diff options
| author | hclam@chromium.org <hclam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-12-17 21:13:16 +0000 |
|---|---|---|
| committer | hclam@chromium.org <hclam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-12-17 21:13:16 +0000 |
| commit | 56f2ec39bd6be763b9493eff17bf4a359b97be68 (patch) | |
| tree | 0ca82de141503d2f2ff749e7621b3e72e04582c2 /net/base/x509_certificate.h | |
| parent | 0e043d1a747de34d49b525282929038bb92048dd (diff) | |
| download | chromium_src-56f2ec39bd6be763b9493eff17bf4a359b97be68.zip chromium_src-56f2ec39bd6be763b9493eff17bf4a359b97be68.tar.gz chromium_src-56f2ec39bd6be763b9493eff17bf4a359b97be68.tar.bz2 | |
Create self signed X509 certificate
In order to run a SSL server certificate and private key is needed. In the case
of Chromoting the first step is to use self signed cert. This change allows to
issue self signed cert. This is only implemented in NSS.
BUG=None
TEST=net_unittests
Review URL: http://codereview.chromium.org/5754001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@69573 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/x509_certificate.h')
| -rw-r--r-- | net/base/x509_certificate.h | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h index 89bf476..349a08c 100644 --- a/net/base/x509_certificate.h +++ b/net/base/x509_certificate.h @@ -36,6 +36,10 @@ struct CERTCertificateStr; class Pickle; +namespace base { +class RSAPrivateKey; +} // namespace base + namespace net { class CertVerifyResult; @@ -148,6 +152,31 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { int length, int format); +#if defined(USE_NSS) + // Create a self-signed certificate containing the public key in |key|. + // Subject, serial number and validity period are given as parameters. + // The certificate is signed by the private key in |key|. The hashing + // algorithm for the signature is SHA-1. + // + // |subject| is a distinguished name defined in RFC4514. + // + // An example: + // CN=Michael Wong,O=FooBar Corporation,DC=foobar,DC=com + // + // SECURUITY WARNING + // + // Using self-signed certificates has the following security risks: + // 1. Encryption without authentication and thus vulnerable to + // man-in-the-middle attacks. + // 2. Self-signed certificates cannot be revoked. + // + // Use this certificate only after the above risks are acknowledged. + static X509Certificate* CreateSelfSigned(base::RSAPrivateKey* key, + const std::string& subject, + uint32 serial_number, + base::TimeDelta valid_duration); +#endif + // Creates a X509Certificate from the ground up. Used by tests that simulate // SSL connections. X509Certificate(const std::string& subject, const std::string& issuer, |