Index: webrtc/base/sslidentity.h |
diff --git a/webrtc/base/sslidentity.h b/webrtc/base/sslidentity.h |
index 99cbac8c3d86871cefa66950b6d82d77db25ed8a..3a1bbd08563bf5d58faaaf184633220fecb45709 100644 |
--- a/webrtc/base/sslidentity.h |
+++ b/webrtc/base/sslidentity.h |
@@ -18,7 +18,6 @@ |
#include <vector> |
#include "webrtc/base/buffer.h" |
-#include "webrtc/base/checks.h" |
#include "webrtc/base/messagedigest.h" |
namespace rtc { |
@@ -108,105 +107,25 @@ |
RTC_DISALLOW_COPY_AND_ASSIGN(SSLCertChain); |
}; |
-// KT_DEFAULT is currently an alias for KT_RSA. This is likely to change. |
-// KT_LAST is intended for vector declarations and loops over all key types; |
-// it does not represent any key type in itself. |
// TODO(hbos,torbjorng): Don't change KT_DEFAULT without first updating |
// PeerConnectionFactory_nativeCreatePeerConnection's certificate generation |
// code. |
enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_DEFAULT = KT_RSA }; |
- |
-static const int kRsaDefaultModSize = 1024; |
-static const int kRsaDefaultExponent = 0x10001; // = 2^16+1 = 65537 |
-static const int kRsaMinModSize = 1024; |
-static const int kRsaMaxModSize = 8192; |
- |
-struct RSAParams { |
- unsigned int mod_size; |
- unsigned int pub_exp; |
-}; |
- |
-enum ECCurve { EC_NIST_P256, /* EC_FANCY, */ EC_LAST }; |
- |
-class KeyParams { |
- public: |
- // Generate a KeyParams object from a simple KeyType, using default params. |
- explicit KeyParams(KeyType key_type = KT_DEFAULT) { |
- if (key_type == KT_ECDSA) { |
- type_ = KT_ECDSA; |
- params_.curve = EC_NIST_P256; |
- } else if (key_type == KT_RSA) { |
- type_ = KT_RSA; |
- params_.rsa.mod_size = kRsaDefaultModSize; |
- params_.rsa.pub_exp = kRsaDefaultExponent; |
- } else { |
- RTC_NOTREACHED(); |
- } |
- } |
- |
- // Generate a a KeyParams for RSA with explicit parameters. |
- static KeyParams RSA(int mod_size = kRsaDefaultModSize, |
- int pub_exp = kRsaDefaultExponent) { |
- KeyParams kt(KT_RSA); |
- kt.params_.rsa.mod_size = mod_size; |
- kt.params_.rsa.pub_exp = pub_exp; |
- return kt; |
- } |
- |
- // Generate a a KeyParams for ECDSA specifying the curve. |
- static KeyParams ECDSA(ECCurve curve = EC_NIST_P256) { |
- KeyParams kt(KT_ECDSA); |
- kt.params_.curve = curve; |
- return kt; |
- } |
- |
- // Check validity of a KeyParams object. Since the factory functions have |
- // no way of returning errors, this function can be called after creation |
- // to make sure the parameters are OK. |
- bool IsValid() { |
- if (type_ == KT_RSA) { |
- return (params_.rsa.mod_size >= kRsaMinModSize && |
- params_.rsa.mod_size <= kRsaMaxModSize && |
- params_.rsa.pub_exp > params_.rsa.mod_size); |
- } else if (type_ == KT_ECDSA) { |
- return (params_.curve == EC_NIST_P256); |
- } |
- return false; |
- } |
- |
- RSAParams rsa_params() const { |
- RTC_DCHECK(type_ == KT_RSA); |
- return params_.rsa; |
- } |
- |
- ECCurve ec_curve() const { |
- RTC_DCHECK(type_ == KT_ECDSA); |
- return params_.curve; |
- } |
- |
- KeyType type() const { return type_; } |
- |
- private: |
- KeyType type_; |
- union { |
- RSAParams rsa; |
- ECCurve curve; |
- } params_; |
-}; |
// TODO(hbos): Remove once rtc::KeyType (to be modified) and |
// blink::WebRTCKeyType (to be landed) match. By using this function in Chromium |
// appropriately we can change KeyType enum -> class without breaking Chromium. |
KeyType IntKeyTypeFamilyToKeyType(int key_type_family); |
-// Parameters for generating a certificate. If |common_name| is non-empty, it |
-// will be used for the certificate's subject and issuer name, otherwise a |
-// random string will be used. |
+// Parameters for generating an identity for testing. If common_name is |
+// non-empty, it will be used for the certificate's subject and issuer name, |
+// otherwise a random string will be used. |not_before| and |not_after| are |
+// offsets to the current time in number of seconds. |
struct SSLIdentityParams { |
std::string common_name; |
- int not_before; // offset from current time in seconds. |
- int not_after; // offset from current time in seconds. |
- KeyParams key_params; |
+ int not_before; // in seconds. |
+ int not_after; // in seconds. |
+ KeyType key_type; |
}; |
// Our identity in an SSL negotiation: a keypair and certificate (both |
@@ -220,11 +139,7 @@ |
// Returns NULL on failure. |
// Caller is responsible for freeing the returned object. |
static SSLIdentity* Generate(const std::string& common_name, |
- const KeyParams& key_param); |
- static SSLIdentity* Generate(const std::string& common_name, |
- KeyType key_type) { |
- return Generate(common_name, KeyParams(key_type)); |
- } |
+ KeyType key_type); |
// Generates an identity with the specified validity period. |
static SSLIdentity* GenerateForTest(const SSLIdentityParams& params); |