Convert Windows to use X509CertificateBytes.

net/cert/x509_certificate_win.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/x509_certificate.h"
 
 #include <memory>
 
 #include "base/logging.h"
 #include "base/memory/free_deleter.h"
 #include "base/numerics/safe_conversions.h"
 #include "base/pickle.h"
 #include "base/sha1.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "crypto/capi_util.h"
 #include "crypto/scoped_capi_types.h"
 #include "crypto/sha2.h"
 #include "net/base/net_errors.h"
+#include "net/cert/x509_util_win.h"
 #include "third_party/boringssl/src/include/openssl/sha.h"
 
 using base::Time;
 
 namespace net {
 
 namespace {
 
 typedef crypto::ScopedCAPIHandle<
     HCERTSTORE,
@@ skipping 162 matching lines @@
     }
     // Fast path: Found at least one subjectAltName and the caller doesn't
     // need the actual values.
     if (has_san && !ip_addrs && !dns_names)
       return true;
   }
 
   return has_san;
 }
 
-PCCERT_CONTEXT X509Certificate::CreateOSCertChainForCert() const {
-  // Create an in-memory certificate store to hold this certificate and
-  // any intermediate certificates in |intermediate_ca_certs_|. The store
-  // will be referenced in the returned PCCERT_CONTEXT, and will not be freed
-  // until the PCCERT_CONTEXT is freed.
-  ScopedHCERTSTORE store(CertOpenStore(
-      CERT_STORE_PROV_MEMORY, 0, NULL,
-      CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG, NULL));
-  if (!store.get())
-    return NULL;
-
-  // NOTE: This preserves all of the properties of |os_cert_handle()| except
-  // for CERT_KEY_PROV_HANDLE_PROP_ID and CERT_KEY_CONTEXT_PROP_ID - the two
-  // properties that hold access to already-opened private keys. If a handle
-  // has already been unlocked (eg: PIN prompt), then the first time that the
-  // identity is used for client auth, it may prompt the user again.
-  PCCERT_CONTEXT primary_cert;
-  BOOL ok = CertAddCertificateContextToStore(store.get(), os_cert_handle(),
-                                             CERT_STORE_ADD_ALWAYS,
-                                             &primary_cert);
-  if (!ok || !primary_cert)
-    return NULL;
-
-  for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {
-    CertAddCertificateContextToStore(store.get(), intermediate_ca_certs_[i],
-                                     CERT_STORE_ADD_ALWAYS, NULL);
-  }
-
-  // Note: |store| is explicitly not released, as the call to CertCloseStore()
-  // when |store| goes out of scope will not actually free the store. Instead,
-  // the store will be freed when |primary_cert| is freed.
-  return primary_cert;
-}
-
 // static
 bool X509Certificate::GetDEREncoded(X509Certificate::OSCertHandle cert_handle,
                                     std::string* encoded) {
   if (!cert_handle || !cert_handle->pbCertEncoded ||
       !cert_handle->cbCertEncoded) {
     return false;
   }
   encoded->assign(reinterpret_cast<char*>(cert_handle->pbCertEncoded),
                   cert_handle->cbCertEncoded);
   return true;
@@ skipping 55 matching lines @@
   return CertDuplicateCertificateContext(cert_handle);
 }
 
 // static
 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {
   CertFreeCertificateContext(cert_handle);
 }
 
 // static
 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) {
-  DCHECK(NULL != cert->pbCertEncoded);
-  DCHECK_NE(0u, cert->cbCertEncoded);
-
-  SHA256HashValue sha256;
-  size_t sha256_size = sizeof(sha256.data);
-
-  // Use crypto::SHA256HashString for two reasons:
-  // * < Windows Vista does not have universal SHA-256 support.
-  // * More efficient on Windows > Vista (less overhead since non-default CSP
-  // is not needed).
-  base::StringPiece der_cert(reinterpret_cast<const char*>(cert->pbCertEncoded),
-                             cert->cbCertEncoded);
-  crypto::SHA256HashString(der_cert, sha256.data, sha256_size);
-  return sha256;
+  return x509_util::CalculateFingerprint256(cert);
 }
 
 SHA256HashValue X509Certificate::CalculateCAFingerprint256(
     const OSCertHandles& intermediates) {
   SHA256HashValue sha256;
   memset(sha256.data, 0, sizeof(sha256.data));
 
   SHA256_CTX ctx;
   if (!SHA256_Init(&ctx))
     return sha256;
@@ skipping 116 matching lines @@
                                    valid_issuers)) {
       return true;
     }
   }
 
   return false;
 }
 
 // static
 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {
-  bool valid_signature = !!CryptVerifyCertificateSignatureEx(
-      NULL, X509_ASN_ENCODING, CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT,
-      reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)),
-      CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT,
-      reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)), 0, NULL);
-  if (!valid_signature)
-    return false;
-  return !!CertCompareCertificateName(X509_ASN_ENCODING,
-                                      &cert_handle->pCertInfo->Subject,
-                                      &cert_handle->pCertInfo->Issuer);
+  return x509_util::IsSelfSigned(cert_handle);
 }
 
 }  // namespace net