| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/x509_util_openssl.h" | 5 #include "net/cert/x509_util_openssl.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <openssl/asn1.h> | 8 #include <openssl/asn1.h> |
| 9 | 9 |
| 10 #include "base/lazy_instance.h" | 10 #include "base/lazy_instance.h" |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 81 LOG(ERROR) << "Common name too long"; | 81 LOG(ERROR) << "Common name too long"; |
| 82 return NULL; | 82 return NULL; |
| 83 } | 83 } |
| 84 unsigned char* common_name_str = | 84 unsigned char* common_name_str = |
| 85 reinterpret_cast<unsigned char*>(const_cast<char*>(common_name.data())) + | 85 reinterpret_cast<unsigned char*>(const_cast<char*>(common_name.data())) + |
| 86 kCommonNamePrefixLen; | 86 kCommonNamePrefixLen; |
| 87 int common_name_len = | 87 int common_name_len = |
| 88 static_cast<int>(common_name.size() - kCommonNamePrefixLen); | 88 static_cast<int>(common_name.size() - kCommonNamePrefixLen); |
| 89 | 89 |
| 90 crypto::ScopedOpenSSL<X509_NAME, X509_NAME_free> name(X509_NAME_new()); | 90 crypto::ScopedOpenSSL<X509_NAME, X509_NAME_free> name(X509_NAME_new()); |
| 91 if (!name.get() || !X509_NAME_add_entry_by_NID(name.get(), | 91 if (!name.get() || |
| 92 NID_commonName, | 92 !X509_NAME_add_entry_by_NID(name.get(), |
| 93 MBSTRING_ASC, | 93 NID_commonName, |
| 94 common_name_str, | 94 MBSTRING_ASC, |
| 95 common_name_len, | 95 common_name_str, |
| 96 -1, | 96 common_name_len, |
| 97 0)) { | 97 -1, |
| 98 0)) { |
| 98 LOG(ERROR) << "Can't parse common name: " << common_name.c_str(); | 99 LOG(ERROR) << "Can't parse common name: " << common_name.c_str(); |
| 99 return NULL; | 100 return NULL; |
| 100 } | 101 } |
| 101 | 102 |
| 102 // Now create certificate and populate it. | 103 // Now create certificate and populate it. |
| 103 crypto::ScopedOpenSSL<X509, X509_free> cert(X509_new()); | 104 crypto::ScopedOpenSSL<X509, X509_free> cert(X509_new()); |
| 104 if (!cert.get() || !X509_set_version(cert.get(), 2L) /* i.e. version 3 */ || | 105 if (!cert.get() || !X509_set_version(cert.get(), 2L) /* i.e. version 3 */ || |
| 105 !X509_set_pubkey(cert.get(), key) || | 106 !X509_set_pubkey(cert.get(), key) || |
| 106 !X509_set_serialNumber(cert.get(), asn1_serial.get()) || | 107 !X509_set_serialNumber(cert.get(), asn1_serial.get()) || |
| 107 !X509_set_notBefore(cert.get(), asn1_not_before_time.get()) || | 108 !X509_set_notBefore(cert.get(), asn1_not_before_time.get()) || |
| (...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 192 // | 193 // |
| 193 // from datetime import date as D | 194 // from datetime import date as D |
| 194 // print (D(1970,1,1)-D(1,1,1)) # -> 719162 days | 195 // print (D(1970,1,1)-D(1,1,1)) # -> 719162 days |
| 195 // print (D(9999,12,31)-D(1970,1,1)) # -> 2932896 days | 196 // print (D(9999,12,31)-D(1970,1,1)) # -> 2932896 days |
| 196 // | 197 // |
| 197 // Note: This ignores leap seconds, but should be enough in practice. | 198 // Note: This ignores leap seconds, but should be enough in practice. |
| 198 // | 199 // |
| 199 const int64 kDaysFromYear0001ToUnixEpoch = 719162; | 200 const int64 kDaysFromYear0001ToUnixEpoch = 719162; |
| 200 const int64 kDaysFromUnixEpochToYear10000 = 2932896 + 1; | 201 const int64 kDaysFromUnixEpochToYear10000 = 2932896 + 1; |
| 201 const base::Time kEpoch = base::Time::UnixEpoch(); | 202 const base::Time kEpoch = base::Time::UnixEpoch(); |
| 202 const base::Time kYear0001 = kEpoch - | 203 const base::Time kYear0001 = |
| 203 base::TimeDelta::FromDays(kDaysFromYear0001ToUnixEpoch); | 204 kEpoch - base::TimeDelta::FromDays(kDaysFromYear0001ToUnixEpoch); |
| 204 const base::Time kYear10000 = kEpoch + | 205 const base::Time kYear10000 = |
| 205 base::TimeDelta::FromDays(kDaysFromUnixEpochToYear10000); | 206 kEpoch + base::TimeDelta::FromDays(kDaysFromUnixEpochToYear10000); |
| 206 | 207 |
| 207 if (not_valid_before < kYear0001 || not_valid_before >= kYear10000 || | 208 if (not_valid_before < kYear0001 || not_valid_before >= kYear10000 || |
| 208 not_valid_after < kYear0001 || not_valid_after >= kYear10000) | 209 not_valid_after < kYear0001 || not_valid_after >= kYear10000) |
| 209 return false; | 210 return false; |
| 210 | 211 |
| 211 return true; | 212 return true; |
| 212 } | 213 } |
| 213 | 214 |
| 214 bool CreateDomainBoundCertEC( | 215 bool CreateDomainBoundCertEC(crypto::ECPrivateKey* key, |
| 215 crypto::ECPrivateKey* key, | 216 DigestAlgorithm alg, |
| 216 DigestAlgorithm alg, | 217 const std::string& domain, |
| 217 const std::string& domain, | 218 uint32 serial_number, |
| 218 uint32 serial_number, | 219 base::Time not_valid_before, |
| 219 base::Time not_valid_before, | 220 base::Time not_valid_after, |
| 220 base::Time not_valid_after, | 221 std::string* der_cert) { |
| 221 std::string* der_cert) { | |
| 222 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 222 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 223 // Create certificate. | 223 // Create certificate. |
| 224 crypto::ScopedOpenSSL<X509, X509_free> cert( | 224 crypto::ScopedOpenSSL<X509, X509_free> cert( |
| 225 CreateCertificate(key->key(), | 225 CreateCertificate(key->key(), |
| 226 alg, | 226 alg, |
| 227 "CN=anonymous.invalid", | 227 "CN=anonymous.invalid", |
| 228 serial_number, | 228 serial_number, |
| 229 not_valid_before, | 229 not_valid_before, |
| 230 not_valid_after)); | 230 not_valid_after)); |
| 231 if (!cert.get()) | 231 if (!cert.get()) |
| (...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 323 | 323 |
| 324 bool ParsePrincipalValueByNID(X509_NAME* name, int nid, std::string* value) { | 324 bool ParsePrincipalValueByNID(X509_NAME* name, int nid, std::string* value) { |
| 325 int index = X509_NAME_get_index_by_NID(name, nid, -1); | 325 int index = X509_NAME_get_index_by_NID(name, nid, -1); |
| 326 if (index < 0) | 326 if (index < 0) |
| 327 return false; | 327 return false; |
| 328 | 328 |
| 329 return ParsePrincipalValueByIndex(name, index, value); | 329 return ParsePrincipalValueByIndex(name, index, value); |
| 330 } | 330 } |
| 331 | 331 |
| 332 bool ParseDate(ASN1_TIME* x509_time, base::Time* time) { | 332 bool ParseDate(ASN1_TIME* x509_time, base::Time* time) { |
| 333 if (!x509_time || | 333 if (!x509_time || (x509_time->type != V_ASN1_UTCTIME && |
| 334 (x509_time->type != V_ASN1_UTCTIME && | 334 x509_time->type != V_ASN1_GENERALIZEDTIME)) |
| 335 x509_time->type != V_ASN1_GENERALIZEDTIME)) | |
| 336 return false; | 335 return false; |
| 337 | 336 |
| 338 base::StringPiece str_date(reinterpret_cast<const char*>(x509_time->data), | 337 base::StringPiece str_date(reinterpret_cast<const char*>(x509_time->data), |
| 339 x509_time->length); | 338 x509_time->length); |
| 340 | 339 |
| 341 CertDateFormat format = x509_time->type == V_ASN1_UTCTIME ? | 340 CertDateFormat format = x509_time->type == V_ASN1_UTCTIME |
| 342 CERT_DATE_FORMAT_UTC_TIME : CERT_DATE_FORMAT_GENERALIZED_TIME; | 341 ? CERT_DATE_FORMAT_UTC_TIME |
| 342 : CERT_DATE_FORMAT_GENERALIZED_TIME; |
| 343 return ParseCertificateDate(str_date, format, time); | 343 return ParseCertificateDate(str_date, format, time); |
| 344 } | 344 } |
| 345 | 345 |
| 346 } // namespace x509_util | 346 } // namespace x509_util |
| 347 | 347 |
| 348 } // namespace net | 348 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
