Make some x509 functions generic; remove some fields NSS doesn't need

1 files changed, 23 insertions, 12 deletions

diff --git a/src/lib/tls/x509_nss.c b/src/lib/tls/x509_nss.c
index e0087eae6c..ac9e6658d8 100644
--- a/src/lib/tls/x509_nss.c
+++ b/src/lib/tls/x509_nss.c
@@ -17,6 +17,9 @@
 #include "lib/crypt_ops/crypto_util.h"
 #include "lib/log/util_bug.h"
 
+#include <pk11pub.h>
+#include <cert.h>
+
 MOCK_IMPL(tor_x509_cert_impl_t *,
 tor_tls_create_certificate,(crypto_pk_t *rsa,
                             crypto_pk_t *rsa_sign,
@@ -33,12 +36,27 @@ tor_tls_create_certificate,(crypto_pk_t *rsa,
   return NULL;
 }
 
-MOCK_IMPL(tor_x509_cert_t *,
-tor_x509_cert_new,(tor_x509_cert_impl_t *x509_cert))
+/** Set *<b>encoded_out</b> and *<b>size_out</b> to <b>cert</b>'s encoded DER
+ * representation and length, respectively. */
+void
+tor_x509_cert_get_der(const tor_x509_cert_t *cert,
+                 const uint8_t **encoded_out, size_t *size_out)
 {
-  tor_assert(x509_cert);
-  // XXXX
-  return NULL;
+  tor_assert(cert);
+  tor_assert(cert->cert);
+  tor_assert(encoded_out);
+  tor_assert(size_out);
+
+  const SECItem *item = &cert->cert->derCert;
+  *encoded_out = item->data;
+  *size_out = (size_t)item->len;
+}
+
+void
+tor_x509_cert_impl_free_(tor_x509_cert_impl_t *cert)
+{
+  if (cert)
+    CERT_DestroyCertificate(cert);
 }
 
 tor_x509_cert_t *
@@ -49,13 +67,6 @@ tor_x509_cert_dup(const tor_x509_cert_t *cert)
   return NULL;
 }
 
-void
-tor_x509_cert_free_(tor_x509_cert_t *cert)
-{
-  (void)cert;
-  // XXXX
-}
-
 tor_x509_cert_t *
 tor_x509_cert_decode(const uint8_t *certificate,
                      size_t certificate_len)