Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(275)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/server_bound_cert_service.cc

Issue 27832002: Sign self-signed certs with SHA256. (Closed) Base URL: https://src.chromium.org/chrome/trunk/src/
Patch Set: Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/chromeos/attestation/attestation_policy_observer_unittest.cc ('K') | « net/cert/x509_util_unittest.cc ('k') | remoting/base/rsa_key_pair.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/server_bound_cert_service.h" 5 #include "net/ssl/server_bound_cert_service.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <limits> 8 #include <limits>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after
91 uint32 serial_number, 91 uint32 serial_number,
92 int* error) { 92 int* error) {
93 scoped_ptr<ServerBoundCertStore::ServerBoundCert> result; 93 scoped_ptr<ServerBoundCertStore::ServerBoundCert> result;
94 94
95 base::TimeTicks start = base::TimeTicks::Now(); 95 base::TimeTicks start = base::TimeTicks::Now();
96 base::Time not_valid_before = base::Time::Now(); 96 base::Time not_valid_before = base::Time::Now();
97 base::Time not_valid_after = 97 base::Time not_valid_after =
98 not_valid_before + base::TimeDelta::FromDays(kValidityPeriodInDays); 98 not_valid_before + base::TimeDelta::FromDays(kValidityPeriodInDays);
99 std::string der_cert; 99 std::string der_cert;
100 std::vector<uint8> private_key_info; 100 std::vector<uint8> private_key_info;
101 scoped_ptr<crypto::ECPrivateKey> key(crypto::ECPrivateKey::Create()); 101 crypto::ECPrivateKey* raw_key;
102 if (!key.get()) { 102 if (!x509_util::CreateKeyAndDomainBoundCertEC(server_identifier,
103 DLOG(ERROR) << "Unable to create key pair for client"; 103 serial_number,
104 *error = ERR_KEY_GENERATION_FAILED; 104 not_valid_before,
105 return result.Pass(); 105 not_valid_after,
106 } 106 &raw_key,
107 if (!x509_util::CreateDomainBoundCertEC(key.get(), server_identifier, 107 &der_cert)) {
108 serial_number, not_valid_before,
109 not_valid_after, &der_cert)) {
110 DLOG(ERROR) << "Unable to create x509 cert for client"; 108 DLOG(ERROR) << "Unable to create x509 cert for client";
111 *error = ERR_ORIGIN_BOUND_CERT_GENERATION_FAILED; 109 *error = ERR_ORIGIN_BOUND_CERT_GENERATION_FAILED;
112 return result.Pass(); 110 return result.Pass();
113 } 111 }
114 112
113 scoped_ptr<crypto::ECPrivateKey> key(raw_key);
114
115 if (!key->ExportEncryptedPrivateKey(ServerBoundCertService::kEPKIPassword, 115 if (!key->ExportEncryptedPrivateKey(ServerBoundCertService::kEPKIPassword,
116 1, &private_key_info)) { 116 1, &private_key_info)) {
117 DLOG(ERROR) << "Unable to export private key"; 117 DLOG(ERROR) << "Unable to export private key";
118 *error = ERR_PRIVATE_KEY_EXPORT_FAILED; 118 *error = ERR_PRIVATE_KEY_EXPORT_FAILED;
119 return result.Pass(); 119 return result.Pass();
120 } 120 }
121 121
122 // TODO(rkn): Perhaps ExportPrivateKey should be changed to output a 122 // TODO(rkn): Perhaps ExportPrivateKey should be changed to output a
123 // std::string* to prevent this copying. 123 // std::string* to prevent this copying.
124 std::string key_out(private_key_info.begin(), private_key_info.end()); 124 std::string key_out(private_key_info.begin(), private_key_info.end());
(...skipping 544 matching lines...) Expand 10 before | Expand all | Expand 10 after
669 } 669 }
670 670
671 return err; 671 return err;
672 } 672 }
673 673
674 int ServerBoundCertService::cert_count() { 674 int ServerBoundCertService::cert_count() {
675 return server_bound_cert_store_->GetCertCount(); 675 return server_bound_cert_store_->GetCertCount();
676 } 676 }
677 677
678 } // namespace net 678 } // namespace net
OLDNEW
« chrome/browser/chromeos/attestation/attestation_policy_observer_unittest.cc ('K') | « net/cert/x509_util_unittest.cc ('k') | remoting/base/rsa_key_pair.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698