Provide RSA2048 as per RFC

webrtc/base/sslidentity.h

Index: webrtc/base/sslidentity.h
diff --git a/webrtc/base/sslidentity.h b/webrtc/base/sslidentity.h
index 3a1bbd08563bf5d58faaaf184633220fecb45709..cf9942637e480de935bdfaad3667f18555ddccc2 100644
--- a/webrtc/base/sslidentity.h
+++ b/webrtc/base/sslidentity.h
@@ -107,25 +107,70 @@ class SSLCertChain {
   RTC_DISALLOW_COPY_AND_ASSIGN(SSLCertChain);
 };
 
+// KT_DEFAULT is currently an alias for KT_RSA.  This is likely to change.
+// KT_LAST is intended for vector declarations and loops over all key types;
+// it does not represent any key type in itself.
 // TODO(hbos,torbjorng): Don't change KT_DEFAULT without first updating
 // PeerConnectionFactory_nativeCreatePeerConnection's certificate generation
 // code.
 enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_DEFAULT = KT_RSA };
 
+static const int kRsaDefaultModSize = 1024;
+static const int kRsaDefaultExponent = 0x10001;  // = 2^16+1 = 65537
+static const int kRsaMinModSize = 1024;
+static const int kRsaMaxModSize = 8192;

[hbos, 2015/10/08 13:46:00]

Make these extern and place values in .cc file (just like kPemTypeCertificate
and the like at the bottom of this file)

[torbjorng (webrtc), 2015/10/08 14:01:46]

I would have agreed if these had been e.g., C string constants where any value
would be put the the binary. Here we have integer constants which will be
compiled into the actual code with the current form.

+
+struct RSAParams {
+  unsigned int mod_size;
+  unsigned int pub_exp;
+};
+
+enum ECCurve { EC_NIST_P256, /* EC_FANCY, */ EC_LAST };
+
+class KeyParams {
+ public:
+  // Generate a KeyParams object from a simple KeyType, using default params.
+  explicit KeyParams(KeyType key_type = KT_DEFAULT);
+
+  // Generate a a KeyParams for RSA with explicit parameters.
+  static KeyParams RSA(int mod_size = kRsaDefaultModSize,
+                       int pub_exp = kRsaDefaultExponent);
+
+  // Generate a a KeyParams for ECDSA specifying the curve.
+  static KeyParams ECDSA(ECCurve curve = EC_NIST_P256);
+
+  // Check validity of a KeyParams object. Since the factory functions have
+  // no way of returning errors, this function can be called after creation
+  // to make sure the parameters are OK.
+  bool IsValid() const;
+
+  RSAParams rsa_params() const;
+
+  ECCurve ec_curve() const;
+
+  KeyType type() const { return type_; }
+
+ private:
+  KeyType type_;
+  union {
+    RSAParams rsa;
+    ECCurve curve;
+  } params_;
+};
+
 // TODO(hbos): Remove once rtc::KeyType (to be modified) and
 // blink::WebRTCKeyType (to be landed) match. By using this function in Chromium
 // appropriately we can change KeyType enum -> class without breaking Chromium.
 KeyType IntKeyTypeFamilyToKeyType(int key_type_family);
 
-// Parameters for generating an identity for testing. If common_name is
-// non-empty, it will be used for the certificate's subject and issuer name,
-// otherwise a random string will be used. |not_before| and |not_after| are
-// offsets to the current time in number of seconds.
+// Parameters for generating a certificate. If |common_name| is non-empty, it
+// will be used for the certificate's subject and issuer name, otherwise a
+// random string will be used.
 struct SSLIdentityParams {
   std::string common_name;
-  int not_before;  // in seconds.
-  int not_after;  // in seconds.
-  KeyType key_type;
+  int not_before;  // offset from current time in seconds.
+  int not_after;   // offset from current time in seconds.
+  KeyParams key_params;
 };
 
 // Our identity in an SSL negotiation: a keypair and certificate (both
@@ -139,7 +184,11 @@ class SSLIdentity {
   // Returns NULL on failure.
   // Caller is responsible for freeing the returned object.
   static SSLIdentity* Generate(const std::string& common_name,
-                               KeyType key_type);
+                               const KeyParams& key_param);
+  static SSLIdentity* Generate(const std::string& common_name,
+                               KeyType key_type) {
+    return Generate(common_name, KeyParams(key_type));
+  }
 
   // Generates an identity with the specified validity period.
   static SSLIdentity* GenerateForTest(const SSLIdentityParams& params);