forked from chromium/chromium
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcert_test_util_nss.cc
135 lines (115 loc) · 4.25 KB
/
cert_test_util_nss.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/test/cert_test_util.h"
#include <pk11pub.h>
#include <secmodt.h>
#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "crypto/nss_key_util.h"
#include "crypto/nss_util.h"
#include "crypto/scoped_nss_types.h"
#include "net/cert/cert_type.h"
#include "net/cert/x509_util_nss.h"
namespace net {
bool ImportSensitiveKeyFromFile(const base::FilePath& dir,
const std::string& key_filename,
PK11SlotInfo* slot) {
base::FilePath key_path = dir.AppendASCII(key_filename);
std::string key_pkcs8;
bool success = base::ReadFileToString(key_path, &key_pkcs8);
if (!success) {
LOG(ERROR) << "Failed to read file " << key_path.value();
return false;
}
const uint8_t* key_pkcs8_begin =
reinterpret_cast<const uint8_t*>(key_pkcs8.data());
std::vector<uint8_t> key_vector(key_pkcs8_begin,
key_pkcs8_begin + key_pkcs8.length());
crypto::ScopedSECKEYPrivateKey private_key(
crypto::ImportNSSKeyFromPrivateKeyInfo(slot, key_vector,
true /* permanent */));
LOG_IF(ERROR, !private_key) << "Could not create key from file "
<< key_path.value();
return !!private_key;
}
bool ImportClientCertToSlot(CERTCertificate* nss_cert, PK11SlotInfo* slot) {
std::string nickname =
x509_util::GetDefaultUniqueNickname(nss_cert, USER_CERT, slot);
SECStatus rv = PK11_ImportCert(slot, nss_cert, CK_INVALID_HANDLE,
nickname.c_str(), PR_FALSE);
if (rv != SECSuccess) {
LOG(ERROR) << "Could not import cert";
return false;
}
return true;
}
ScopedCERTCertificate ImportClientCertToSlot(
const scoped_refptr<X509Certificate>& cert,
PK11SlotInfo* slot) {
ScopedCERTCertificate nss_cert =
x509_util::CreateCERTCertificateFromX509Certificate(cert.get());
if (!nss_cert)
return nullptr;
if (!ImportClientCertToSlot(nss_cert.get(), slot))
return nullptr;
return nss_cert;
}
scoped_refptr<X509Certificate> ImportClientCertAndKeyFromFile(
const base::FilePath& dir,
const std::string& cert_filename,
const std::string& key_filename,
PK11SlotInfo* slot,
ScopedCERTCertificate* nss_cert) {
if (!ImportSensitiveKeyFromFile(dir, key_filename, slot)) {
LOG(ERROR) << "Could not import private key from file " << key_filename;
return NULL;
}
scoped_refptr<X509Certificate> cert(ImportCertFromFile(dir, cert_filename));
if (!cert.get()) {
LOG(ERROR) << "Failed to parse cert from file " << cert_filename;
return NULL;
}
*nss_cert = ImportClientCertToSlot(cert, slot);
if (!*nss_cert)
return NULL;
// |cert| continues to point to the original X509Certificate before the
// import to |slot|. However this should not make a difference as NSS handles
// state globally.
return cert;
}
scoped_refptr<X509Certificate> ImportClientCertAndKeyFromFile(
const base::FilePath& dir,
const std::string& cert_filename,
const std::string& key_filename,
PK11SlotInfo* slot) {
ScopedCERTCertificate nss_cert;
return ImportClientCertAndKeyFromFile(dir, cert_filename, key_filename, slot,
&nss_cert);
}
ScopedCERTCertificate ImportCERTCertificateFromFile(
const base::FilePath& certs_dir,
const std::string& cert_file) {
scoped_refptr<X509Certificate> cert =
ImportCertFromFile(certs_dir, cert_file);
if (!cert)
return nullptr;
return x509_util::CreateCERTCertificateFromX509Certificate(cert.get());
}
ScopedCERTCertificateList CreateCERTCertificateListFromFile(
const base::FilePath& certs_dir,
const std::string& cert_file,
int format) {
CertificateList certs =
CreateCertificateListFromFile(certs_dir, cert_file, format);
ScopedCERTCertificateList nss_certs;
for (const auto& cert : certs) {
ScopedCERTCertificate nss_cert =
x509_util::CreateCERTCertificateFromX509Certificate(cert.get());
if (!nss_cert)
return {};
nss_certs.push_back(std::move(nss_cert));
}
return nss_certs;
}
} // namespace net