Adds CreateSelfSignedCertEC to x509_util.h in preparation of persistent DTLS identity store for Web…

net/cert/x509_util_nss.cc

Index: net/cert/x509_util_nss.cc
diff --git a/net/cert/x509_util_nss.cc b/net/cert/x509_util_nss.cc
index 66ccedda6848fcbd85d33332d200fbe7b4fb3658..f8b5e3d37cd91625f00ebec9f3e3572f290a2679 100644
--- a/net/cert/x509_util_nss.cc
+++ b/net/cert/x509_util_nss.cc
@@ -365,6 +365,30 @@ bool CreateDomainBoundCertEC(
                                        der_cert);
 }
 
+bool CreateSelfSignedCertEC(
+    crypto::ECPrivateKey* key,
+    const std::string& subject,
+    uint32 serial_number,
+    base::Time not_valid_before,
+    base::Time not_valid_after,
+    std::string* der_cert) {
+  DCHECK(key);

[Ryan Sleevi, 2013/06/06 23:26:15]

DESIGN: You probably want to be looking at IsSupportedValidityRange() to make
sure your callers are supplying valid validity periods.

[jiayl, 2013/06/06 23:45:37]

CreateCertificate already checks range validity and returns NULL cert if not
valid.

+  CERTCertificate* cert = CreateSelfSignedCert(key->public_key(),
+                                               key->key(),
+                                               subject,
+                                               serial_number,
+                                               not_valid_before,
+                                               not_valid_after);
+  if (!cert)
+    return false;
+  der_cert->assign(reinterpret_cast<char*>(cert->derCert.data),
+                   cert->derCert.len);
+  CERT_DestroyCertificate(cert);
+  cert = NULL;

[Ryan Sleevi, 2013/06/06 23:26:15]

There's no need for this "= NULL"

[jiayl, 2013/06/06 23:45:37]

Done.

+
+  return true;
+}
+
 #if defined(USE_NSS) || defined(OS_IOS)
 void ParsePrincipal(CERTName* name, CertPrincipal* principal) {
 // Starting in NSS 3.15, CERTGetNameFunc takes a const CERTName* argument.