OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_X509_UTIL_H_ | 5 #ifndef NET_CERT_X509_UTIL_H_ |
6 #define NET_CERT_X509_UTIL_H_ | 6 #define NET_CERT_X509_UTIL_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/memory/ref_counted.h" | 10 #include "base/memory/ref_counted.h" |
(...skipping 19 matching lines...) Expand all Loading... |
30 }; | 30 }; |
31 | 31 |
32 // Returns true if the times can be used to create an X.509 certificate. | 32 // Returns true if the times can be used to create an X.509 certificate. |
33 // Certificates can accept dates from Jan 1st, 1 to Dec 31, 9999. A bug in NSS | 33 // Certificates can accept dates from Jan 1st, 1 to Dec 31, 9999. A bug in NSS |
34 // limited the range to 1950-9999 | 34 // limited the range to 1950-9999 |
35 // (https://bugzilla.mozilla.org/show_bug.cgi?id=786531). This function will | 35 // (https://bugzilla.mozilla.org/show_bug.cgi?id=786531). This function will |
36 // return whether it is supported by the currently used crypto library. | 36 // return whether it is supported by the currently used crypto library. |
37 NET_EXPORT_PRIVATE bool IsSupportedValidityRange(base::Time not_valid_before, | 37 NET_EXPORT_PRIVATE bool IsSupportedValidityRange(base::Time not_valid_before, |
38 base::Time not_valid_after); | 38 base::Time not_valid_after); |
39 | 39 |
40 // Creates a private keypair and server bound certificate. | |
41 // Domain, serial number and validity period are given as | |
42 // parameters. The certificate is signed by the private key in |key|. | |
43 // The signature algorithm may be updated periodically to match best practices. | |
44 // | |
45 // See Internet Draft draft-balfanz-tls-obc-00 for more details: | |
46 // http://tools.ietf.org/html/draft-balfanz-tls-obc-00 | |
47 NET_EXPORT_PRIVATE bool CreateKeyAndChannelIDEC( | |
48 const std::string& domain, | |
49 uint32 serial_number, | |
50 base::Time not_valid_before, | |
51 base::Time not_valid_after, | |
52 scoped_ptr<crypto::ECPrivateKey>* key, | |
53 std::string* der_cert); | |
54 | |
55 // Helper function for CreateKeyAndChannelIDEC. | |
56 NET_EXPORT_PRIVATE bool CreateChannelIDEC(crypto::ECPrivateKey* key, | |
57 DigestAlgorithm alg, | |
58 const std::string& domain, | |
59 uint32 serial_number, | |
60 base::Time not_valid_before, | |
61 base::Time not_valid_after, | |
62 std::string* der_cert); | |
63 | |
64 // Creates a public-private keypair and a self-signed certificate. | 40 // Creates a public-private keypair and a self-signed certificate. |
65 // Subject, serial number and validity period are given as parameters. | 41 // Subject, serial number and validity period are given as parameters. |
66 // The certificate is signed by the private key in |key|. The key length and | 42 // The certificate is signed by the private key in |key|. The key length and |
67 // signature algorithm may be updated periodically to match best practices. | 43 // signature algorithm may be updated periodically to match best practices. |
68 // | 44 // |
69 // |subject| is a distinguished name defined in RFC4514 with _only_ a CN | 45 // |subject| is a distinguished name defined in RFC4514 with _only_ a CN |
70 // component, as in: | 46 // component, as in: |
71 // CN=Michael Wong | 47 // CN=Michael Wong |
72 // | 48 // |
73 // SECURITY WARNING | 49 // SECURITY WARNING |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
117 | 93 |
118 private: | 94 private: |
119 base::Time now_; | 95 base::Time now_; |
120 }; | 96 }; |
121 | 97 |
122 } // namespace x509_util | 98 } // namespace x509_util |
123 | 99 |
124 } // namespace net | 100 } // namespace net |
125 | 101 |
126 #endif // NET_CERT_X509_UTIL_H_ | 102 #endif // NET_CERT_X509_UTIL_H_ |
OLD | NEW |