Adds CreateSelfSignedCertEC to x509_util.h in preparation of persistent DTLS identity store for Web…

net/cert/x509_util_nss.cc

Index: net/cert/x509_util_nss.cc
diff --git a/net/cert/x509_util_nss.cc b/net/cert/x509_util_nss.cc
index 66ccedda6848fcbd85d33332d200fbe7b4fb3658..c7ec15c3b81a76caa49438a077fe67a60142abb1 100644
--- a/net/cert/x509_util_nss.cc
+++ b/net/cert/x509_util_nss.cc
@@ -365,6 +365,29 @@ bool CreateDomainBoundCertEC(
                                        der_cert);
 }
 
+bool CreateSelfSignedCertEC(
+    crypto::ECPrivateKey* key,
+    const std::string& common_name,
+    uint32 serial_number,
+    base::Time not_valid_before,
+    base::Time not_valid_after,
+    std::string* der_cert) {
+  DCHECK(key);
+  CERTCertificate* cert = CreateSelfSignedCert(key->public_key(),
+                                               key->key(),
+                                               "CN=" + common_name,

[Ryan Sleevi, 2013/06/11 20:01:12]

From an API perspective, it seems better to allow the caller to specify the
subject, consistent with "CreateSelfSignedCert" - that is, don't force the CN=

This mirrors X509Certificate::CreateSelfSigned

[jiayl, 2013/06/11 20:55:21]

Done.

+                                               serial_number,
+                                               not_valid_before,
+                                               not_valid_after);
+  if (!cert)
+    return false;
+  der_cert->assign(reinterpret_cast<char*>(cert->derCert.data),
+                   cert->derCert.len);
+  CERT_DestroyCertificate(cert);
+
+  return true;
+}
+
 #if defined(USE_NSS) || defined(OS_IOS)
 void ParsePrincipal(CERTName* name, CertPrincipal* principal) {
 // Starting in NSS 3.15, CERTGetNameFunc takes a const CERTName* argument.