Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1098)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: webrtc/base/sslidentity.cc

Issue 1468273004: Provide method for returning certificate expiration timestamp. (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master
Patch Set: Address hbos' feedback comments Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« webrtc/base/sslidentity.h ('K') | « webrtc/base/sslidentity.h ('k') | webrtc/base/sslidentity_unittest.cc » ('j') | webrtc/base/sslidentity_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: webrtc/base/sslidentity.cc
diff --git a/webrtc/base/sslidentity.cc b/webrtc/base/sslidentity.cc
index 180e60c58bbdeea6f67bab7331d93d6cba88dda6..4e431d5758400a3c5fef73b490b77c8b6b74f0e5 100644
--- a/webrtc/base/sslidentity.cc
+++ b/webrtc/base/sslidentity.cc
@@ -15,6 +15,7 @@
#include "webrtc/base/sslidentity.h"
+#include <ctime>
#include <string>
#include "webrtc/base/base64.h"
@@ -177,4 +178,63 @@ SSLIdentity* SSLIdentity::FromPEMStrings(const std::string& private_key,
#endif // SSL_USE_OPENSSL
+// Read |n| bytes from ASN1 number string at *|pp| and return the numeric value.
+// Update *|pp| and *|np| to reflect number of read bytes.
+static int ASN1ReadInt(const unsigned char** pp, size_t* np, size_t n) {
+ const unsigned char* p = *pp;
+ int x = 0;
+ for (size_t i = 0; i < n; i++) {
+ x = 10 * x + p[i] - '0';
+ }
+ *pp = p + n;
+ *np = *np - n;
+ return x;
+}
+
+int64_t ASN1TimeToSec(const unsigned char *s, size_t length, bool long_format) {
+ std::tm tm;
+ int year;
+ size_t bytes_left = length;
+
+ // Read out ASN1 year, in either 2-char "UTCTIME" or 4-char "GENERALIZEDTIME"
+ // format. Both format use UTC in this context.
+ if (long_format) {
+ // ASN1 format: yyyymmddhh[mm[ss[.fff]]]Z where the Z is literal, but
+ // RFC 5280 requires us to only support exactly yyyymmddhhmmssZ.
+
+ if (bytes_left < 11)
+ return -1;
+
+ year = ASN1ReadInt(&s, &bytes_left, 4);
+ year -= 1900;
+ } else {
+ // ASN1 format: yymmddhhmm[ss]Z where the Z is literal, but RFC 5280
+ // requires us to only support exactly yymmddhhmmssZ.
+
+ if (bytes_left < 9)
+ return -1;
+
+ year = ASN1ReadInt(&s, &bytes_left, 2);
+ if (year < 70)
+ year += 100;
nisse-webrtc 2015/11/27 12:47:12 It would be nice to return -1 for *all* invalid in
torbjorng (webrtc) 2015/11/30 15:23:31 Done (using strspn).
+ }
+
+ tm.tm_year = year;
+
+ // Read out remaining ASN1 time data and store it in |tm| in documented
+ // std::tm format.
+ tm.tm_mon = ASN1ReadInt(&s, &bytes_left, 2) - 1;
+ tm.tm_mday = ASN1ReadInt(&s, &bytes_left, 2);
+ tm.tm_hour = ASN1ReadInt(&s, &bytes_left, 2);
+ tm.tm_min = ASN1ReadInt(&s, &bytes_left, 2);
+ tm.tm_sec = ASN1ReadInt(&s, &bytes_left, 2);
+
+ if (bytes_left != 1 || s[0] != 'Z') {
+ // A final Z means UTC, mandated by RFC 5280, and compatible with OpenSSL.
+ return -1;
+ }
+
+ return TmToSeconds(tm);
+}
+
} // namespace rtc
« webrtc/base/sslidentity.h ('K') | « webrtc/base/sslidentity.h ('k') | webrtc/base/sslidentity_unittest.cc » ('j') | webrtc/base/sslidentity_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698