Fixed issues with previous CL.

BUG=88782
TEST=None

Review URL: http://codereview.chromium.org/7335013

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92261 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 40 insertions, 24 deletions

diff --git a/net/base/origin_bound_cert_service.cc b/net/base/origin_bound_cert_service.cc
index 853d3ef..0d706bc 100644
--- a/net/base/origin_bound_cert_service.cc
+++ b/net/base/origin_bound_cert_service.cc
@@ -7,59 +7,75 @@
 #include <limits>
 
 #include "base/logging.h"
+#include "base/memory/ref_counted.h"
+#include "base/memory/scoped_ptr.h"
 #include "base/rand_util.h"
 #include "crypto/rsa_private_key.h"
+#include "googleurl/src/gurl.h"
+#include "net/base/origin_bound_cert_store.h"
 #include "net/base/x509_certificate.h"
 
 namespace net {
 
+namespace {
+
+const int kKeySizeInBits = 1024;
+const int kValidityPeriodInDays = 365;
+
+}  // namespace
+
 bool OriginBoundCertService::GetOriginBoundCert(const GURL& url,
                                                 std::string* private_key_result,
                                                 std::string* cert_result) {
   // Check if origin bound cert already exists for this origin.
   if (origin_bound_cert_store_->HasOriginBoundCert(url)) {
-    origin_bound_cert_store_->GetOriginBoundCert(url,
-                                                 private_key_result,
-                                                 cert_result);
-    return true;
+    return origin_bound_cert_store_->GetOriginBoundCert(url,
+                                                        private_key_result,
+                                                        cert_result);
   }
 
   // No origin bound cert exists, we have to create one.
-  std::string origin = GetCertOriginFromURL(url);
+  std::string origin = url.GetOrigin().spec();
   std::string subject = "CN=origin-bound certificate for " + origin;
-  X509Certificate* x509_cert;
-  crypto::RSAPrivateKey* key = crypto::RSAPrivateKey::Create(1024);
-  if ((x509_cert = X509Certificate::CreateSelfSigned(
-      key,
+  scoped_ptr<crypto::RSAPrivateKey> key(
+      crypto::RSAPrivateKey::Create(kKeySizeInBits));
+  if (!key.get()) {
+    LOG(WARNING) << "Unable to create key pair for client";
+    return false;
+  }
+  scoped_refptr<X509Certificate> x509_cert = X509Certificate::CreateSelfSigned(
+      key.get(),
       subject,
       base::RandInt(0, std::numeric_limits<int>::max()),
-      base::TimeDelta::FromDays(365))) == NULL) {
+      base::TimeDelta::FromDays(kValidityPeriodInDays));
+  if (!x509_cert) {
     LOG(WARNING) << "Unable to create x509 cert for client";
     return false;
   }
 
-  std::vector<uint8> key_vec;
-  if (!key->ExportPrivateKey(&key_vec)) {
-    LOG(WARNING) << "Unable to create x509 cert for client";
+  std::vector<uint8> private_key_info;
+  if (!key->ExportPrivateKey(&private_key_info)) {
+    LOG(WARNING) << "Unable to export private key";
     return false;
   }
-  std::string key_output(key_vec.begin(), key_vec.end());
+  // TODO(rkn): Perhaps ExportPrivateKey should be changed to output a
+  // std::string* to prevent this copying.
+  std::string key_out(private_key_info.begin(), private_key_info.end());
 
-  std::string cert_output;
-  if (!x509_cert->GetDEREncoded(&cert_output)) {
-    LOG(WARNING) << "Unable to create x509 cert for client";
+  std::string der_cert;
+  if (!x509_cert->GetDEREncoded(&der_cert)) {
+    LOG(WARNING) << "Unable to get DER-enconded cert";
     return false;
   }
 
-  origin_bound_cert_store_->SetOriginBoundCert(url, key_output, cert_output);
-  *private_key_result = key_output;
-  *cert_result = cert_output;
+  if (!origin_bound_cert_store_->SetOriginBoundCert(url, key_out, der_cert)) {
+    LOG(WARNING) << "Unable to set origin bound certificate";
+    return false;
+  }
 
+  private_key_result->swap(key_out);
+  cert_result->swap(der_cert);
   return true;
 }
 
-std::string OriginBoundCertService::GetCertOriginFromURL(const GURL& url) {
-  return url.GetOrigin().spec();
-}
-
 }  // namespace net