Revert "Fix broken channel icon in chrome://help on CrOS" and try again
[chromium-blink-merge.git] / net / test / cert_test_util_nss.cc
blob4427cebe117deb1de458b46f4bf70f63db0209a8
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/test/cert_test_util.h"
7 #include <pk11pub.h>
8 #include <secmodt.h>
10 #include "base/files/file_path.h"
11 #include "base/files/file_util.h"
12 #include "crypto/nss_key_util.h"
13 #include "crypto/nss_util.h"
14 #include "crypto/scoped_nss_types.h"
15 #include "net/cert/cert_type.h"
17 namespace net {
19 bool ImportSensitiveKeyFromFile(const base::FilePath& dir,
20 const std::string& key_filename,
21 PK11SlotInfo* slot) {
22 base::FilePath key_path = dir.AppendASCII(key_filename);
23 std::string key_pkcs8;
24 bool success = base::ReadFileToString(key_path, &key_pkcs8);
25 if (!success) {
26 LOG(ERROR) << "Failed to read file " << key_path.value();
27 return false;
30 const uint8* key_pkcs8_begin =
31 reinterpret_cast<const uint8*>(key_pkcs8.data());
32 std::vector<uint8> key_vector(key_pkcs8_begin,
33 key_pkcs8_begin + key_pkcs8.length());
35 crypto::ScopedSECKEYPrivateKey private_key(
36 crypto::ImportNSSKeyFromPrivateKeyInfo(slot, key_vector,
37 true /* permanent */));
38 LOG_IF(ERROR, !private_key) << "Could not create key from file "
39 << key_path.value();
40 return private_key;
43 bool ImportClientCertToSlot(const scoped_refptr<X509Certificate>& cert,
44 PK11SlotInfo* slot) {
45 std::string nickname = cert->GetDefaultNickname(USER_CERT);
47 crypto::AutoNSSWriteLock lock;
48 SECStatus rv = PK11_ImportCert(slot,
49 cert->os_cert_handle(),
50 CK_INVALID_HANDLE,
51 nickname.c_str(),
52 PR_FALSE);
53 if (rv != SECSuccess) {
54 LOG(ERROR) << "Could not import cert";
55 return false;
58 return true;
61 scoped_refptr<X509Certificate> ImportClientCertAndKeyFromFile(
62 const base::FilePath& dir,
63 const std::string& cert_filename,
64 const std::string& key_filename,
65 PK11SlotInfo* slot) {
66 if (!ImportSensitiveKeyFromFile(dir, key_filename, slot)) {
67 LOG(ERROR) << "Could not import private key from file " << key_filename;
68 return NULL;
71 scoped_refptr<X509Certificate> cert(ImportCertFromFile(dir, cert_filename));
73 if (!cert.get()) {
74 LOG(ERROR) << "Failed to parse cert from file " << cert_filename;
75 return NULL;
78 if (!ImportClientCertToSlot(cert, slot))
79 return NULL;
81 // |cert| continues to point to the original X509Certificate before the
82 // import to |slot|. However this should not make a difference as NSS handles
83 // state globally.
84 return cert;
87 } // namespace net