| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/server_bound_cert_service.h" | 5 #include "net/ssl/server_bound_cert_service.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <limits> | 8 #include <limits> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 91 uint32 serial_number, | 91 uint32 serial_number, |
| 92 int* error) { | 92 int* error) { |
| 93 scoped_ptr<ServerBoundCertStore::ServerBoundCert> result; | 93 scoped_ptr<ServerBoundCertStore::ServerBoundCert> result; |
| 94 | 94 |
| 95 base::TimeTicks start = base::TimeTicks::Now(); | 95 base::TimeTicks start = base::TimeTicks::Now(); |
| 96 base::Time not_valid_before = base::Time::Now(); | 96 base::Time not_valid_before = base::Time::Now(); |
| 97 base::Time not_valid_after = | 97 base::Time not_valid_after = |
| 98 not_valid_before + base::TimeDelta::FromDays(kValidityPeriodInDays); | 98 not_valid_before + base::TimeDelta::FromDays(kValidityPeriodInDays); |
| 99 std::string der_cert; | 99 std::string der_cert; |
| 100 std::vector<uint8> private_key_info; | 100 std::vector<uint8> private_key_info; |
| 101 scoped_ptr<crypto::ECPrivateKey> key(crypto::ECPrivateKey::Create()); | 101 scoped_ptr<crypto::ECPrivateKey> key; |
| 102 if (!key.get()) { | 102 if (!x509_util::CreateKeyAndDomainBoundCertEC(server_identifier, |
| 103 DLOG(ERROR) << "Unable to create key pair for client"; | 103 serial_number, |
| 104 *error = ERR_KEY_GENERATION_FAILED; | 104 not_valid_before, |
| 105 return result.Pass(); | 105 not_valid_after, |
| 106 } | 106 &key, |
| 107 if (!x509_util::CreateDomainBoundCertEC(key.get(), server_identifier, | 107 &der_cert)) { |
| 108 serial_number, not_valid_before, | |
| 109 not_valid_after, &der_cert)) { | |
| 110 DLOG(ERROR) << "Unable to create x509 cert for client"; | 108 DLOG(ERROR) << "Unable to create x509 cert for client"; |
| 111 *error = ERR_ORIGIN_BOUND_CERT_GENERATION_FAILED; | 109 *error = ERR_ORIGIN_BOUND_CERT_GENERATION_FAILED; |
| 112 return result.Pass(); | 110 return result.Pass(); |
| 113 } | 111 } |
| 114 | 112 |
| 115 if (!key->ExportEncryptedPrivateKey(ServerBoundCertService::kEPKIPassword, | 113 if (!key->ExportEncryptedPrivateKey(ServerBoundCertService::kEPKIPassword, |
| 116 1, &private_key_info)) { | 114 1, &private_key_info)) { |
| 117 DLOG(ERROR) << "Unable to export private key"; | 115 DLOG(ERROR) << "Unable to export private key"; |
| 118 *error = ERR_PRIVATE_KEY_EXPORT_FAILED; | 116 *error = ERR_PRIVATE_KEY_EXPORT_FAILED; |
| 119 return result.Pass(); | 117 return result.Pass(); |
| (...skipping 549 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 669 } | 667 } |
| 670 | 668 |
| 671 return err; | 669 return err; |
| 672 } | 670 } |
| 673 | 671 |
| 674 int ServerBoundCertService::cert_count() { | 672 int ServerBoundCertService::cert_count() { |
| 675 return server_bound_cert_store_->GetCertCount(); | 673 return server_bound_cert_store_->GetCertCount(); |
| 676 } | 674 } |
| 677 | 675 |
| 678 } // namespace net | 676 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 27832002:
Sign self-signed certs with SHA256. (Closed)
Base URL: https://src.chromium.org/chrome/trunk/src/