search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Move pending tile priorities to active on tree activation
[chromium-blink-merge.git] / net / base / x509_util_openssl.cc
blob142bf779904687bbf5418e8020a9d841afaad93a
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/base/x509_util.h"
6 #include "net/base/x509_util_openssl.h"
7
8 #include <algorithm>
9
10 #include "base/logging.h"
11 #include "base/string_piece.h"
12 #include "net/base/x509_cert_types.h"
13
14 namespace net {
15
16 namespace x509_util {
17
18 bool IsSupportedValidityRange(base::Time not_valid_before,
19 base::Time not_valid_after) {
20 if (not_valid_before > not_valid_after)
21 return false;
22
23 // The validity field of a certificate can only encode years 1-9999.
24
25 // Compute the base::Time values corresponding to Jan 1st,0001 and
26 // Jan 1st, 10000 respectively. Done by using the pre-computed numbers
27 // of days between these dates and the Unix epoch, i.e. Jan 1st, 1970,
28 // using the following Python script:
29 //
30 // from datetime import date as D
31 // print (D(1970,1,1)-D(1,1,1)) # -> 719162 days
32 // print (D(9999,12,31)-D(1970,1,1)) # -> 2932896 days
33 //
34 // Note: This ignores leap seconds, but should be enough in practice.
35 //
36 const int64 kDaysFromYear0001ToUnixEpoch = 719162;
37 const int64 kDaysFromUnixEpochToYear10000 = 2932896 + 1;
38 const base::Time kEpoch = base::Time::UnixEpoch();
39 const base::Time kYear0001 = kEpoch -
40 base::TimeDelta::FromDays(kDaysFromYear0001ToUnixEpoch);
41 const base::Time kYear10000 = kEpoch +
42 base::TimeDelta::FromDays(kDaysFromUnixEpochToYear10000);
43
44 if (not_valid_before < kYear0001 || not_valid_before >= kYear10000 ||
45 not_valid_after < kYear0001 || not_valid_after >= kYear10000)
46 return false;
47
48 return true;
49 }
50
51 bool CreateDomainBoundCertEC(
52 crypto::ECPrivateKey* key,
53 const std::string& domain,
54 uint32 serial_number,
55 base::Time not_valid_before,
56 base::Time not_valid_after,
57 std::string* der_cert) {
58 NOTIMPLEMENTED();
59 return false;
60 }
61
62 bool ParsePrincipalKeyAndValueByIndex(X509_NAME* name,
63 int index,
64 std::string* key,
65 std::string* value) {
66 X509_NAME_ENTRY* entry = X509_NAME_get_entry(name, index);
67 if (!entry)
68 return false;
69
70 if (key) {
71 ASN1_OBJECT* object = X509_NAME_ENTRY_get_object(entry);
72 key->assign(OBJ_nid2sn(OBJ_obj2nid(object)));
73 }
74
75 ASN1_STRING* data = X509_NAME_ENTRY_get_data(entry);
76 if (!data)
77 return false;
78
79 unsigned char* buf = NULL;
80 int len = ASN1_STRING_to_UTF8(&buf, data);
81 if (len <= 0)
82 return false;
83
84 value->assign(reinterpret_cast<const char*>(buf), len);
85 OPENSSL_free(buf);
86 return true;
87 }
88
89 bool ParsePrincipalValueByIndex(X509_NAME* name,
90 int index,
91 std::string* value) {
92 return ParsePrincipalKeyAndValueByIndex(name, index, NULL, value);
93 }
94
95 bool ParsePrincipalValueByNID(X509_NAME* name, int nid, std::string* value) {
96 int index = X509_NAME_get_index_by_NID(name, nid, -1);
97 if (index < 0)
98 return false;
99
100 return ParsePrincipalValueByIndex(name, index, value);
101 }
102
103 bool ParseDate(ASN1_TIME* x509_time, base::Time* time) {
104 if (!x509_time ||
105 (x509_time->type != V_ASN1_UTCTIME &&
106 x509_time->type != V_ASN1_GENERALIZEDTIME))
107 return false;
108
109 base::StringPiece str_date(reinterpret_cast<const char*>(x509_time->data),
110 x509_time->length);
111
112 CertDateFormat format = x509_time->type == V_ASN1_UTCTIME ?
113 CERT_DATE_FORMAT_UTC_TIME : CERT_DATE_FORMAT_GENERALIZED_TIME;
114 return ParseCertificateDate(str_date, format, time);
115 }
116
117 } // namespace x509_util
118
119 } // namespace net