Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(37)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/x509_util.h

Issue 17265013: Remove platform-specific implementations of RSAPrivateKey and SignatureCreator (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix colliding serial numbers Created 7 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/cert/x509_certificate_win.cc ('k') | net/cert/x509_util_nss.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_CERT_X509_UTIL_H_ 5 #ifndef NET_CERT_X509_UTIL_H_
6 #define NET_CERT_X509_UTIL_H_ 6 #define NET_CERT_X509_UTIL_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/memory/ref_counted.h" 10 #include "base/memory/ref_counted.h"
11 #include "base/time.h" 11 #include "base/time.h"
12 #include "net/base/net_export.h" 12 #include "net/base/net_export.h"
13 13
14 namespace crypto { 14 namespace crypto {
15 class ECPrivateKey; 15 class ECPrivateKey;
16 class RSAPrivateKey;
16 } 17 }
17 18
18 namespace net { 19 namespace net {
19 20
20 class X509Certificate; 21 class X509Certificate;
21 22
22 namespace x509_util { 23 namespace x509_util {
23 24
24 // Returns true if the times can be used to create an X.509 certificate. 25 // Returns true if the times can be used to create an X.509 certificate.
25 // Certificates can accept dates from Jan 1st, 1 to Dec 31, 9999. A bug in NSS 26 // Certificates can accept dates from Jan 1st, 1 to Dec 31, 9999. A bug in NSS
(...skipping 11 matching lines...) Expand all
37 // See Internet Draft draft-balfanz-tls-obc-00 for more details: 38 // See Internet Draft draft-balfanz-tls-obc-00 for more details:
38 // http://tools.ietf.org/html/draft-balfanz-tls-obc-00 39 // http://tools.ietf.org/html/draft-balfanz-tls-obc-00
39 NET_EXPORT_PRIVATE bool CreateDomainBoundCertEC( 40 NET_EXPORT_PRIVATE bool CreateDomainBoundCertEC(
40 crypto::ECPrivateKey* key, 41 crypto::ECPrivateKey* key,
41 const std::string& domain, 42 const std::string& domain,
42 uint32 serial_number, 43 uint32 serial_number,
43 base::Time not_valid_before, 44 base::Time not_valid_before,
44 base::Time not_valid_after, 45 base::Time not_valid_after,
45 std::string* der_cert); 46 std::string* der_cert);
46 47
48 // Create a self-signed certificate containing the public key in |key|.
49 // Subject, serial number and validity period are given as parameters.
50 // The certificate is signed by the private key in |key|. The hashing
51 // algorithm for the signature is SHA-1.
52 //
53 // |subject| is a distinguished name defined in RFC4514.
54 //
55 // An example:
56 // CN=Michael Wong,O=FooBar Corporation,DC=foobar,DC=com
57 //
58 // SECURITY WARNING
59 //
60 // Using self-signed certificates has the following security risks:
61 // 1. Encryption without authentication and thus vulnerable to
62 // man-in-the-middle attacks.
63 // 2. Self-signed certificates cannot be revoked.
64 //
65 // Use this certificate only after the above risks are acknowledged.
66 NET_EXPORT bool CreateSelfSignedCert(crypto::RSAPrivateKey* key,
67 const std::string& subject,
68 uint32 serial_number,
69 base::Time not_valid_before,
70 base::Time not_valid_after,
71 std::string* der_cert);
72
47 // Comparator for use in STL algorithms that will sort client certificates by 73 // Comparator for use in STL algorithms that will sort client certificates by
48 // order of preference. 74 // order of preference.
49 // Returns true if |a| is more preferable than |b|, allowing it to be used 75 // Returns true if |a| is more preferable than |b|, allowing it to be used
50 // with any algorithm that compares according to strict weak ordering. 76 // with any algorithm that compares according to strict weak ordering.
51 // 77 //
52 // Criteria include: 78 // Criteria include:
53 // - Prefer certificates that have a longer validity period (later 79 // - Prefer certificates that have a longer validity period (later
54 // expiration dates) 80 // expiration dates)
55 // - If equal, prefer certificates that were issued more recently 81 // - If equal, prefer certificates that were issued more recently
56 // - If equal, prefer shorter chains (if available) 82 // - If equal, prefer shorter chains (if available)
57 class NET_EXPORT_PRIVATE ClientCertSorter { 83 class NET_EXPORT_PRIVATE ClientCertSorter {
58 public: 84 public:
59 ClientCertSorter(); 85 ClientCertSorter();
60 86
61 bool operator()( 87 bool operator()(
62 const scoped_refptr<X509Certificate>& a, 88 const scoped_refptr<X509Certificate>& a,
63 const scoped_refptr<X509Certificate>& b) const; 89 const scoped_refptr<X509Certificate>& b) const;
64 90
65 private: 91 private:
66 base::Time now_; 92 base::Time now_;
67 }; 93 };
68 94
69 } // namespace x509_util 95 } // namespace x509_util
70 96
71 } // namespace net 97 } // namespace net
72 98
73 #endif // NET_CERT_X509_UTIL_H_ 99 #endif // NET_CERT_X509_UTIL_H_
OLDNEW
« no previous file with comments | « net/cert/x509_certificate_win.cc ('k') | net/cert/x509_util_nss.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698