| Index: net/cert/x509_certificate_nss.cc
|
| diff --git a/net/cert/x509_certificate_nss.cc b/net/cert/x509_certificate_nss.cc
|
| deleted file mode 100644
|
| index 45dd0a2743bc21e5f522ceea17657553fe836920..0000000000000000000000000000000000000000
|
| --- a/net/cert/x509_certificate_nss.cc
|
| +++ /dev/null
|
| @@ -1,293 +0,0 @@
|
| -// Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -#include "net/cert/x509_certificate.h"
|
| -
|
| -#include <cert.h>
|
| -#include <cryptohi.h>
|
| -#include <keyhi.h>
|
| -#include <nss.h>
|
| -#include <pk11pub.h>
|
| -#include <prtime.h>
|
| -#include <seccomon.h>
|
| -#include <secder.h>
|
| -#include <sechash.h>
|
| -
|
| -#include "base/logging.h"
|
| -#include "base/memory/scoped_ptr.h"
|
| -#include "base/pickle.h"
|
| -#include "base/strings/stringprintf.h"
|
| -#include "base/time/time.h"
|
| -#include "crypto/nss_util.h"
|
| -#include "crypto/scoped_nss_types.h"
|
| -#include "net/cert/x509_util_nss.h"
|
| -
|
| -namespace net {
|
| -
|
| -void X509Certificate::Initialize() {
|
| - x509_util::ParsePrincipal(&cert_handle_->subject, &subject_);
|
| - x509_util::ParsePrincipal(&cert_handle_->issuer, &issuer_);
|
| -
|
| - x509_util::ParseDate(&cert_handle_->validity.notBefore, &valid_start_);
|
| - x509_util::ParseDate(&cert_handle_->validity.notAfter, &valid_expiry_);
|
| -
|
| - fingerprint_ = CalculateFingerprint(cert_handle_);
|
| - ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_);
|
| -
|
| - serial_number_ = x509_util::ParseSerialNumber(cert_handle_);
|
| -}
|
| -
|
| -// static
|
| -X509Certificate* X509Certificate::CreateFromBytesWithNickname(
|
| - const char* data,
|
| - int length,
|
| - const char* nickname) {
|
| - OSCertHandle cert_handle = CreateOSCertHandleFromBytesWithNickname(data,
|
| - length,
|
| - nickname);
|
| - if (!cert_handle)
|
| - return NULL;
|
| -
|
| - X509Certificate* cert = CreateFromHandle(cert_handle, OSCertHandles());
|
| - FreeOSCertHandle(cert_handle);
|
| -
|
| - if (nickname)
|
| - cert->default_nickname_ = nickname;
|
| -
|
| - return cert;
|
| -}
|
| -
|
| -std::string X509Certificate::GetDefaultNickname(CertType type) const {
|
| - if (!default_nickname_.empty())
|
| - return default_nickname_;
|
| -
|
| - std::string result;
|
| - if (type == USER_CERT && cert_handle_->slot) {
|
| - // Find the private key for this certificate and see if it has a
|
| - // nickname. If there is a private key, and it has a nickname, then
|
| - // return that nickname.
|
| - SECKEYPrivateKey* private_key = PK11_FindPrivateKeyFromCert(
|
| - cert_handle_->slot,
|
| - cert_handle_,
|
| - NULL); // wincx
|
| - if (private_key) {
|
| - char* private_key_nickname = PK11_GetPrivateKeyNickname(private_key);
|
| - if (private_key_nickname) {
|
| - result = private_key_nickname;
|
| - PORT_Free(private_key_nickname);
|
| - SECKEY_DestroyPrivateKey(private_key);
|
| - return result;
|
| - }
|
| - SECKEY_DestroyPrivateKey(private_key);
|
| - }
|
| - }
|
| -
|
| - switch (type) {
|
| - case CA_CERT: {
|
| - char* nickname = CERT_MakeCANickname(cert_handle_);
|
| - result = nickname;
|
| - PORT_Free(nickname);
|
| - break;
|
| - }
|
| - case USER_CERT: {
|
| - std::string subject_name = subject_.GetDisplayName();
|
| - if (subject_name.empty()) {
|
| - const char* email = CERT_GetFirstEmailAddress(cert_handle_);
|
| - if (email)
|
| - subject_name = email;
|
| - }
|
| - // TODO(gspencer): Internationalize this. It's wrong to assume English
|
| - // here.
|
| - result = base::StringPrintf("%s's %s ID", subject_name.c_str(),
|
| - issuer_.GetDisplayName().c_str());
|
| - break;
|
| - }
|
| - case SERVER_CERT:
|
| - result = subject_.GetDisplayName();
|
| - break;
|
| - case OTHER_CERT:
|
| - default:
|
| - break;
|
| - }
|
| - return result;
|
| -}
|
| -
|
| -void X509Certificate::GetSubjectAltName(
|
| - std::vector<std::string>* dns_names,
|
| - std::vector<std::string>* ip_addrs) const {
|
| - x509_util::GetSubjectAltName(cert_handle_, dns_names, ip_addrs);
|
| -}
|
| -
|
| -bool X509Certificate::IsIssuedByEncoded(
|
| - const std::vector<std::string>& valid_issuers) {
|
| - // Get certificate chain as scoped list of CERTCertificate objects.
|
| - std::vector<CERTCertificate*> cert_chain;
|
| - cert_chain.push_back(cert_handle_);
|
| - for (size_t n = 0; n < intermediate_ca_certs_.size(); ++n) {
|
| - cert_chain.push_back(intermediate_ca_certs_[n]);
|
| - }
|
| - // Convert encoded issuers to scoped CERTName* list.
|
| - std::vector<CERTName*> issuers;
|
| - crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
|
| - if (!x509_util::GetIssuersFromEncodedList(valid_issuers,
|
| - arena.get(),
|
| - &issuers)) {
|
| - return false;
|
| - }
|
| - return x509_util::IsCertificateIssuedBy(cert_chain, issuers);
|
| -}
|
| -
|
| -// static
|
| -bool X509Certificate::GetDEREncoded(X509Certificate::OSCertHandle cert_handle,
|
| - std::string* encoded) {
|
| - if (!cert_handle || !cert_handle->derCert.len)
|
| - return false;
|
| - encoded->assign(reinterpret_cast<char*>(cert_handle->derCert.data),
|
| - cert_handle->derCert.len);
|
| - return true;
|
| -}
|
| -
|
| -// static
|
| -bool X509Certificate::IsSameOSCert(X509Certificate::OSCertHandle a,
|
| - X509Certificate::OSCertHandle b) {
|
| - DCHECK(a && b);
|
| - if (a == b)
|
| - return true;
|
| - return a->derCert.len == b->derCert.len &&
|
| - memcmp(a->derCert.data, b->derCert.data, a->derCert.len) == 0;
|
| -}
|
| -
|
| -// static
|
| -X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes(
|
| - const char* data, int length) {
|
| - return CreateOSCertHandleFromBytesWithNickname(data, length, NULL);
|
| -}
|
| -
|
| -// static
|
| -X509Certificate::OSCertHandle
|
| -X509Certificate::CreateOSCertHandleFromBytesWithNickname(
|
| - const char* data,
|
| - int length,
|
| - const char* nickname) {
|
| - if (length < 0)
|
| - return NULL;
|
| -
|
| - crypto::EnsureNSSInit();
|
| -
|
| - if (!NSS_IsInitialized())
|
| - return NULL;
|
| -
|
| - SECItem der_cert;
|
| - der_cert.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data));
|
| - der_cert.len = length;
|
| - der_cert.type = siDERCertBuffer;
|
| -
|
| - // Parse into a certificate structure.
|
| - return CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &der_cert,
|
| - const_cast<char*>(nickname),
|
| - PR_FALSE, PR_TRUE);
|
| -}
|
| -
|
| -// static
|
| -X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes(
|
| - const char* data,
|
| - int length,
|
| - Format format) {
|
| - return x509_util::CreateOSCertHandlesFromBytes(data, length, format);
|
| -}
|
| -
|
| -// static
|
| -X509Certificate::OSCertHandle X509Certificate::DupOSCertHandle(
|
| - OSCertHandle cert_handle) {
|
| - return CERT_DupCertificate(cert_handle);
|
| -}
|
| -
|
| -// static
|
| -void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {
|
| - CERT_DestroyCertificate(cert_handle);
|
| -}
|
| -
|
| -// static
|
| -SHA1HashValue X509Certificate::CalculateFingerprint(
|
| - OSCertHandle cert) {
|
| - SHA1HashValue sha1;
|
| - memset(sha1.data, 0, sizeof(sha1.data));
|
| -
|
| - DCHECK(NULL != cert->derCert.data);
|
| - DCHECK_NE(0U, cert->derCert.len);
|
| -
|
| - SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data,
|
| - cert->derCert.data, cert->derCert.len);
|
| - DCHECK_EQ(SECSuccess, rv);
|
| -
|
| - return sha1;
|
| -}
|
| -
|
| -// static
|
| -SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) {
|
| - SHA256HashValue sha256;
|
| - memset(sha256.data, 0, sizeof(sha256.data));
|
| -
|
| - DCHECK(NULL != cert->derCert.data);
|
| - DCHECK_NE(0U, cert->derCert.len);
|
| -
|
| - SECStatus rv = HASH_HashBuf(
|
| - HASH_AlgSHA256, sha256.data, cert->derCert.data, cert->derCert.len);
|
| - DCHECK_EQ(SECSuccess, rv);
|
| -
|
| - return sha256;
|
| -}
|
| -
|
| -// static
|
| -SHA1HashValue X509Certificate::CalculateCAFingerprint(
|
| - const OSCertHandles& intermediates) {
|
| - SHA1HashValue sha1;
|
| - memset(sha1.data, 0, sizeof(sha1.data));
|
| -
|
| - HASHContext* sha1_ctx = HASH_Create(HASH_AlgSHA1);
|
| - if (!sha1_ctx)
|
| - return sha1;
|
| - HASH_Begin(sha1_ctx);
|
| - for (size_t i = 0; i < intermediates.size(); ++i) {
|
| - CERTCertificate* ca_cert = intermediates[i];
|
| - HASH_Update(sha1_ctx, ca_cert->derCert.data, ca_cert->derCert.len);
|
| - }
|
| - unsigned int result_len;
|
| - HASH_End(sha1_ctx, sha1.data, &result_len, HASH_ResultLenContext(sha1_ctx));
|
| - HASH_Destroy(sha1_ctx);
|
| -
|
| - return sha1;
|
| -}
|
| -
|
| -// static
|
| -X509Certificate::OSCertHandle
|
| -X509Certificate::ReadOSCertHandleFromPickle(PickleIterator* pickle_iter) {
|
| - return x509_util::ReadOSCertHandleFromPickle(pickle_iter);
|
| -}
|
| -
|
| -// static
|
| -bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle,
|
| - Pickle* pickle) {
|
| - return pickle->WriteData(
|
| - reinterpret_cast<const char*>(cert_handle->derCert.data),
|
| - cert_handle->derCert.len);
|
| -}
|
| -
|
| -// static
|
| -void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,
|
| - size_t* size_bits,
|
| - PublicKeyType* type) {
|
| - x509_util::GetPublicKeyInfo(cert_handle, size_bits, type);
|
| -}
|
| -
|
| -// static
|
| -bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {
|
| - crypto::ScopedSECKEYPublicKey public_key(CERT_ExtractPublicKey(cert_handle));
|
| - if (!public_key.get())
|
| - return false;
|
| - return SECSuccess == CERT_VerifySignedDataWithPublicKey(
|
| - &cert_handle->signatureWrap, public_key.get(), NULL);
|
| -}
|
| -
|
| -} // namespace net
|
|
|
Chromium Code Reviews
Issue 992733002:
Remove //net (except for Android test stuff) and sdch (Closed)
Base URL: git@github.com:domokit/mojo.git@master