| Index: net/cert/x509_util_nss.cc
|
| ===================================================================
|
| --- net/cert/x509_util_nss.cc (revision 228925)
|
| +++ net/cert/x509_util_nss.cc (working copy)
|
| @@ -134,6 +134,19 @@
|
| return cert;
|
| }
|
|
|
| +SECOidTag HashAlgorithmToIdTag(crypto::HMAC::HashAlgorithm alg) {
|
| + SECOidTag id_tag = SEC_OID_UNKNOWN;
|
| + switch (alg) {
|
| + case crypto::HMAC::SHA1:
|
| + id_tag = SEC_OID_SHA1;
|
| + break;
|
| + case crypto::HMAC::SHA256:
|
| + id_tag = SEC_OID_SHA256;
|
| + break;
|
| + }
|
| + return id_tag;
|
| +}
|
| +
|
| // Signs a certificate object, with |key| generating a new X509Certificate
|
| // and destroying the passed certificate object (even when NULL is returned).
|
| // The logic of this method references SignCert() in NSS utility certutil:
|
| @@ -142,11 +155,11 @@
|
| // certificate signing process.
|
| bool SignCertificate(
|
| CERTCertificate* cert,
|
| - SECKEYPrivateKey* key) {
|
| + SECKEYPrivateKey* key,
|
| + SECOidTag alg_id_tag) {
|
| // |arena| is used to encode the cert.
|
| PLArenaPool* arena = cert->arena;
|
| - SECOidTag algo_id = SEC_GetSignatureAlgorithmOidTag(key->keyType,
|
| - SEC_OID_SHA1);
|
| + SECOidTag algo_id = SEC_GetSignatureAlgorithmOidTag(key->keyType, alg_id_tag);
|
| if (algo_id == SEC_OID_UNKNOWN)
|
| return false;
|
|
|
| @@ -239,12 +252,13 @@
|
|
|
| namespace x509_util {
|
|
|
| -bool CreateSelfSignedCert(crypto::RSAPrivateKey* key,
|
| - const std::string& subject,
|
| - uint32 serial_number,
|
| - base::Time not_valid_before,
|
| - base::Time not_valid_after,
|
| - std::string* der_cert) {
|
| +bool CreateSelfSignedCertInternal(crypto::RSAPrivateKey* key,
|
| + crypto::HMAC::HashAlgorithm alg,
|
| + const std::string& subject,
|
| + uint32 serial_number,
|
| + base::Time not_valid_before,
|
| + base::Time not_valid_after,
|
| + std::string* der_cert) {
|
| DCHECK(key);
|
| CERTCertificate* cert = CreateCertificate(key->public_key(),
|
| subject,
|
| @@ -254,7 +268,7 @@
|
| if (!cert)
|
| return false;
|
|
|
| - if (!SignCertificate(cert, key->key())) {
|
| + if (!SignCertificate(cert, key->key(), HashAlgorithmToIdTag(alg))) {
|
| CERT_DestroyCertificate(cert);
|
| return false;
|
| }
|
| @@ -278,12 +292,13 @@
|
| return true;
|
| }
|
|
|
| -bool CreateDomainBoundCertEC(crypto::ECPrivateKey* key,
|
| - const std::string& domain,
|
| - uint32 serial_number,
|
| - base::Time not_valid_before,
|
| - base::Time not_valid_after,
|
| - std::string* der_cert) {
|
| +bool CreateDomainBoundCertECInternal(crypto::ECPrivateKey* key,
|
| + crypto::HMAC::HashAlgorithm alg,
|
| + const std::string& domain,
|
| + uint32 serial_number,
|
| + base::Time not_valid_before,
|
| + base::Time not_valid_after,
|
| + std::string* der_cert) {
|
| DCHECK(key);
|
|
|
| CERTCertificate* cert = CreateCertificate(key->public_key(),
|
| @@ -340,7 +355,7 @@
|
| return false;
|
| }
|
|
|
| - if (!SignCertificate(cert, key->key())) {
|
| + if (!SignCertificate(cert, key->key(), HashAlgorithmToIdTag(alg))) {
|
| CERT_DestroyCertificate(cert);
|
| return false;
|
| }
|
|
|
Chromium Code Reviews
Issue 27832002:
Sign self-signed certs with SHA256. (Closed)
Base URL: https://src.chromium.org/chrome/trunk/src/