This CL addresses late feedback on https://codereview.webrtc.org/1683193003/ BUG= R=hbos@webrtc.org, perkj@webrtc.org Review URL: https://codereview.webrtc.org/1844313002 . Cr-Commit-Position: refs/heads/master@{#12179}
diff --git a/webrtc/base/opensslidentity.cc b/webrtc/base/opensslidentity.cc index 24b97b1..9c2112e 100644 --- a/webrtc/base/opensslidentity.cc +++ b/webrtc/base/opensslidentity.cc
@@ -407,16 +407,18 @@ return NULL; } -OpenSSLIdentity* OpenSSLIdentity::Generate(const std::string& common_name, - const KeyParams& key_params, - time_t certificate_lifetime) { +OpenSSLIdentity* OpenSSLIdentity::GenerateWithExpiration( + const std::string& common_name, + const KeyParams& key_params, + time_t certificate_lifetime) { SSLIdentityParams params; params.key_params = key_params; params.common_name = common_name; time_t now = time(NULL); - params.not_before = now + kCertificateWindow; + params.not_before = now + kCertificateWindowInSeconds; params.not_after = now + certificate_lifetime; - RTC_DCHECK(params.not_before < params.not_after); + if (params.not_before > params.not_after) + return nullptr; return GenerateInternal(params); }
diff --git a/webrtc/base/opensslidentity.h b/webrtc/base/opensslidentity.h index 8b30e60..df49508 100644 --- a/webrtc/base/opensslidentity.h +++ b/webrtc/base/opensslidentity.h
@@ -101,9 +101,9 @@ // them consistently. class OpenSSLIdentity : public SSLIdentity { public: - static OpenSSLIdentity* Generate(const std::string& common_name, - const KeyParams& key_params, - time_t certificate_lifetime); + static OpenSSLIdentity* GenerateWithExpiration(const std::string& common_name, + const KeyParams& key_params, + time_t certificate_lifetime); static OpenSSLIdentity* GenerateForTest(const SSLIdentityParams& params); static SSLIdentity* FromPEMStrings(const std::string& private_key, const std::string& certificate);
diff --git a/webrtc/base/sslidentity.cc b/webrtc/base/sslidentity.cc index 14dfeb7..5fa8bbf 100644 --- a/webrtc/base/sslidentity.cc +++ b/webrtc/base/sslidentity.cc
@@ -156,25 +156,25 @@ } // static -SSLIdentity* SSLIdentity::Generate(const std::string& common_name, - const KeyParams& key_params, - time_t certificate_lifetime) { - return OpenSSLIdentity::Generate(common_name, key_params, - certificate_lifetime); +SSLIdentity* SSLIdentity::GenerateWithExpiration(const std::string& common_name, + const KeyParams& key_params, + time_t certificate_lifetime) { + return OpenSSLIdentity::GenerateWithExpiration(common_name, key_params, + certificate_lifetime); } // static SSLIdentity* SSLIdentity::Generate(const std::string& common_name, const KeyParams& key_params) { - return OpenSSLIdentity::Generate(common_name, key_params, - kDefaultCertificateLifetime); + return OpenSSLIdentity::GenerateWithExpiration( + common_name, key_params, kDefaultCertificateLifetimeInSeconds); } // static SSLIdentity* SSLIdentity::Generate(const std::string& common_name, KeyType key_type) { - return OpenSSLIdentity::Generate(common_name, KeyParams(key_type), - kDefaultCertificateLifetime); + return OpenSSLIdentity::GenerateWithExpiration( + common_name, KeyParams(key_type), kDefaultCertificateLifetimeInSeconds); } SSLIdentity* SSLIdentity::GenerateForTest(const SSLIdentityParams& params) {
diff --git a/webrtc/base/sslidentity.h b/webrtc/base/sslidentity.h index be0f3aa..77c9e18 100644 --- a/webrtc/base/sslidentity.h +++ b/webrtc/base/sslidentity.h
@@ -127,10 +127,11 @@ static const int kRsaMaxModSize = 8192; // Certificate default validity lifetime. -static const int kDefaultCertificateLifetime = 60 * 60 * 24 * 30; // 30 days +static const int kDefaultCertificateLifetimeInSeconds = + 60 * 60 * 24 * 30; // 30 days // Certificate validity window. // This is to compensate for slightly incorrect system clocks. -static const int kCertificateWindow = -60 * 60 * 24; +static const int kCertificateWindowInSeconds = -60 * 60 * 24; struct RSAParams { unsigned int mod_size; @@ -198,9 +199,9 @@ // should be a non-negative number. // Returns NULL on failure. // Caller is responsible for freeing the returned object. - static SSLIdentity* Generate(const std::string& common_name, - const KeyParams& key_param, - time_t certificate_lifetime); + static SSLIdentity* GenerateWithExpiration(const std::string& common_name, + const KeyParams& key_param, + time_t certificate_lifetime); static SSLIdentity* Generate(const std::string& common_name, const KeyParams& key_param); static SSLIdentity* Generate(const std::string& common_name,
diff --git a/webrtc/base/sslidentity_unittest.cc b/webrtc/base/sslidentity_unittest.cc index e9e9f98..f110f76 100644 --- a/webrtc/base/sslidentity_unittest.cc +++ b/webrtc/base/sslidentity_unittest.cc
@@ -397,7 +397,7 @@ rtc::CreateRandomId() % (0x80000000 - time_before_generation); rtc::KeyParams key_params = rtc::KeyParams::ECDSA(rtc::EC_NIST_P256); SSLIdentity* identity = - rtc::SSLIdentity::Generate("", key_params, lifetime); + rtc::SSLIdentity::GenerateWithExpiration("", key_params, lifetime); time_t time_after_generation = time(nullptr); EXPECT_LE(time_before_generation + lifetime, identity->certificate().CertificateExpirationTime());