Sign self-signed certs with SHA256.

content/browser/media/webrtc_identity_store.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/media/webrtc_identity_store.h"
 
 #include <map>
 
 #include "base/bind.h"
 #include "base/callback_helpers.h"
@@ skipping 21 matching lines @@
 };
 
 // Generates a new identity using |common_name| which expires after
 // |validity_period| and returns the result in |result|.
 static void GenerateIdentityWorker(const std::string& common_name,
                                    base::TimeDelta validity_period,
                                    WebRTCIdentityRequestResult* result) {
   result->error = net::OK;
   int serial_number = base::RandInt(0, std::numeric_limits<int>::max());
 
-  scoped_ptr<crypto::RSAPrivateKey> key(crypto::RSAPrivateKey::Create(1024));
-  if (!key.get()) {
-    DLOG(ERROR) << "Unable to create key pair for client";
-    result->error = net::ERR_KEY_GENERATION_FAILED;
-    return;
-  }
+  scoped_ptr<crypto::RSAPrivateKey> key;
+  base::Time now = base::Time::Now();
+  bool success = net::x509_util::CreateKeyAndSelfSignedCert(

[Ami GONE FROM CHROMIUM, 2013/10/30 19:21:57]

Does this CL change what used to be signed with SHA1 to being signed with
SHA256?  If so, is that a problem for cached identities?  Please get jiayl@'s
signoff on this part of this CL.

[bemasc, 2013/10/30 19:30:49]

This CL is intended not to re-sign any old keys using SHA256.  In the case of
webrtc, the code being replaced here both generates a new keypair and signs the
certificate.  Pre-existing keys should not be affected.

+      "CN=" + common_name,
+      serial_number,
+      now,
+      now + validity_period,
+      &key,
+      &result->certificate);
 
-  base::Time now = base::Time::Now();
-  bool success = net::x509_util::CreateSelfSignedCert(key.get(),
-                                                      "CN=" + common_name,
-                                                      serial_number,
-                                                      now,
-                                                      now + validity_period,
-                                                      &result->certificate);
   if (!success) {
     DLOG(ERROR) << "Unable to create x509 cert for client";
     result->error = net::ERR_SELF_SIGNED_CERT_GENERATION_FAILED;
     return;
   }
 
   std::vector<uint8> private_key_info;
   if (!key->ExportPrivateKey(&private_key_info)) {
     DLOG(ERROR) << "Unable to export private key";
     result->error = net::ERR_PRIVATE_KEY_EXPORT_FAILED;
@@ skipping 244 matching lines @@
     if (in_flight_requests_[i]->origin_ == origin &&
         in_flight_requests_[i]->identity_name_ == identity_name &&
         in_flight_requests_[i]->common_name_ == common_name) {
       return in_flight_requests_[i];
     }
   }
   return NULL;
 }
 
 }  // namespace content