net/cert/x509_util.h - Issue 16158005: Adds CreateSelfSignedCertEC to x509_util.h in preparation of persistent DTLS identity store for Web…

Side by Side Diff: net/cert/x509_util.h

Issue 16158005: Adds CreateSelfSignedCertEC to x509_util.h in preparation of persistent DTLS identity store for Web… (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 7 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef NET_CERT_X509_UTIL_H_	5 #ifndef NET_CERT_X509_UTIL_H_

6 #define NET_CERT_X509_UTIL_H_	6 #define NET_CERT_X509_UTIL_H_

7	7

8 #include <string>	8 #include <string>

9	9

10 #include "base/memory/ref_counted.h"	10 #include "base/memory/ref_counted.h"

(...skipping 26 matching lines...) Expand all Loading...
37 // See Internet Draft draft-balfanz-tls-obc-00 for more details:	37 // See Internet Draft draft-balfanz-tls-obc-00 for more details:

38 // http://tools.ietf.org/html/draft-balfanz-tls-obc-00	38 // http://tools.ietf.org/html/draft-balfanz-tls-obc-00

39 NET_EXPORT_PRIVATE bool CreateDomainBoundCertEC(	39 NET_EXPORT_PRIVATE bool CreateDomainBoundCertEC(

40 crypto::ECPrivateKey* key,	40 crypto::ECPrivateKey* key,

41 const std::string& domain,	41 const std::string& domain,

42 uint32 serial_number,	42 uint32 serial_number,

43 base::Time not_valid_before,	43 base::Time not_valid_before,

44 base::Time not_valid_after,	44 base::Time not_valid_after,

45 std::string* der_cert);	45 std::string* der_cert);

46	46

	47 // Creates a self-signed certificate containing the public key in \|key\|.

	48 // Subject, serial number and validity period are given as parameters.

	49 // The certificate is signed by \|private_key\|.

	50 // The hashing algorithm for the signature is SHA-1.

	51 // \|subject\| is a distinguished name defined in RFC4514.
	Ryan Sleevi 2013/06/06 23:26:15 API DESIGN: Introducing a dependency on RFC4514 is API DESIGN: Introducing a dependency on RFC4514 is not good. Further, it's not even what NSS supports - NSS is based on RFC 1485/1779/2253 If you're just passing common name, let's just call it common name and treat it as that. jiayl 2013/06/06 23:45:37 Done. Show quoted text On 2013/06/06 23:26:15, Ryan Sleevi wrote: > API DESIGN: Introducing a dependency on RFC4514 is not good. > > Further, it's not even what NSS supports - NSS is based on RFC 1485/1779/2253 > > If you're just passing common name, let's just call it common name and treat it > as that. Done.
	52 NET_EXPORT_PRIVATE bool CreateSelfSignedCertEC(

	53 crypto::ECPrivateKey* key,

	54 const std::string& subject,

	55 uint32 serial_number,

	56 base::Time not_valid_before,

	57 base::Time not_valid_after,

	58 std::string* der_cert);

	59

47 // Comparator for use in STL algorithms that will sort client certificates by	60 // Comparator for use in STL algorithms that will sort client certificates by

48 // order of preference.	61 // order of preference.

49 // Returns true if \|a\| is more preferable than \|b\|, allowing it to be used	62 // Returns true if \|a\| is more preferable than \|b\|, allowing it to be used

50 // with any algorithm that compares according to strict weak ordering.	63 // with any algorithm that compares according to strict weak ordering.

51 //	64 //

52 // Criteria include:	65 // Criteria include:

53 // - Prefer certificates that have a longer validity period (later	66 // - Prefer certificates that have a longer validity period (later

54 // expiration dates)	67 // expiration dates)

55 // - If equal, prefer certificates that were issued more recently	68 // - If equal, prefer certificates that were issued more recently

56 // - If equal, prefer shorter chains (if available)	69 // - If equal, prefer shorter chains (if available)

57 class NET_EXPORT_PRIVATE ClientCertSorter {	70 class NET_EXPORT_PRIVATE ClientCertSorter {

58 public:	71 public:

59 ClientCertSorter();	72 ClientCertSorter();

60	73

61 bool operator()(	74 bool operator()(

62 const scoped_refptr<X509Certificate>& a,	75 const scoped_refptr<X509Certificate>& a,

63 const scoped_refptr<X509Certificate>& b) const;	76 const scoped_refptr<X509Certificate>& b) const;

64	77

65 private:	78 private:

66 base::Time now_;	79 base::Time now_;

67 };	80 };

68	81

69 } // namespace x509_util	82 } // namespace x509_util

70	83

71 } // namespace net	84 } // namespace net

72	85

73 #endif // NET_CERT_X509_UTIL_H_	86 #endif // NET_CERT_X509_UTIL_H_

OLD	NEW

« no previous file with comments | « no previous file | net/cert/x509_util_nss.cc » ('j') | net/cert/x509_util_nss.cc » ('J')