| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 89 return pkey; | 89 return pkey; |
| 90 } | 90 } |
| 91 | 91 |
| 92 // Generate a self-signed certificate, with the public key from the | 92 // Generate a self-signed certificate, with the public key from the |
| 93 // given key pair. Caller is responsible for freeing the returned object. | 93 // given key pair. Caller is responsible for freeing the returned object. |
| 94 static X509* MakeCertificate(EVP_PKEY* pkey, const SSLIdentityParams& params) { | 94 static X509* MakeCertificate(EVP_PKEY* pkey, const SSLIdentityParams& params) { |
| 95 LOG(LS_INFO) << "Making certificate for " << params.common_name; | 95 LOG(LS_INFO) << "Making certificate for " << params.common_name; |
| 96 X509* x509 = NULL; | 96 X509* x509 = NULL; |
| 97 BIGNUM* serial_number = NULL; | 97 BIGNUM* serial_number = NULL; |
| 98 X509_NAME* name = NULL; | 98 X509_NAME* name = NULL; |
| 99 time_t epoch_off = 0; // Time offset since epoch. |
| 99 | 100 |
| 100 if ((x509=X509_new()) == NULL) | 101 if ((x509=X509_new()) == NULL) |
| 101 goto error; | 102 goto error; |
| 102 | 103 |
| 103 if (!X509_set_pubkey(x509, pkey)) | 104 if (!X509_set_pubkey(x509, pkey)) |
| 104 goto error; | 105 goto error; |
| 105 | 106 |
| 106 // serial number | 107 // serial number |
| 107 // temporary reference to serial number inside x509 struct | 108 // temporary reference to serial number inside x509 struct |
| 108 ASN1_INTEGER* asn1_serial_number; | 109 ASN1_INTEGER* asn1_serial_number; |
| (...skipping 14 matching lines...) Expand all Loading... |
| 123 // clear during SSL negotiation, so there may be a privacy issue in | 124 // clear during SSL negotiation, so there may be a privacy issue in |
| 124 // putting anything recognizable here. | 125 // putting anything recognizable here. |
| 125 if ((name = X509_NAME_new()) == NULL || | 126 if ((name = X509_NAME_new()) == NULL || |
| 126 !X509_NAME_add_entry_by_NID( | 127 !X509_NAME_add_entry_by_NID( |
| 127 name, NID_commonName, MBSTRING_UTF8, | 128 name, NID_commonName, MBSTRING_UTF8, |
| 128 (unsigned char*)params.common_name.c_str(), -1, -1, 0) || | 129 (unsigned char*)params.common_name.c_str(), -1, -1, 0) || |
| 129 !X509_set_subject_name(x509, name) || | 130 !X509_set_subject_name(x509, name) || |
| 130 !X509_set_issuer_name(x509, name)) | 131 !X509_set_issuer_name(x509, name)) |
| 131 goto error; | 132 goto error; |
| 132 | 133 |
| 133 if (!X509_gmtime_adj(X509_get_notBefore(x509), params.not_before) || | 134 if (!X509_time_adj(X509_get_notBefore(x509), params.not_before, &epoch_off) || |
| 134 !X509_gmtime_adj(X509_get_notAfter(x509), params.not_after)) | 135 !X509_time_adj(X509_get_notAfter(x509), params.not_after, &epoch_off)) |
| 135 goto error; | 136 goto error; |
| 136 | 137 |
| 137 if (!X509_sign(x509, pkey, EVP_sha256())) | 138 if (!X509_sign(x509, pkey, EVP_sha256())) |
| 138 goto error; | 139 goto error; |
| 139 | 140 |
| 140 BN_free(serial_number); | 141 BN_free(serial_number); |
| 141 X509_NAME_free(name); | 142 X509_NAME_free(name); |
| 142 LOG(LS_INFO) << "Returning certificate"; | 143 LOG(LS_INFO) << "Returning certificate"; |
| 143 return x509; | 144 return x509; |
| 144 | 145 |
| (...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 366 | 367 |
| 367 void OpenSSLCertificate::AddReference() const { | 368 void OpenSSLCertificate::AddReference() const { |
| 368 ASSERT(x509_ != NULL); | 369 ASSERT(x509_ != NULL); |
| 369 #if defined(OPENSSL_IS_BORINGSSL) | 370 #if defined(OPENSSL_IS_BORINGSSL) |
| 370 X509_up_ref(x509_); | 371 X509_up_ref(x509_); |
| 371 #else | 372 #else |
| 372 CRYPTO_add(&x509_->references, 1, CRYPTO_LOCK_X509); | 373 CRYPTO_add(&x509_->references, 1, CRYPTO_LOCK_X509); |
| 373 #endif | 374 #endif |
| 374 } | 375 } |
| 375 | 376 |
| 377 // Documented in sslidentity.h. |
| 378 int64_t OpenSSLCertificate::CertificateExpirationTime() const { |
| 379 ASN1_TIME* expire_time = X509_get_notAfter(x509_); |
| 380 bool long_format; |
| 381 |
| 382 if (expire_time->type == V_ASN1_UTCTIME) { |
| 383 long_format = false; |
| 384 } else if (expire_time->type == V_ASN1_GENERALIZEDTIME) { |
| 385 long_format = true; |
| 386 } else { |
| 387 return -1; |
| 388 } |
| 389 |
| 390 return ASN1TimeToSec(expire_time->data, expire_time->length, long_format); |
| 391 } |
| 392 |
| 376 OpenSSLIdentity::OpenSSLIdentity(OpenSSLKeyPair* key_pair, | 393 OpenSSLIdentity::OpenSSLIdentity(OpenSSLKeyPair* key_pair, |
| 377 OpenSSLCertificate* certificate) | 394 OpenSSLCertificate* certificate) |
| 378 : key_pair_(key_pair), certificate_(certificate) { | 395 : key_pair_(key_pair), certificate_(certificate) { |
| 379 ASSERT(key_pair != NULL); | 396 ASSERT(key_pair != NULL); |
| 380 ASSERT(certificate != NULL); | 397 ASSERT(certificate != NULL); |
| 381 } | 398 } |
| 382 | 399 |
| 383 OpenSSLIdentity::~OpenSSLIdentity() = default; | 400 OpenSSLIdentity::~OpenSSLIdentity() = default; |
| 384 | 401 |
| 385 OpenSSLIdentity* OpenSSLIdentity::GenerateInternal( | 402 OpenSSLIdentity* OpenSSLIdentity::GenerateInternal( |
| 386 const SSLIdentityParams& params) { | 403 const SSLIdentityParams& params) { |
| 387 OpenSSLKeyPair* key_pair = OpenSSLKeyPair::Generate(params.key_params); | 404 OpenSSLKeyPair* key_pair = OpenSSLKeyPair::Generate(params.key_params); |
| 388 if (key_pair) { | 405 if (key_pair) { |
| 389 OpenSSLCertificate* certificate = | 406 OpenSSLCertificate* certificate = |
| 390 OpenSSLCertificate::Generate(key_pair, params); | 407 OpenSSLCertificate::Generate(key_pair, params); |
| 391 if (certificate) | 408 if (certificate) |
| 392 return new OpenSSLIdentity(key_pair, certificate); | 409 return new OpenSSLIdentity(key_pair, certificate); |
| 393 delete key_pair; | 410 delete key_pair; |
| 394 } | 411 } |
| 395 LOG(LS_INFO) << "Identity generation failed"; | 412 LOG(LS_INFO) << "Identity generation failed"; |
| 396 return NULL; | 413 return NULL; |
| 397 } | 414 } |
| 398 | 415 |
| 399 OpenSSLIdentity* OpenSSLIdentity::Generate(const std::string& common_name, | 416 OpenSSLIdentity* OpenSSLIdentity::Generate(const std::string& common_name, |
| 400 const KeyParams& key_params) { | 417 const KeyParams& key_params) { |
| 401 SSLIdentityParams params; | 418 SSLIdentityParams params; |
| 402 params.key_params = key_params; | 419 params.key_params = key_params; |
| 403 params.common_name = common_name; | 420 params.common_name = common_name; |
| 404 params.not_before = CERTIFICATE_WINDOW; | 421 time_t now = time(NULL); |
| 405 params.not_after = CERTIFICATE_LIFETIME; | 422 params.not_before = now + CERTIFICATE_WINDOW; |
| 423 params.not_after = now + CERTIFICATE_LIFETIME; |
| 406 return GenerateInternal(params); | 424 return GenerateInternal(params); |
| 407 } | 425 } |
| 408 | 426 |
| 409 OpenSSLIdentity* OpenSSLIdentity::GenerateForTest( | 427 OpenSSLIdentity* OpenSSLIdentity::GenerateForTest( |
| 410 const SSLIdentityParams& params) { | 428 const SSLIdentityParams& params) { |
| 411 return GenerateInternal(params); | 429 return GenerateInternal(params); |
| 412 } | 430 } |
| 413 | 431 |
| 414 SSLIdentity* OpenSSLIdentity::FromPEMStrings( | 432 SSLIdentity* OpenSSLIdentity::FromPEMStrings( |
| 415 const std::string& private_key, | 433 const std::string& private_key, |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 455 SSL_CTX_use_PrivateKey(ctx, key_pair_->pkey()) != 1) { | 473 SSL_CTX_use_PrivateKey(ctx, key_pair_->pkey()) != 1) { |
| 456 LogSSLErrors("Configuring key and certificate"); | 474 LogSSLErrors("Configuring key and certificate"); |
| 457 return false; | 475 return false; |
| 458 } | 476 } |
| 459 return true; | 477 return true; |
| 460 } | 478 } |
| 461 | 479 |
| 462 } // namespace rtc | 480 } // namespace rtc |
| 463 | 481 |
| 464 #endif // HAVE_OPENSSL_SSL_H | 482 #endif // HAVE_OPENSSL_SSL_H |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1468273004:
Provide method for returning certificate expiration timestamp. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master