
+#include "net/third_party/mozilla_security_manager/nsKeygenHandler.h"
 
 #include <pk11pub.h>
 #include <secmod.h>
-#include <ssl.h>
 #include <secder.h>    // DER_Encode()
 #include <cryptohi.h>  // SEC_DerSignData()
 #include <keyhi.h>     // SECKEY_CreateSubjectPublicKeyInfo()
 
 #include "base/base64.h"
 #include "base/nss_util_internal.h"
 #include "base/nss_util.h"
 #include "base/logging.h"
+#include "net/base/keygen_handler.h"
 
-namespace net {
-
-const int64 DEFAULT_RSA_PUBLIC_EXPONENT = 0x10001;
+namespace {
 
 // Template for creating the signed public key structure to be sent to the CA.
 DERTemplate SECAlgorithmIDTemplate[] = {
   { DER_SEQUENCE,
     0, NULL, sizeof(SECAlgorithmID) },
   { DER_OBJECT_ID,
     offsetof(SECAlgorithmID, algorithm), },
   { DER_OPTIONAL | DER_ANY,
     offsetof(SECAlgorithmID, parameters), },
   { 0, }
@@ skipping 15 matching lines @@
     0, NULL, sizeof(CERTPublicKeyAndChallenge) },
   { DER_ANY,
     offsetof(CERTPublicKeyAndChallenge, spki), },
   { DER_IA5_STRING,
     offsetof(CERTPublicKeyAndChallenge, challenge), },
   { 0, }
 };
 
 void StoreKeyLocationInCache(const SECItem& public_key_info,
                              PK11SlotInfo *slot) {
-  KeygenHandler::Cache* cache = KeygenHandler::Cache::GetInstance();
-  KeygenHandler::KeyLocation key_location;
+  net::KeygenHandler::Cache* cache = net::KeygenHandler::Cache::GetInstance();
+  net::KeygenHandler::KeyLocation key_location;
   const char* slot_name = PK11_GetSlotName(slot);
   key_location.slot_name.assign(slot_name);
   cache->Insert(std::string(reinterpret_cast<char*>(public_key_info.data),
                 public_key_info.len), key_location);
 }
 
-bool KeygenHandler::KeyLocation::Equals(
-    const net::KeygenHandler::KeyLocation& location) const {
-  return slot_name == location.slot_name;
-}
+}  // namespace
 
-// This function is largely copied from the Firefox's
-// <keygen> implementation in security/manager/ssl/src/nsKeygenHandler.cpp
-// FIXME(gauravsh): Do we need a copy of the Mozilla license here?
+namespace mozilla_security_manager {
 
-std::string KeygenHandler::GenKeyAndSignChallenge() {
+// This function is based on the nsKeygenFormProcessor::GetPublicKey function
+// in mozilla/security/manager/ssl/src/nsKeygenHandler.cpp.
+std::string GenKeyAndSignChallenge(int key_size_in_bits,
+                                   const std::string& challenge,
+                                   bool stores_key) {
   // Key pair generation mechanism - only RSA is supported at present.
   PRUint32 keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;  // from nss/pkcs11t.h
 
   // Temporary structures used for generating the result
   // in the right format.
   PK11SlotInfo *slot = NULL;
   PK11RSAGenParams rsaKeyGenParams;  // Keygen parameters.
   SECOidTag algTag;  // used by SEC_DerSignData().
   SECKEYPrivateKey *privateKey = NULL;
   SECKEYPublicKey *publicKey = NULL;
@@ skipping 15 matching lines @@
 
   slot = base::GetDefaultNSSKeySlot();
   if (!slot) {
     LOG(ERROR) << "Couldn't get Internal key slot!";
     isSuccess = false;
     goto failure;
   }
 
   switch (keyGenMechanism) {
     case CKM_RSA_PKCS_KEY_PAIR_GEN:
-      rsaKeyGenParams.keySizeInBits = key_size_in_bits_;
-      rsaKeyGenParams.pe = DEFAULT_RSA_PUBLIC_EXPONENT;
+      rsaKeyGenParams.keySizeInBits = key_size_in_bits;
+      rsaKeyGenParams.pe = DEFAULT_RSA_KEYGEN_PE;
       keyGenParams = &rsaKeyGenParams;
 
-      algTag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;  // from <nss/secoidt.h>.
+      algTag = DEFAULT_RSA_KEYGEN_ALG;
       break;
     default:
       // TODO(gauravsh): If we ever support other mechanisms,
       // this can be changed.
       LOG(ERROR) << "Only RSA keygen mechanism is supported";
       isSuccess = false;
       goto failure;
-      break;
   }
 
   // Need to make sure that the token was initialized.
   // Assume a null password.
   sec_rv = PK11_Authenticate(slot, PR_TRUE, NULL);
   if (SECSuccess != sec_rv) {
     LOG(ERROR) << "Couldn't initialze PK11 token!";
     isSuccess = false;
     goto failure;
   }
@@ skipping 18 matching lines @@
   // Let's create that now.
 
   // Create a subject public key info from the public key.
   spkInfo = SECKEY_CreateSubjectPublicKeyInfo(publicKey);
   if (!spkInfo) {
     LOG(ERROR) << "Couldn't create SubjectPublicKeyInfo from public key";
     isSuccess = false;
     goto failure;
   }
 
-  // Temporary work store used by NSS.
   arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
   if (!arena) {
     LOG(ERROR) << "PORT_NewArena: Couldn't allocate memory";
     isSuccess = false;
     goto failure;
   }
 
   // DER encode the whole subjectPublicKeyInfo.
   sec_rv = DER_Encode(arena, &spkiItem, CERTSubjectPublicKeyInfoTemplate,
                       spkInfo);
   if (SECSuccess != sec_rv) {
     LOG(ERROR) << "Couldn't DER Encode subjectPublicKeyInfo";
     isSuccess = false;
     goto failure;
   }
 
   // Set up the PublicKeyAndChallenge data structure, then DER encode it.
   pkac.spki = spkiItem;
-  pkac.challenge.len = challenge_.length();
-  pkac.challenge.data = (unsigned char *)strdup(challenge_.c_str());
+  pkac.challenge.len = challenge.length();
+  pkac.challenge.data = (unsigned char *)strdup(challenge.c_str());
   if (!pkac.challenge.data) {
     LOG(ERROR) << "Out of memory while making a copy of challenge data";
     isSuccess = false;
     goto failure;
   }
   sec_rv = DER_Encode(arena, &pkacItem, CERTPublicKeyAndChallengeTemplate,
                       &pkac);
   if (SECSuccess != sec_rv) {
     LOG(ERROR) << "Couldn't DER Encode PublicKeyAndChallenge";
     isSuccess = false;
@@ skipping 24 matching lines @@
   if (!isSuccess) {
     LOG(ERROR) << "SSL Keygen failed!";
   } else {
     LOG(INFO) << "SSL Keygen succeeded!";
   }
 
   // Do cleanups
   if (privateKey) {
     // On successful keygen we need to keep the private key, of course,
     // or we won't be able to use the client certificate.
-    if (!isSuccess || !stores_key_) {
+    if (!isSuccess || !stores_key) {
       PK11_DestroyTokenObject(privateKey->pkcs11Slot, privateKey->pkcs11ID);
     }
     SECKEY_DestroyPrivateKey(privateKey);
   }
 
   if (publicKey) {
-    if (!isSuccess || !stores_key_) {
+    if (!isSuccess || !stores_key) {
       PK11_DestroyTokenObject(publicKey->pkcs11Slot, publicKey->pkcs11ID);
     }
     SECKEY_DestroyPublicKey(publicKey);
   }
   if (spkInfo) {
     SECKEY_DestroySubjectPublicKeyInfo(spkInfo);
   }
   if (arena) {
     PORT_FreeArena(arena, PR_TRUE);
   }
   if (slot != NULL) {
     PK11_FreeSlot(slot);
   }
   if (pkac.challenge.data) {
     free(pkac.challenge.data);
   }
 
   return (isSuccess ? result_blob : std::string());
 }
 
-}  // namespace net
+}  // namespace mozilla_security_manager