diff options
| author | hclam@chromium.org <hclam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-12-22 21:21:09 +0000 |
|---|---|---|
| committer | hclam@chromium.org <hclam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-12-22 21:21:09 +0000 |
| commit | 3a50f8a87d43c111e58d6e5e0cea5a4ee3c08265 (patch) | |
| tree | f3f4907bcc7087e11f7583228d1f67914d054074 /net/base/x509_certificate_win.cc | |
| parent | b7ff596d84cc3f65463e0b026a3f41402c80dd99 (diff) | |
| download | chromium_src-3a50f8a87d43c111e58d6e5e0cea5a4ee3c08265.zip chromium_src-3a50f8a87d43c111e58d6e5e0cea5a4ee3c08265.tar.gz chromium_src-3a50f8a87d43c111e58d6e5e0cea5a4ee3c08265.tar.bz2 | |
Implement X509Certificate::CreateSelfSigned on Windows
In order to run SSLServerSocketNSS on windows a self signed certificate is
needed.
BUG=None
TEST=net_unittests --gtest_filter=X509*
Review URL: http://codereview.chromium.org/6002003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@69984 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/x509_certificate_win.cc')
| -rw-r--r-- | net/base/x509_certificate_win.cc | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/net/base/x509_certificate_win.cc b/net/base/x509_certificate_win.cc index 509c6c9..568c1fd 100644 --- a/net/base/x509_certificate_win.cc +++ b/net/base/x509_certificate_win.cc @@ -4,6 +4,7 @@ #include "net/base/x509_certificate.h" +#include "base/crypto/rsa_private_key.h" #include "base/crypto/scoped_capi_types.h" #include "base/lazy_instance.h" #include "base/logging.h" @@ -501,6 +502,70 @@ X509Certificate* X509Certificate::CreateFromPickle(const Pickle& pickle, return cert; } +// static +X509Certificate* X509Certificate::CreateSelfSigned( + base::RSAPrivateKey* key, + const std::string& subject, + uint32 serial_number, + base::TimeDelta valid_duration) { + // Get the ASN.1 encoding of the certificate subject. + std::wstring w_subject = ASCIIToWide(subject); + DWORD encoded_subject_length = 0; + if (!CertStrToName( + X509_ASN_ENCODING, + const_cast<wchar_t*>(w_subject.c_str()), + CERT_X500_NAME_STR, NULL, NULL, &encoded_subject_length, NULL)) { + return NULL; + } + + scoped_array<char> encoded_subject(new char[encoded_subject_length]); + if (!CertStrToName( + X509_ASN_ENCODING, + const_cast<wchar_t*>(w_subject.c_str()), + CERT_X500_NAME_STR, NULL, + reinterpret_cast<BYTE*>(encoded_subject.get()), + &encoded_subject_length, NULL)) { + return NULL; + } + + CERT_NAME_BLOB subject_name; + memset(&subject_name, 0, sizeof(subject_name)); + subject_name.cbData = encoded_subject_length; + subject_name.pbData = reinterpret_cast<BYTE*>(encoded_subject.get()); + + CRYPT_ALGORITHM_IDENTIFIER sign_algo; + memset(&sign_algo, 0, sizeof(sign_algo)); + sign_algo.pszObjId = szOID_RSA_SHA1RSA; + + base::Time not_valid = base::Time::Now() + valid_duration; + base::Time::Exploded exploded; + not_valid.UTCExplode(&exploded); + + // Create the system time struct representing our exploded time. + SYSTEMTIME system_time; + system_time.wYear = exploded.year; + system_time.wMonth = exploded.month; + system_time.wDayOfWeek = exploded.day_of_week; + system_time.wDay = exploded.day_of_month; + system_time.wHour = exploded.hour; + system_time.wMinute = exploded.minute; + system_time.wSecond = exploded.second; + system_time.wMilliseconds = exploded.millisecond; + + PCCERT_CONTEXT cert_handle = + CertCreateSelfSignCertificate(key->provider(), &subject_name, + CERT_CREATE_SELFSIGN_NO_KEY_INFO, + NULL, &sign_algo, 0, &system_time, 0); + DCHECK(cert_handle) << "Failed to create self-signed certificate: " + << logging::GetLastSystemErrorCode(); + + X509Certificate* cert = CreateFromHandle(cert_handle, + SOURCE_LONE_CERT_IMPORT, + OSCertHandles()); + FreeOSCertHandle(cert_handle); + return cert; +} + void X509Certificate::Persist(Pickle* pickle) { DCHECK(cert_handle_); DWORD length; |