summaryrefslogtreecommitdiff
path: root/security/nss/gtests/nss_bogo_shim/nsskeys.cc
blob: 1b5e15beec138f23593f7bdda3f3aa315c512b88 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
 * You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsskeys.h"

#include <cstring>

#include <fstream>
#include <iostream>
#include <string>

#include "cert.h"
#include "keyhi.h"
#include "nspr.h"
#include "nss.h"
#include "nssb64.h"
#include "pk11pub.h"

const std::string kPEMBegin = "-----BEGIN ";
const std::string kPEMEnd = "-----END ";

// Read a PEM file, base64 decode it, and return the result.
static bool ReadPEMFile(const std::string& filename, SECItem* item) {
  std::ifstream in(filename);
  if (in.bad()) return false;

  char buf[1024];
  in.getline(buf, sizeof(buf));
  if (in.bad()) return false;

  if (strncmp(buf, kPEMBegin.c_str(), kPEMBegin.size())) return false;

  std::string value = "";
  for (;;) {
    in.getline(buf, sizeof(buf));
    if (in.bad()) return false;

    if (!strncmp(buf, kPEMEnd.c_str(), kPEMEnd.size())) break;

    value += buf;
  }

  // Now we have a base64-encoded block.
  if (!NSSBase64_DecodeBuffer(nullptr, item, value.c_str(), value.size()))
    return false;

  return true;
}

SECKEYPrivateKey* ReadPrivateKey(const std::string& file) {
  SECItem item = {siBuffer, nullptr, 0};

  if (!ReadPEMFile(file, &item)) return nullptr;
  SECKEYPrivateKey* privkey = NULL;
  PK11SlotInfo* slot = PK11_GetInternalSlot();
  SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
      slot, &item, nullptr, nullptr, PR_FALSE, PR_FALSE,
      KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT | KU_DIGITAL_SIGNATURE,
      &privkey, nullptr);
  PK11_FreeSlot(slot);
  SECITEM_FreeItem(&item, PR_FALSE);
  if (rv != SECSuccess) {
    // This is probably due to this being an ECDSA key (Bug 1295121).
    std::cerr << "Couldn't import key " << PORT_ErrorToString(PORT_GetError())
              << "\n";
    return nullptr;
  }

  return privkey;
}

CERTCertificate* ReadCertificate(const std::string& file) {
  SECItem item = {siBuffer, nullptr, 0};

  if (!ReadPEMFile(file, &item)) return nullptr;

  CERTCertificate* cert = CERT_NewTempCertificate(
      CERT_GetDefaultCertDB(), &item, NULL, PR_FALSE, PR_TRUE);
  SECITEM_FreeItem(&item, PR_FALSE);
  return cert;
}