Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(98)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_openssl.cc

Issue 8400075: Fix the "certificate is not yet valid" error for server certificates (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/base/x509_certificate_mac.cc ('K') | « net/base/x509_certificate_nss.cc ('k') | net/base/x509_certificate_unittest.cc » ('j') | net/base/x509_certificate_win.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #include <openssl/asn1.h> 7 #include <openssl/asn1.h>
8 #include <openssl/crypto.h> 8 #include <openssl/crypto.h>
9 #include <openssl/obj_mac.h> 9 #include <openssl/obj_mac.h>
10 #include <openssl/pem.h> 10 #include <openssl/pem.h>
(...skipping 307 matching lines...) Expand 10 before | Expand all | Expand 10 after
318 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { 318 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {
319 // Decrement the ref-count for the cert and, if all references are gone, 319 // Decrement the ref-count for the cert and, if all references are gone,
320 // free the memory and any application-specific data associated with the 320 // free the memory and any application-specific data associated with the
321 // certificate. 321 // certificate.
322 X509_free(cert_handle); 322 X509_free(cert_handle);
323 } 323 }
324 324
325 void X509Certificate::Initialize() { 325 void X509Certificate::Initialize() {
326 crypto::EnsureOpenSSLInit(); 326 crypto::EnsureOpenSSLInit();
327 fingerprint_ = CalculateFingerprint(cert_handle_); 327 fingerprint_ = CalculateFingerprint(cert_handle_);
328 chain_fingerprint_ = CalculateChainFingerprint();
328 329
329 ASN1_INTEGER* num = X509_get_serialNumber(cert_handle_); 330 ASN1_INTEGER* num = X509_get_serialNumber(cert_handle_);
330 if (num) { 331 if (num) {
331 serial_number_ = std::string( 332 serial_number_ = std::string(
332 reinterpret_cast<char*>(num->data), 333 reinterpret_cast<char*>(num->data),
333 num->length); 334 num->length);
334 // Remove leading zeros. 335 // Remove leading zeros.
335 while (serial_number_.size() > 1 && serial_number_[0] == 0) 336 while (serial_number_.size() > 1 && serial_number_[0] == 0)
336 serial_number_ = serial_number_.substr(1, serial_number_.size() - 1); 337 serial_number_ = serial_number_.substr(1, serial_number_.size() - 1);
337 } 338 }
338 339
339 ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_); 340 ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_);
340 ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), &issuer_); 341 ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), &issuer_);
341 x509_util::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_); 342 x509_util::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_);
342 x509_util::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_); 343 x509_util::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_);
343 } 344 }
344 345
345 // static 346 // static
346 void X509Certificate::ResetCertStore() { 347 void X509Certificate::ResetCertStore() {
347 X509InitSingleton::GetInstance()->ResetCertStore(); 348 X509InitSingleton::GetInstance()->ResetCertStore();
348 } 349 }
349 350
351 // static
350 SHA1Fingerprint X509Certificate::CalculateFingerprint(OSCertHandle cert) { 352 SHA1Fingerprint X509Certificate::CalculateFingerprint(OSCertHandle cert) {
351 SHA1Fingerprint sha1; 353 SHA1Fingerprint sha1;
352 unsigned int sha1_size = static_cast<unsigned int>(sizeof(sha1.data)); 354 unsigned int sha1_size = static_cast<unsigned int>(sizeof(sha1.data));
353 int ret = X509_digest(cert, EVP_sha1(), sha1.data, &sha1_size); 355 int ret = X509_digest(cert, EVP_sha1(), sha1.data, &sha1_size);
354 CHECK(ret); 356 CHECK(ret);
355 CHECK_EQ(sha1_size, sizeof(sha1.data)); 357 CHECK_EQ(sha1_size, sizeof(sha1.data));
356 return sha1; 358 return sha1;
357 } 359 }
358 360
361 SHA1Fingerprint X509Certificate::CalculateChainFingerprint() const {
362 SHA1Fingerprint sha1;
363 memset(sha1.data, 0, sizeof(sha1.data));
364
365 SHA_CTX sha1_ctx;
366 SHA1_Init(&sha1_ctx);
367 DERCache der_cache;
368 if (!GetDERAndCacheIfNeeded(cert_handle_, &der_cache))
369 return sha1;
370 SHA1_Update(&sha1_ctx, der_cache.data, der_cache.data_length);
371 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {
372 if (!GetDERAndCacheIfNeeded(intermediate_ca_certs_[i], &der_cache))
373 return sha1;
374 SHA1_Update(&sha1_ctx, der_cache.data, der_cache.data_length);
375 }
376 SHA1_Final(sha1.data, &sha1_ctx);
377
378 return sha1;
379 }
380
359 // static 381 // static
360 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( 382 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes(
361 const char* data, int length) { 383 const char* data, int length) {
362 if (length < 0) 384 if (length < 0)
363 return NULL; 385 return NULL;
364 crypto::EnsureOpenSSLInit(); 386 crypto::EnsureOpenSSLInit();
365 const unsigned char* d2i_data = 387 const unsigned char* d2i_data =
366 reinterpret_cast<const unsigned char*>(data); 388 reinterpret_cast<const unsigned char*>(data);
367 // Don't cache this data via SetDERCache as this wire format may be not be 389 // Don't cache this data via SetDERCache as this wire format may be not be
368 // identical from the i2d_X509 roundtrip. 390 // identical from the i2d_X509 roundtrip.
(...skipping 184 matching lines...) Expand 10 before | Expand all | Expand 10 after
553 DERCache der_cache; 575 DERCache der_cache;
554 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache)) 576 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache))
555 return false; 577 return false;
556 578
557 return pickle->WriteData( 579 return pickle->WriteData(
558 reinterpret_cast<const char*>(der_cache.data), 580 reinterpret_cast<const char*>(der_cache.data),
559 der_cache.data_length); 581 der_cache.data_length);
560 } 582 }
561 583
562 } // namespace net 584 } // namespace net
OLDNEW
« net/base/x509_certificate_mac.cc ('K') | « net/base/x509_certificate_nss.cc ('k') | net/base/x509_certificate_unittest.cc » ('j') | net/base/x509_certificate_win.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698