diff options
| author | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-06-24 04:08:15 +0000 |
|---|---|---|
| committer | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-06-24 04:08:15 +0000 |
| commit | 1152c8fb437bafa8c1f34da72ec088cf7ebbedd3 (patch) | |
| tree | 53a9deddc598d748c9db4efdc6bb369b3e1b6f9c /net/base/keygen_handler_win.cc | |
| parent | 810e6e11d6e608532d324767aa039e885e2cc87b (diff) | |
| download | chromium_src-1152c8fb437bafa8c1f34da72ec088cf7ebbedd3.zip chromium_src-1152c8fb437bafa8c1f34da72ec088cf7ebbedd3.tar.gz chromium_src-1152c8fb437bafa8c1f34da72ec088cf7ebbedd3.tar.bz2 | |
Change Windows' application/x-x509-user-cert handling to allow any certificate that has a private key, regardless of where it was generated, rather than restricting it to keys generated via <keygen> in the current browsing session.
BUG=148
TEST=None
R=wtc
Review URL: http://codereview.chromium.org/2874002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50695 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/keygen_handler_win.cc')
| -rw-r--r-- | net/base/keygen_handler_win.cc | 95 |
1 files changed, 0 insertions, 95 deletions
diff --git a/net/base/keygen_handler_win.cc b/net/base/keygen_handler_win.cc index 3d97d17..8fc32e5 100644 --- a/net/base/keygen_handler_win.cc +++ b/net/base/keygen_handler_win.cc @@ -24,31 +24,6 @@ namespace net { -bool EncodeAndAppendType(LPCSTR type, const void* to_encode, - std::vector<BYTE>* output) { - BOOL ok; - DWORD size = 0; - ok = CryptEncodeObject(X509_ASN_ENCODING, type, to_encode, NULL, &size); - DCHECK(ok); - if (!ok) - return false; - - std::vector<BYTE>::size_type old_size = output->size(); - output->resize(old_size + size); - - ok = CryptEncodeObject(X509_ASN_ENCODING, type, to_encode, - &(*output)[old_size], &size); - DCHECK(ok); - if (!ok) - return false; - - // Sometimes the initial call to CryptEncodeObject gave a generous estimate - // of the size, so shrink back to what was actually used. - output->resize(old_size + size); - - return true; -} - // Assigns the contents of a CERT_PUBLIC_KEY_INFO structure for the signing // key in |prov| to |output|. Returns true if encoding was successful. bool GetSubjectPublicKeyInfo(HCRYPTPROV prov, std::vector<BYTE>* output) { @@ -80,18 +55,6 @@ bool GetSubjectPublicKeyInfo(HCRYPTPROV prov, std::vector<BYTE>* output) { return true; } -// Appends a DER SubjectPublicKeyInfo structure for the signing key in |prov| -// to |output|. -// Returns true if encoding was successful. -bool EncodeSubjectPublicKeyInfo(HCRYPTPROV prov, std::vector<BYTE>* output) { - std::vector<BYTE> public_key_info; - if (!GetSubjectPublicKeyInfo(prov, &public_key_info)) - return false; - - return EncodeAndAppendType(X509_PUBLIC_KEY_INFO, &public_key_info[0], - output); -} - // Generates a DER encoded SignedPublicKeyAndChallenge structure from the // signing key of |prov| and the specified ASCII |challenge| string and // appends it to |output|. @@ -167,62 +130,6 @@ std::wstring GetNewKeyContainerId() { return result; } -void StoreKeyLocationInCache(HCRYPTPROV prov) { - BOOL ok; - DWORD size = 0; - - // Though it is known the container and provider name, as they are supplied - // during GenKeyAndSignChallenge, explicitly resolving them via - // CryptGetProvParam ensures that any defaults (such as provider name being - // NULL) or any CSP modifications to the container name are properly - // reflected. - - // Find the container name. Though the MSDN documentation states it will - // return the exact same value as supplied when the provider was aquired, it - // also notes the return type will be CHAR, /not/ WCHAR. - ok = CryptGetProvParam(prov, PP_CONTAINER, NULL, &size, 0); - if (!ok) - return; - - std::vector<BYTE> buffer(size); - ok = CryptGetProvParam(prov, PP_CONTAINER, &buffer[0], &size, 0); - if (!ok) - return; - - KeygenHandler::KeyLocation key_location; - UTF8ToWide(reinterpret_cast<char*>(&buffer[0]), size, - &key_location.container_name); - - // Get the provider name. This will always resolve, even if NULL (indicating - // the default provider) was supplied to the CryptAcquireContext. - size = 0; - ok = CryptGetProvParam(prov, PP_NAME, NULL, &size, 0); - if (!ok) - return; - - buffer.resize(size); - ok = CryptGetProvParam(prov, PP_NAME, &buffer[0], &size, 0); - if (!ok) - return; - - UTF8ToWide(reinterpret_cast<char*>(&buffer[0]), size, - &key_location.provider_name); - - std::vector<BYTE> public_key_info; - if (!EncodeSubjectPublicKeyInfo(prov, &public_key_info)) - return; - - KeygenHandler::Cache* cache = KeygenHandler::Cache::GetInstance(); - cache->Insert(std::string(public_key_info.begin(), public_key_info.end()), - key_location); -} - -bool KeygenHandler::KeyLocation::Equals( - const KeygenHandler::KeyLocation& location) const { - return container_name == location.container_name && - provider_name == location.provider_name; -} - std::string KeygenHandler::GenKeyAndSignChallenge() { std::string result; @@ -283,8 +190,6 @@ std::string KeygenHandler::GenKeyAndSignChallenge() { goto failure; } - StoreKeyLocationInCache(prov); - failure: if (!is_success) { LOG(ERROR) << "SSL Keygen failed"; |