diff options
Diffstat (limited to 'chromium/net/cert/x509_util_nss.cc')
-rw-r--r-- | chromium/net/cert/x509_util_nss.cc | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/chromium/net/cert/x509_util_nss.cc b/chromium/net/cert/x509_util_nss.cc index f8fbd6feda9..67ad467f5c5 100644 --- a/chromium/net/cert/x509_util_nss.cc +++ b/chromium/net/cert/x509_util_nss.cc @@ -134,6 +134,16 @@ CERTCertificate* CreateCertificate( return cert; } +SECOidTag ToSECOid(x509_util::DigestAlgorithm alg) { + switch (alg) { + case x509_util::DIGEST_SHA1: + return SEC_OID_SHA1; + case x509_util::DIGEST_SHA256: + return SEC_OID_SHA256; + } + return SEC_OID_UNKNOWN; +} + // Signs a certificate object, with |key| generating a new X509Certificate // and destroying the passed certificate object (even when NULL is returned). // The logic of this method references SignCert() in NSS utility certutil: @@ -142,11 +152,12 @@ CERTCertificate* CreateCertificate( // certificate signing process. bool SignCertificate( CERTCertificate* cert, - SECKEYPrivateKey* key) { + SECKEYPrivateKey* key, + SECOidTag hash_algorithm) { // |arena| is used to encode the cert. PLArenaPool* arena = cert->arena; SECOidTag algo_id = SEC_GetSignatureAlgorithmOidTag(key->keyType, - SEC_OID_SHA1); + hash_algorithm); if (algo_id == SEC_OID_UNKNOWN) return false; @@ -240,12 +251,14 @@ CERTName* CreateCertNameFromEncoded(PLArenaPool* arena, namespace x509_util { bool CreateSelfSignedCert(crypto::RSAPrivateKey* key, + DigestAlgorithm alg, const std::string& subject, uint32 serial_number, base::Time not_valid_before, base::Time not_valid_after, std::string* der_cert) { DCHECK(key); + DCHECK(!strncmp(subject.c_str(), "CN=", 3U)); CERTCertificate* cert = CreateCertificate(key->public_key(), subject, serial_number, @@ -254,7 +267,7 @@ bool CreateSelfSignedCert(crypto::RSAPrivateKey* key, if (!cert) return false; - if (!SignCertificate(cert, key->key())) { + if (!SignCertificate(cert, key->key(), ToSECOid(alg))) { CERT_DestroyCertificate(cert); return false; } @@ -279,6 +292,7 @@ bool IsSupportedValidityRange(base::Time not_valid_before, } bool CreateDomainBoundCertEC(crypto::ECPrivateKey* key, + DigestAlgorithm alg, const std::string& domain, uint32 serial_number, base::Time not_valid_before, @@ -340,7 +354,7 @@ bool CreateDomainBoundCertEC(crypto::ECPrivateKey* key, return false; } - if (!SignCertificate(cert, key->key())) { + if (!SignCertificate(cert, key->key(), ToSECOid(alg))) { CERT_DestroyCertificate(cert); return false; } |