Chromium Code Reviews Chromium Code Reviews
Issue 1683193003:
Implement certificate lifetime parameter as required by WebRTC RFC. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 118 // TODO(hbos,torbjorng): Don't change KT_DEFAULT without first updating | 118 // TODO(hbos,torbjorng): Don't change KT_DEFAULT without first updating |
| 119 // PeerConnectionFactory_nativeCreatePeerConnection's certificate generation | 119 // PeerConnectionFactory_nativeCreatePeerConnection's certificate generation |
| 120 // code. | 120 // code. |
| 121 enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_DEFAULT = KT_RSA }; | 121 enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_DEFAULT = KT_RSA }; |
| 122 | 122 |
| 123 static const int kRsaDefaultModSize = 1024; | 123 static const int kRsaDefaultModSize = 1024; |
| 124 static const int kRsaDefaultExponent = 0x10001; // = 2^16+1 = 65537 | 124 static const int kRsaDefaultExponent = 0x10001; // = 2^16+1 = 65537 |
| 125 static const int kRsaMinModSize = 1024; | 125 static const int kRsaMinModSize = 1024; |
| 126 static const int kRsaMaxModSize = 8192; | 126 static const int kRsaMaxModSize = 8192; |
| 127 | 127 |
| 128 // Certificate default validity lifetime. | |
| 129 static const int CERTIFICATE_LIFETIME = 60*60*24*30; // 30 days, arbitrarily | |
|
tommi
2016/02/11 16:59:30
spaces around operators.
Also, this should be kCer
torbjorng (webrtc)
2016/02/12 10:54:32
Done.
| |
| 130 // Certificate validity window. | |
| 131 // This is to compensate for slightly incorrect system clocks. | |
| 132 static const int CERTIFICATE_WINDOW = -60*60*24; | |
|
tommi
2016/02/11 16:59:30
same thing here
torbjorng (webrtc)
2016/02/12 10:54:32
Done.
| |
| 133 | |
| 128 struct RSAParams { | 134 struct RSAParams { |
| 129 unsigned int mod_size; | 135 unsigned int mod_size; |
| 130 unsigned int pub_exp; | 136 unsigned int pub_exp; |
| 131 }; | 137 }; |
| 132 | 138 |
| 133 enum ECCurve { EC_NIST_P256, /* EC_FANCY, */ EC_LAST }; | 139 enum ECCurve { EC_NIST_P256, /* EC_FANCY, */ EC_LAST }; |
| 134 | 140 |
| 135 class KeyParams { | 141 class KeyParams { |
| 136 public: | 142 public: |
| 137 // Generate a KeyParams object from a simple KeyType, using default params. | 143 // Generate a KeyParams object from a simple KeyType, using default params. |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 181 // Our identity in an SSL negotiation: a keypair and certificate (both | 187 // Our identity in an SSL negotiation: a keypair and certificate (both |
| 182 // with the same public key). | 188 // with the same public key). |
| 183 // This too is pretty much immutable once created. | 189 // This too is pretty much immutable once created. |
| 184 class SSLIdentity { | 190 class SSLIdentity { |
| 185 public: | 191 public: |
| 186 // Generates an identity (keypair and self-signed certificate). If | 192 // Generates an identity (keypair and self-signed certificate). If |
| 187 // common_name is non-empty, it will be used for the certificate's | 193 // common_name is non-empty, it will be used for the certificate's |
| 188 // subject and issuer name, otherwise a random string will be used. | 194 // subject and issuer name, otherwise a random string will be used. |
| 189 // Returns NULL on failure. | 195 // Returns NULL on failure. |
| 190 // Caller is responsible for freeing the returned object. | 196 // Caller is responsible for freeing the returned object. |
| 191 static SSLIdentity* Generate(const std::string& common_name, | 197 static SSLIdentity* Generate(const std::string& common_name, |
|
hbos
2016/02/11 16:37:04
Add a comment about |certificate_lifetime| and say
tommi
2016/02/11 16:59:30
having dchecks for the expected valid values, help
torbjorng (webrtc)
2016/02/12 10:54:32
Done.
| |
| 192 const KeyParams& key_param); | 198 const KeyParams& key_param, |
| 199 time_t certificate_lifetime); | |
| 200 static SSLIdentity* Generate(const std::string& common_name, | |
| 201 const KeyParams& key_param) { | |
| 202 return Generate(common_name, key_param, CERTIFICATE_LIFETIME); | |
| 203 } | |
| 193 static SSLIdentity* Generate(const std::string& common_name, | 204 static SSLIdentity* Generate(const std::string& common_name, |
| 194 KeyType key_type) { | 205 KeyType key_type) { |
| 195 return Generate(common_name, KeyParams(key_type)); | 206 return Generate(common_name, KeyParams(key_type)); |
| 196 } | 207 } |
| 197 | 208 |
| 198 // Generates an identity with the specified validity period. | 209 // Generates an identity with the specified validity period. |
| 210 // TODO(torbjorng): Now that Generate() accepts relevant params, make tests | |
| 211 // use that instead of this function. | |
| 199 static SSLIdentity* GenerateForTest(const SSLIdentityParams& params); | 212 static SSLIdentity* GenerateForTest(const SSLIdentityParams& params); |
| 200 | 213 |
| 201 // Construct an identity from a private key and a certificate. | 214 // Construct an identity from a private key and a certificate. |
| 202 static SSLIdentity* FromPEMStrings(const std::string& private_key, | 215 static SSLIdentity* FromPEMStrings(const std::string& private_key, |
| 203 const std::string& certificate); | 216 const std::string& certificate); |
| 204 | 217 |
| 205 virtual ~SSLIdentity() {} | 218 virtual ~SSLIdentity() {} |
| 206 | 219 |
| 207 // Returns a new SSLIdentity object instance wrapping the same | 220 // Returns a new SSLIdentity object instance wrapping the same |
| 208 // identity information. | 221 // identity information. |
| (...skipping 18 matching lines...) Expand all Loading... | |
| 227 // |s| is not 0-terminated; its char count is defined by |length|. | 240 // |s| is not 0-terminated; its char count is defined by |length|. |
| 228 int64_t ASN1TimeToSec(const unsigned char* s, size_t length, bool long_format); | 241 int64_t ASN1TimeToSec(const unsigned char* s, size_t length, bool long_format); |
| 229 | 242 |
| 230 extern const char kPemTypeCertificate[]; | 243 extern const char kPemTypeCertificate[]; |
| 231 extern const char kPemTypeRsaPrivateKey[]; | 244 extern const char kPemTypeRsaPrivateKey[]; |
| 232 extern const char kPemTypeEcPrivateKey[]; | 245 extern const char kPemTypeEcPrivateKey[]; |
| 233 | 246 |
| 234 } // namespace rtc | 247 } // namespace rtc |
| 235 | 248 |
| 236 #endif // WEBRTC_BASE_SSLIDENTITY_H_ | 249 #endif // WEBRTC_BASE_SSLIDENTITY_H_ |
| OLD | NEW |
