| Index: net/ssl/channel_id_service.h
|
| diff --git a/net/ssl/channel_id_service.h b/net/ssl/channel_id_service.h
|
| index f1d0ab966f941c29fd25a32c7cbd38ea89ad7917..aec463e957be75484442e4c93c89ef75eeaaa474 100644
|
| --- a/net/ssl/channel_id_service.h
|
| +++ b/net/ssl/channel_id_service.h
|
| @@ -22,6 +22,10 @@ namespace base {
|
| class TaskRunner;
|
| }
|
|
|
| +namespace crypto {
|
| +class ECPrivateKey;
|
| +}
|
| +
|
| namespace net {
|
|
|
| class ChannelIDServiceJob;
|
| @@ -85,12 +89,6 @@ class NET_EXPORT ChannelIDService
|
| // the origin otherwise.
|
| static std::string GetDomainForHost(const std::string& host);
|
|
|
| - // Tests whether the system time is within the supported range for
|
| - // certificate generation. This value is cached when ChannelIDService
|
| - // is created, so if the system time is changed by a huge amount, this may no
|
| - // longer hold.
|
| - bool IsSystemTimeValid() const { return is_system_time_valid_; }
|
| -
|
| // Fetches the domain bound cert for the specified host if one exists and
|
| // creates one otherwise. Returns OK if successful or an error code upon
|
| // failure.
|
| @@ -106,12 +104,10 @@ class NET_EXPORT ChannelIDService
|
| // |*out_req| will be initialized with a handle to the async request. This
|
| // RequestHandle object must be cancelled or destroyed before the
|
| // ChannelIDService is destroyed.
|
| - int GetOrCreateChannelID(
|
| - const std::string& host,
|
| - std::string* private_key,
|
| - std::string* cert,
|
| - const CompletionCallback& callback,
|
| - RequestHandle* out_req);
|
| + int GetOrCreateChannelID(const std::string& host,
|
| + scoped_ptr<crypto::ECPrivateKey>* key,
|
| + const CompletionCallback& callback,
|
| + RequestHandle* out_req);
|
|
|
| // Fetches the domain bound cert for the specified host if one exists.
|
| // Returns OK if successful, ERR_FILE_NOT_FOUND if none exists, or an error
|
| @@ -131,12 +127,10 @@ class NET_EXPORT ChannelIDService
|
| // |*out_req| will be initialized with a handle to the async request. This
|
| // RequestHandle object must be cancelled or destroyed before the
|
| // ChannelIDService is destroyed.
|
| - int GetChannelID(
|
| - const std::string& host,
|
| - std::string* private_key,
|
| - std::string* cert,
|
| - const CompletionCallback& callback,
|
| - RequestHandle* out_req);
|
| + int GetChannelID(const std::string& host,
|
| + scoped_ptr<crypto::ECPrivateKey>* key,
|
| + const CompletionCallback& callback,
|
| + RequestHandle* out_req);
|
|
|
| // Returns the backing ChannelIDStore.
|
| ChannelIDStore* GetChannelIDStore();
|
| @@ -144,7 +138,7 @@ class NET_EXPORT ChannelIDService
|
| // Public only for unit testing.
|
| int cert_count();
|
| uint64 requests() const { return requests_; }
|
| - uint64 cert_store_hits() const { return cert_store_hits_; }
|
| + uint64 key_store_hits() const { return key_store_hits_; }
|
| uint64 inflight_joins() const { return inflight_joins_; }
|
| uint64 workers_created() const { return workers_created_; }
|
|
|
| @@ -156,9 +150,8 @@ class NET_EXPORT ChannelIDService
|
|
|
| void GotChannelID(int err,
|
| const std::string& server_identifier,
|
| - base::Time expiration_time,
|
| - const std::string& key,
|
| - const std::string& cert);
|
| + const std::string& private_key,
|
| + const std::string& public_key);
|
| void GeneratedChannelID(
|
| const std::string& server_identifier,
|
| int error,
|
| @@ -166,15 +159,14 @@ class NET_EXPORT ChannelIDService
|
| void HandleResult(int error,
|
| const std::string& server_identifier,
|
| const std::string& private_key,
|
| - const std::string& cert);
|
| + const std::string& public_key);
|
|
|
| // Searches for an in-flight request for the same domain. If found,
|
| // attaches to the request and returns true. Returns false if no in-flight
|
| // request is found.
|
| bool JoinToInFlightRequest(const base::TimeTicks& request_start,
|
| const std::string& domain,
|
| - std::string* private_key,
|
| - std::string* cert,
|
| + scoped_ptr<crypto::ECPrivateKey>* key,
|
| bool create_if_missing,
|
| const CompletionCallback& callback,
|
| RequestHandle* out_req);
|
| @@ -185,8 +177,7 @@ class NET_EXPORT ChannelIDService
|
| // failure (including failure to find a domain-bound cert of |domain|).
|
| int LookupChannelID(const base::TimeTicks& request_start,
|
| const std::string& domain,
|
| - std::string* private_key,
|
| - std::string* cert,
|
| + scoped_ptr<crypto::ECPrivateKey>* key,
|
| bool create_if_missing,
|
| const CompletionCallback& callback,
|
| RequestHandle* out_req);
|
| @@ -199,17 +190,38 @@ class NET_EXPORT ChannelIDService
|
| std::map<std::string, ChannelIDServiceJob*> inflight_;
|
|
|
| uint64 requests_;
|
| - uint64 cert_store_hits_;
|
| + uint64 key_store_hits_;
|
| uint64 inflight_joins_;
|
| uint64 workers_created_;
|
|
|
| - bool is_system_time_valid_;
|
| -
|
| base::WeakPtrFactory<ChannelIDService> weak_ptr_factory_;
|
|
|
| DISALLOW_COPY_AND_ASSIGN(ChannelIDService);
|
| };
|
|
|
| +// This function is the opposite of ExportKeyPair. It takes DER encoded public
|
| +// and private keys |public_key| and |private_key| and creates a
|
| +// crypto::ECPrivateKey. If there is an issue creating the crypto::ECPrivateKey,
|
| +// this function returns ERR_UNEXPECTED. Otherwise it returns OK.
|
| +//
|
| +// This function is only exposed here so that it can be used in unittests.
|
| +NET_EXPORT_PRIVATE int CreateECPrivateKeyFromSerializedKey(
|
| + const std::string& public_key,
|
| + const std::string& private_key,
|
| + scoped_ptr<crypto::ECPrivateKey>* key_out);
|
| +
|
| +// Exports the public and private keys from the provided crypto::ECPrivateKey
|
| +// |key| and writes them to |public_key| and |private_key|. If there's an error
|
| +// calling ExportEncryptedPrivateKey or ExportPublicKey on the ECPrivateKey,
|
| +// then this function returns ERR_PRIVATE_KEY_EXPORT_FAILED. Otherwise it
|
| +// returns OK.
|
| +//
|
| +// This function is only exposed here so that it can be used in unittests.
|
| +NET_EXPORT_PRIVATE int ExportKeyPair(
|
| + const scoped_ptr<crypto::ECPrivateKey>& key,
|
| + std::string* public_key,
|
| + std::string* private_key);
|
| +
|
| } // namespace net
|
|
|
| #endif // NET_SSL_CHANNEL_ID_SERVICE_H_
|
|
|
Chromium Code Reviews
Issue 1076063002:
Remove certificates from Channel ID (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master