Revert of Refactoring of Cast-related crypto code

extensions/common/cast/cast_cert_validator_openssl.cc

Index: extensions/common/cast/cast_cert_validator_openssl.cc
diff --git a/extensions/common/cast/cast_cert_validator_openssl.cc b/extensions/common/cast/cast_cert_validator_openssl.cc
deleted file mode 100644
index 8c2e4c0721ed7019e8b07651538d16ab624490a3..0000000000000000000000000000000000000000
--- a/extensions/common/cast/cast_cert_validator_openssl.cc
+++ /dev/null
@@ -1,158 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "extensions/common/cast/cast_cert_validator.h"
-
-#include <openssl/digest.h>
-#include <openssl/evp.h>
-#include <openssl/rsa.h>
-#include <openssl/x509.h>
-
-#include "base/logging.h"
-#include "base/strings/string_number_conversions.h"
-#include "base/strings/string_util.h"
-#include "base/strings/stringprintf.h"
-#include "crypto/openssl_util.h"
-#include "crypto/scoped_openssl_types.h"
-#include "extensions/browser/api/cast_channel/cast_auth_ica.h"
-#include "net/cert/x509_certificate.h"
-#include "net/cert/x509_util_openssl.h"
-
-namespace extensions {
-namespace core_api {
-namespace cast_crypto {
-namespace {
-
-typedef crypto::ScopedOpenSSL<X509, X509_free>::Type ScopedX509;
-
-class CertVerificationContextOpenSSL : public CertVerificationContext {
- public:
-  // Takes ownership of the passed-in x509 object
-  explicit CertVerificationContextOpenSSL(X509* x509) : x509_(x509) {}
-
-  VerificationResult VerifySignatureOverData(
-      const base::StringPiece& signature,
-      const base::StringPiece& data) const override {
-    // Retrieve public key object.
-    crypto::ScopedEVP_PKEY public_key(X509_get_pubkey(x509_.get()));
-    if (!public_key) {
-      return VerificationResult(
-          "Failed to extract device certificate public key.",
-          VerificationResult::ERROR_CERT_INVALID);
-    }
-    // Make sure the key is RSA.
-    const int public_key_type = EVP_PKEY_id(public_key.get());
-    if (public_key_type != EVP_PKEY_RSA) {
-      return VerificationResult(
-          std::string("Expected RSA key type for client certificate, got ") +
-              base::IntToString(public_key_type) + " instead.",
-          VerificationResult::ERROR_CERT_INVALID);
-    }
-    // Verify signature.
-    const crypto::ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create());
-    if (!ctx ||
-        !EVP_DigestVerifyInit(ctx.get(), NULL, EVP_sha1(), NULL,
-                              public_key.get()) ||
-        !EVP_DigestVerifyUpdate(ctx.get(), data.data(), data.size()) ||
-        !EVP_DigestVerifyFinal(
-            ctx.get(), reinterpret_cast<const uint8_t*>(signature.data()),
-            signature.size())) {
-      return VerificationResult("Signature verification failed.",
-                                VerificationResult::ERROR_SIGNATURE_INVALID);
-    }
-    return VerificationResult();
-  }
-
-  std::string GetCommonName() const override {
-    int common_name_length = X509_NAME_get_text_by_NID(
-        x509_->cert_info->subject, NID_commonName, NULL, 0);
-    if (common_name_length < 0)
-      return std::string();
-    std::string common_name;
-    common_name_length = X509_NAME_get_text_by_NID(
-        x509_->cert_info->subject, NID_commonName,
-        WriteInto(&common_name, static_cast<size_t>(common_name_length) + 1),
-        common_name_length + 1);
-    if (common_name_length < 0)
-      return std::string();
-    return common_name;
-  }
-
- private:
-  ScopedX509 x509_;
-};
-
-}  // namespace
-
-VerificationResult VerifyDeviceCert(
-    const base::StringPiece& device_cert,
-    const std::vector<std::string>& ica_certs,
-    scoped_ptr<CertVerificationContext>* context) {
-  crypto::EnsureOpenSSLInit();
-  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
-
-  // If the list of intermediates is empty then use kPublicKeyICA1 as
-  // the trusted CA (legacy case).
-  // Otherwise, use the first intermediate in the list as long as it
-  // is in the allowed list of intermediates.
-  base::StringPiece ica_public_key_der =
-      (ica_certs.size() == 0)
-          ? cast_channel::GetDefaultTrustedICAPublicKey()
-          : cast_channel::GetTrustedICAPublicKey(ica_certs[0]);
-
-  if (ica_public_key_der.empty()) {
-    return VerificationResult(
-        "Device certificate is not signed by a trusted CA",
-        VerificationResult::ERROR_CERT_UNTRUSTED);
-  }
-  // Initialize the ICA public key.
-  const uint8_t* ica_public_key_der_ptr =
-      reinterpret_cast<const uint8_t*>(ica_public_key_der.data());
-  const uint8_t* ica_public_key_der_end =
-      ica_public_key_der_ptr + ica_public_key_der.size();
-  crypto::ScopedRSA ica_public_key_rsa(d2i_RSAPublicKey(
-      NULL, &ica_public_key_der_ptr, ica_public_key_der.size()));
-  if (!ica_public_key_rsa || ica_public_key_der_ptr != ica_public_key_der_end) {
-    return VerificationResult("Failed to import trusted public key.",
-                              VerificationResult::ERROR_INTERNAL);
-  }
-  crypto::ScopedEVP_PKEY ica_public_key_evp(EVP_PKEY_new());
-  if (!ica_public_key_evp ||
-      !EVP_PKEY_set1_RSA(ica_public_key_evp.get(), ica_public_key_rsa.get())) {
-    return VerificationResult("Failed to import trusted public key.",
-                              VerificationResult::ERROR_INTERNAL);
-  }
-  // Parse the device certificate.
-  const uint8_t* device_cert_der_ptr =
-      reinterpret_cast<const uint8_t*>(device_cert.data());
-  const uint8_t* device_cert_der_end = device_cert_der_ptr + device_cert.size();
-  ScopedX509 device_cert_x509(
-      d2i_X509(NULL, &device_cert_der_ptr, device_cert.size()));
-  if (!device_cert_x509 || device_cert_der_ptr != device_cert_der_end) {
-    return VerificationResult("Failed to parse device certificate.",
-                              VerificationResult::ERROR_CERT_INVALID);
-  }
-  // Verify device certificate.
-  if (X509_verify(device_cert_x509.get(), ica_public_key_evp.get()) != 1) {
-    return VerificationResult(
-        "Device certificate signature verification failed.",
-        VerificationResult::ERROR_CERT_INVALID);
-  }
-
-  if (context) {
-    scoped_ptr<CertVerificationContext> tmp_context(
-        new CertVerificationContextOpenSSL(device_cert_x509.release()));
-    tmp_context.swap(*context);
-  }
-
-  return VerificationResult();
-}
-
-std::string VerificationResult::GetLogString() const {
-  return error_message;
-}
-
-}  // namespace cast_crypto
-}  // namespace core_api
-}  // namespace extensions