1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/cert/x509_util.h"
6 #include "net/cert/x509_util_openssl.h"
10 #include "base/logging.h"
11 #include "base/strings/string_piece.h"
12 #include "net/cert/x509_cert_types.h"
18 bool IsSupportedValidityRange(base::Time not_valid_before
,
19 base::Time not_valid_after
) {
20 if (not_valid_before
> not_valid_after
)
23 // The validity field of a certificate can only encode years 1-9999.
25 // Compute the base::Time values corresponding to Jan 1st,0001 and
26 // Jan 1st, 10000 respectively. Done by using the pre-computed numbers
27 // of days between these dates and the Unix epoch, i.e. Jan 1st, 1970,
28 // using the following Python script:
30 // from datetime import date as D
31 // print (D(1970,1,1)-D(1,1,1)) # -> 719162 days
32 // print (D(9999,12,31)-D(1970,1,1)) # -> 2932896 days
34 // Note: This ignores leap seconds, but should be enough in practice.
36 const int64 kDaysFromYear0001ToUnixEpoch
= 719162;
37 const int64 kDaysFromUnixEpochToYear10000
= 2932896 + 1;
38 const base::Time kEpoch
= base::Time::UnixEpoch();
39 const base::Time kYear0001
= kEpoch
-
40 base::TimeDelta::FromDays(kDaysFromYear0001ToUnixEpoch
);
41 const base::Time kYear10000
= kEpoch
+
42 base::TimeDelta::FromDays(kDaysFromUnixEpochToYear10000
);
44 if (not_valid_before
< kYear0001
|| not_valid_before
>= kYear10000
||
45 not_valid_after
< kYear0001
|| not_valid_after
>= kYear10000
)
51 bool CreateDomainBoundCertEC(
52 crypto::ECPrivateKey
* key
,
53 const std::string
& domain
,
55 base::Time not_valid_before
,
56 base::Time not_valid_after
,
57 std::string
* der_cert
) {
62 bool CreateSelfSignedCert(crypto::RSAPrivateKey
* key
,
63 const std::string
& common_name
,
65 base::Time not_valid_before
,
66 base::Time not_valid_after
,
67 std::string
* der_encoded
) {
72 bool ParsePrincipalKeyAndValueByIndex(X509_NAME
* name
,
76 X509_NAME_ENTRY
* entry
= X509_NAME_get_entry(name
, index
);
81 ASN1_OBJECT
* object
= X509_NAME_ENTRY_get_object(entry
);
82 key
->assign(OBJ_nid2sn(OBJ_obj2nid(object
)));
85 ASN1_STRING
* data
= X509_NAME_ENTRY_get_data(entry
);
89 unsigned char* buf
= NULL
;
90 int len
= ASN1_STRING_to_UTF8(&buf
, data
);
94 value
->assign(reinterpret_cast<const char*>(buf
), len
);
99 bool ParsePrincipalValueByIndex(X509_NAME
* name
,
101 std::string
* value
) {
102 return ParsePrincipalKeyAndValueByIndex(name
, index
, NULL
, value
);
105 bool ParsePrincipalValueByNID(X509_NAME
* name
, int nid
, std::string
* value
) {
106 int index
= X509_NAME_get_index_by_NID(name
, nid
, -1);
110 return ParsePrincipalValueByIndex(name
, index
, value
);
113 bool ParseDate(ASN1_TIME
* x509_time
, base::Time
* time
) {
115 (x509_time
->type
!= V_ASN1_UTCTIME
&&
116 x509_time
->type
!= V_ASN1_GENERALIZEDTIME
))
119 base::StringPiece
str_date(reinterpret_cast<const char*>(x509_time
->data
),
122 CertDateFormat format
= x509_time
->type
== V_ASN1_UTCTIME
?
123 CERT_DATE_FORMAT_UTC_TIME
: CERT_DATE_FORMAT_GENERALIZED_TIME
;
124 return ParseCertificateDate(str_date
, format
, time
);
127 } // namespace x509_util