| Index: net/base/x509_util_nss.cc
|
| diff --git a/net/base/x509_util_nss.cc b/net/base/x509_util_nss.cc
|
| index 61126af6a1fbc68f65e5f664fc17103a33505b94..4ec0401d8e369b0b5c998ce6126cfbe6f1a80006 100644
|
| --- a/net/base/x509_util_nss.cc
|
| +++ b/net/base/x509_util_nss.cc
|
| @@ -78,7 +78,8 @@ CERTCertificate* CreateCertificate(
|
| SECKEYPublicKey* public_key,
|
| const std::string& subject,
|
| uint32 serial_number,
|
| - base::TimeDelta valid_duration) {
|
| + base::Time not_valid_before,
|
| + base::Time not_valid_after) {
|
| // Create info about public key.
|
| CERTSubjectPublicKeyInfo* spki =
|
| SECKEY_CreateSubjectPublicKeyInfo(public_key);
|
| @@ -99,11 +100,9 @@ CERTCertificate* CreateCertificate(
|
| return NULL;
|
| }
|
|
|
| - PRTime now = PR_Now();
|
| - PRTime not_after = now + valid_duration.InMicroseconds();
|
| -
|
| - // Note that the time is now in micro-second unit.
|
| - CERTValidity* validity = CERT_CreateValidity(now, not_after);
|
| + CERTValidity* validity = CERT_CreateValidity(
|
| + crypto::BaseTimeToPRTime(not_valid_before),
|
| + crypto::BaseTimeToPRTime(not_valid_after));
|
| CERTCertificate* cert = CERT_CreateCertificate(serial_number, subject_name,
|
| validity, cert_request);
|
| if (!cert) {
|
| @@ -176,13 +175,15 @@ bool CreateOriginBoundCertInternal(
|
| SECKEYPrivateKey* private_key,
|
| const std::string& origin,
|
| uint32 serial_number,
|
| - base::TimeDelta valid_duration,
|
| + base::Time not_valid_before,
|
| + base::Time not_valid_after,
|
| std::string* der_cert) {
|
|
|
| CERTCertificate* cert = CreateCertificate(public_key,
|
| "CN=anonymous.invalid",
|
| serial_number,
|
| - valid_duration);
|
| + not_valid_before,
|
| + not_valid_after);
|
|
|
| if (!cert)
|
| return false;
|
| @@ -255,10 +256,13 @@ CERTCertificate* CreateSelfSignedCert(
|
| const std::string& subject,
|
| uint32 serial_number,
|
| base::TimeDelta valid_duration) {
|
| + base::Time not_valid_before = base::Time::Now();
|
| + base::Time not_valid_after = not_valid_before + valid_duration;
|
| CERTCertificate* cert = CreateCertificate(public_key,
|
| subject,
|
| serial_number,
|
| - valid_duration);
|
| + not_valid_before,
|
| + not_valid_after);
|
| if (!cert)
|
| return NULL;
|
|
|
| @@ -274,7 +278,8 @@ bool CreateOriginBoundCertRSA(
|
| crypto::RSAPrivateKey* key,
|
| const std::string& origin,
|
| uint32 serial_number,
|
| - base::TimeDelta valid_duration,
|
| + base::Time not_valid_before,
|
| + base::Time not_valid_after,
|
| std::string* der_cert) {
|
| DCHECK(key);
|
|
|
| @@ -329,7 +334,8 @@ bool CreateOriginBoundCertRSA(
|
| private_key,
|
| origin,
|
| serial_number,
|
| - valid_duration,
|
| + not_valid_before,
|
| + not_valid_after,
|
| der_cert);
|
| }
|
|
|
| @@ -337,14 +343,16 @@ bool CreateOriginBoundCertEC(
|
| crypto::ECPrivateKey* key,
|
| const std::string& origin,
|
| uint32 serial_number,
|
| - base::TimeDelta valid_duration,
|
| + base::Time not_valid_before,
|
| + base::Time not_valid_after,
|
| std::string* der_cert) {
|
| DCHECK(key);
|
| return CreateOriginBoundCertInternal(key->public_key(),
|
| key->key(),
|
| origin,
|
| serial_number,
|
| - valid_duration,
|
| + not_valid_before,
|
| + not_valid_after,
|
| der_cert);
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 8890073:
Handle Origin Bound Certificate expiration. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src