Index: net/ssl/channel_id_service.h |
diff --git a/net/ssl/channel_id_service.h b/net/ssl/channel_id_service.h |
index f1d0ab966f941c29fd25a32c7cbd38ea89ad7917..b3a17ba36473a59ce4b7088aa3082fca202a4bf7 100644 |
--- a/net/ssl/channel_id_service.h |
+++ b/net/ssl/channel_id_service.h |
@@ -14,6 +14,7 @@ |
#include "base/memory/weak_ptr.h" |
#include "base/threading/non_thread_safe.h" |
#include "base/time/time.h" |
+#include "crypto/ec_private_key.h" |
Ryan Sleevi
2015/04/15 22:50:02
You can fully forward-declare this object in this
nharper
2015/04/25 02:59:20
Done.
|
#include "net/base/completion_callback.h" |
#include "net/base/net_export.h" |
#include "net/ssl/channel_id_store.h" |
@@ -106,12 +107,10 @@ class NET_EXPORT ChannelIDService |
// |*out_req| will be initialized with a handle to the async request. This |
// RequestHandle object must be cancelled or destroyed before the |
// ChannelIDService is destroyed. |
- int GetOrCreateChannelID( |
- const std::string& host, |
- std::string* private_key, |
- std::string* cert, |
- const CompletionCallback& callback, |
- RequestHandle* out_req); |
+ int GetOrCreateChannelID(const std::string& host, |
+ scoped_ptr<crypto::ECPrivateKey>* key, |
+ const CompletionCallback& callback, |
+ RequestHandle* out_req); |
// Fetches the domain bound cert for the specified host if one exists. |
// Returns OK if successful, ERR_FILE_NOT_FOUND if none exists, or an error |
@@ -131,12 +130,10 @@ class NET_EXPORT ChannelIDService |
// |*out_req| will be initialized with a handle to the async request. This |
// RequestHandle object must be cancelled or destroyed before the |
// ChannelIDService is destroyed. |
- int GetChannelID( |
- const std::string& host, |
- std::string* private_key, |
- std::string* cert, |
- const CompletionCallback& callback, |
- RequestHandle* out_req); |
+ int GetChannelID(const std::string& host, |
+ scoped_ptr<crypto::ECPrivateKey>* key, |
+ const CompletionCallback& callback, |
+ RequestHandle* out_req); |
// Returns the backing ChannelIDStore. |
ChannelIDStore* GetChannelIDStore(); |
@@ -144,7 +141,7 @@ class NET_EXPORT ChannelIDService |
// Public only for unit testing. |
int cert_count(); |
uint64 requests() const { return requests_; } |
- uint64 cert_store_hits() const { return cert_store_hits_; } |
+ uint64 key_store_hits() const { return key_store_hits_; } |
uint64 inflight_joins() const { return inflight_joins_; } |
uint64 workers_created() const { return workers_created_; } |
@@ -156,9 +153,8 @@ class NET_EXPORT ChannelIDService |
void GotChannelID(int err, |
const std::string& server_identifier, |
- base::Time expiration_time, |
- const std::string& key, |
- const std::string& cert); |
+ const std::string& private_key, |
+ const std::string& public_key); |
void GeneratedChannelID( |
const std::string& server_identifier, |
int error, |
@@ -166,15 +162,14 @@ class NET_EXPORT ChannelIDService |
void HandleResult(int error, |
const std::string& server_identifier, |
const std::string& private_key, |
- const std::string& cert); |
+ const std::string& public_key); |
// Searches for an in-flight request for the same domain. If found, |
// attaches to the request and returns true. Returns false if no in-flight |
// request is found. |
bool JoinToInFlightRequest(const base::TimeTicks& request_start, |
const std::string& domain, |
- std::string* private_key, |
- std::string* cert, |
+ scoped_ptr<crypto::ECPrivateKey>* key, |
bool create_if_missing, |
const CompletionCallback& callback, |
RequestHandle* out_req); |
@@ -185,8 +180,7 @@ class NET_EXPORT ChannelIDService |
// failure (including failure to find a domain-bound cert of |domain|). |
int LookupChannelID(const base::TimeTicks& request_start, |
const std::string& domain, |
- std::string* private_key, |
- std::string* cert, |
+ scoped_ptr<crypto::ECPrivateKey>* key, |
bool create_if_missing, |
const CompletionCallback& callback, |
RequestHandle* out_req); |
@@ -199,7 +193,7 @@ class NET_EXPORT ChannelIDService |
std::map<std::string, ChannelIDServiceJob*> inflight_; |
uint64 requests_; |
- uint64 cert_store_hits_; |
+ uint64 key_store_hits_; |
uint64 inflight_joins_; |
uint64 workers_created_; |
@@ -210,6 +204,27 @@ class NET_EXPORT ChannelIDService |
DISALLOW_COPY_AND_ASSIGN(ChannelIDService); |
}; |
+// Exports the public and private keys from the provided crypto::ECPrivateKey |
+// |key| and writes them to |public_key| and |private_key|. If there's an error |
+// calling ExportEncryptedPrivateKey or ExportPublicKey on the ECPrivateKey, |
+// then this function returns ERR_PRIVATE_KEY_EXPORT_FAILED. Otherwise it |
+// returns OK. |
+// |
+// This function is only exposed here so that it can be used in unittests. |
+NET_EXPORT_PRIVATE int ExportKeypair(scoped_ptr<crypto::ECPrivateKey>& key, |
+ std::string* public_key, |
+ std::string* private_key); |
+ |
+// This function is the opposite of ExportKeypair. It takes DER encoded public |
+// and private keys |public_key| and |private_key| and creates a |
+// crypto::ECPrivateKey. If there is an issue creating the crypto::ECPrivateKey, |
+// this function returns ERR_UNEXPECTED. Otherwise it returns OK. |
+// |
+// This function is only exposed here so that it can be used in unittests. |
+NET_EXPORT_PRIVATE int CreateECPrivateKeyFromSerializedKey( |
Ryan Sleevi
2015/04/15 22:50:02
If these are only for testing, does it make more s
nharper
2015/04/25 02:59:20
If these functions stay as they are, then yes it m
|
+ const std::string& public_key, |
+ const std::string& private_key, |
+ scoped_ptr<crypto::ECPrivateKey>* key_out); |
} // namespace net |
#endif // NET_SSL_CHANNEL_ID_SERVICE_H_ |