Chromium Code Reviews Chromium Code Reviews
Issue 8400075:
Fix the "certificate is not yet valid" error for server certificates (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_BASE_X509_CERTIFICATE_H_ | 5 #ifndef NET_BASE_X509_CERTIFICATE_H_ |
| 6 #define NET_BASE_X509_CERTIFICATE_H_ | 6 #define NET_BASE_X509_CERTIFICATE_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <string.h> | 9 #include <string.h> |
| 10 | 10 |
| (...skipping 192 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 203 // certificate is invalid before the |valid_start| date and invalid after | 203 // certificate is invalid before the |valid_start| date and invalid after |
| 204 // the |valid_expiry| date. | 204 // the |valid_expiry| date. |
| 205 // If we were unable to parse either date from the certificate (or if the cert | 205 // If we were unable to parse either date from the certificate (or if the cert |
| 206 // lacks either date), the date will be null (i.e., is_null() will be true). | 206 // lacks either date), the date will be null (i.e., is_null() will be true). |
| 207 const base::Time& valid_start() const { return valid_start_; } | 207 const base::Time& valid_start() const { return valid_start_; } |
| 208 const base::Time& valid_expiry() const { return valid_expiry_; } | 208 const base::Time& valid_expiry() const { return valid_expiry_; } |
| 209 | 209 |
| 210 // The fingerprint of this certificate. | 210 // The fingerprint of this certificate. |
| 211 const SHA1Fingerprint& fingerprint() const { return fingerprint_; } | 211 const SHA1Fingerprint& fingerprint() const { return fingerprint_; } |
| 212 | 212 |
| 213 // The fingerprint of this certificate and its intermediate CA certificates. | |
| 214 const SHA1Fingerprint& chain_fingerprint() const { | |
| 215 return chain_fingerprint_; | |
| 216 } | |
| 217 | |
| 213 // Gets the DNS names in the certificate. Pursuant to RFC 2818, Section 3.1 | 218 // Gets the DNS names in the certificate. Pursuant to RFC 2818, Section 3.1 |
| 214 // Server Identity, if the certificate has a subjectAltName extension of | 219 // Server Identity, if the certificate has a subjectAltName extension of |
| 215 // type dNSName, this method gets the DNS names in that extension. | 220 // type dNSName, this method gets the DNS names in that extension. |
| 216 // Otherwise, it gets the common name in the subject field. | 221 // Otherwise, it gets the common name in the subject field. |
| 217 void GetDNSNames(std::vector<std::string>* dns_names) const; | 222 void GetDNSNames(std::vector<std::string>* dns_names) const; |
| 218 | 223 |
| 219 // Gets the subjectAltName extension field from the certificate, if any. | 224 // Gets the subjectAltName extension field from the certificate, if any. |
| 220 // For future extension; currently this only returns those name types that | 225 // For future extension; currently this only returns those name types that |
| 221 // are required for HTTP certificate name verification - see VerifyHostname. | 226 // are required for HTTP certificate name verification - see VerifyHostname. |
| 222 // Unrequired parameters may be passed as NULL. | 227 // Unrequired parameters may be passed as NULL. |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 358 // Duplicates (or adds a reference to) an OS certificate handle. | 363 // Duplicates (or adds a reference to) an OS certificate handle. |
| 359 static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle); | 364 static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle); |
| 360 | 365 |
| 361 // Frees (or releases a reference to) an OS certificate handle. | 366 // Frees (or releases a reference to) an OS certificate handle. |
| 362 static void FreeOSCertHandle(OSCertHandle cert_handle); | 367 static void FreeOSCertHandle(OSCertHandle cert_handle); |
| 363 | 368 |
| 364 // Calculates the SHA-1 fingerprint of the certificate. Returns an empty | 369 // Calculates the SHA-1 fingerprint of the certificate. Returns an empty |
| 365 // (all zero) fingerprint on failure. | 370 // (all zero) fingerprint on failure. |
| 366 static SHA1Fingerprint CalculateFingerprint(OSCertHandle cert_handle); | 371 static SHA1Fingerprint CalculateFingerprint(OSCertHandle cert_handle); |
| 367 | 372 |
| 373 // Calculates the SHA-1 fingerprint of the certificate and its intermediate | |
| 374 // CA certificates. Returns an empty (all zero) fingerprint on failure. | |
| 375 SHA1Fingerprint CalculateChainFingerprint() const; | |
|
wtc
2011/10/28 22:24:04
This method should be private. I list it here so
| |
| 376 | |
| 368 private: | 377 private: |
| 369 friend class base::RefCountedThreadSafe<X509Certificate>; | 378 friend class base::RefCountedThreadSafe<X509Certificate>; |
| 370 friend class TestRootCerts; // For unit tests | 379 friend class TestRootCerts; // For unit tests |
| 371 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, Cache); | 380 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, Cache); |
| 372 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, IntermediateCertificates); | 381 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, IntermediateCertificates); |
| 373 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, SerialNumbers); | 382 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, SerialNumbers); |
| 374 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, DigiNotarCerts); | 383 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, DigiNotarCerts); |
| 375 FRIEND_TEST_ALL_PREFIXES(X509CertificateNameVerifyTest, VerifyHostname); | 384 FRIEND_TEST_ALL_PREFIXES(X509CertificateNameVerifyTest, VerifyHostname); |
| 376 | 385 |
| 377 // Construct an X509Certificate from a handle to the certificate object | 386 // Construct an X509Certificate from a handle to the certificate object |
| (...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 465 | 474 |
| 466 // This certificate is not valid before |valid_start_| | 475 // This certificate is not valid before |valid_start_| |
| 467 base::Time valid_start_; | 476 base::Time valid_start_; |
| 468 | 477 |
| 469 // This certificate is not valid after |valid_expiry_| | 478 // This certificate is not valid after |valid_expiry_| |
| 470 base::Time valid_expiry_; | 479 base::Time valid_expiry_; |
| 471 | 480 |
| 472 // The fingerprint of this certificate. | 481 // The fingerprint of this certificate. |
| 473 SHA1Fingerprint fingerprint_; | 482 SHA1Fingerprint fingerprint_; |
| 474 | 483 |
| 484 // The fingerprint of this certificate and its intermediate CA certificates. | |
| 485 SHA1Fingerprint chain_fingerprint_; | |
| 486 | |
| 475 // The serial number of this certificate, DER encoded. | 487 // The serial number of this certificate, DER encoded. |
| 476 std::string serial_number_; | 488 std::string serial_number_; |
| 477 | 489 |
| 478 // A handle to the certificate object in the underlying crypto library. | 490 // A handle to the certificate object in the underlying crypto library. |
| 479 OSCertHandle cert_handle_; | 491 OSCertHandle cert_handle_; |
| 480 | 492 |
| 481 // Untrusted intermediate certificates associated with this certificate | 493 // Untrusted intermediate certificates associated with this certificate |
| 482 // that may be needed for chain building. | 494 // that may be needed for chain building. |
| 483 OSCertHandles intermediate_ca_certs_; | 495 OSCertHandles intermediate_ca_certs_; |
| 484 | 496 |
| 485 #if defined(OS_MACOSX) | 497 #if defined(OS_MACOSX) |
| 486 // Blocks multiple threads from verifying the cert simultaneously. | 498 // Blocks multiple threads from verifying the cert simultaneously. |
| 487 // (Marked mutable because it's used in a const method.) | 499 // (Marked mutable because it's used in a const method.) |
| 488 mutable base::Lock verification_lock_; | 500 mutable base::Lock verification_lock_; |
| 489 #endif | 501 #endif |
| 490 | 502 |
| 491 DISALLOW_COPY_AND_ASSIGN(X509Certificate); | 503 DISALLOW_COPY_AND_ASSIGN(X509Certificate); |
| 492 }; | 504 }; |
| 493 | 505 |
| 494 } // namespace net | 506 } // namespace net |
| 495 | 507 |
| 496 #endif // NET_BASE_X509_CERTIFICATE_H_ | 508 #endif // NET_BASE_X509_CERTIFICATE_H_ |
| OLD | NEW |
