Skip to content

Commit

Permalink
Merge pull request #7963 from chrisburr/asn1-faster
Browse files Browse the repository at this point in the history
[v8.0] Optimise ASN1 decoding in X509Certificate
  • Loading branch information
chaen authored Dec 20, 2024
2 parents 0169e53 + b455a44 commit e775ffa
Showing 1 changed file with 10 additions and 3 deletions.
13 changes: 10 additions & 3 deletions src/DIRAC/Core/Security/m2crypto/X509Certificate.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@
import random
import time

import M2Crypto.m2
import M2Crypto.ASN1
import M2Crypto.X509


Expand Down Expand Up @@ -211,8 +213,10 @@ def getNotAfterDate(self):
:returns: S_OK( datetime )/S_ERROR
"""

notAfter = self.__certObj.get_not_after().get_datetime()
# Here we use the M2Crypto low level API, as the high level API is notably
# slower due to the conversion to a string and then back to an ASN1_TIME.
rawNotAfter = M2Crypto.m2.x509_get_not_after(self.__certObj.x509) # pylint: disable=no-member
notAfter = M2Crypto.ASN1.ASN1_TIME(rawNotAfter).get_datetime()

# M2Crypto does things correctly by setting a timezone info in the datetime
# However, we do not in DIRAC, and so we can't compare the dates.
Expand Down Expand Up @@ -242,7 +246,10 @@ def getNotBeforeDate(self):
:returns: S_OK( datetime )/S_ERROR
"""
return S_OK(self.__certObj.get_not_before().get_datetime())
# Here we use the M2Crypto low level API, as the high level API is notably
# slower due to the conversion to a string and then back to an ASN1_TIME.
rawNotBefore = M2Crypto.m2.x509_get_not_before(self.__certObj.x509) # pylint: disable=no-member
return S_OK(M2Crypto.ASN1.ASN1_TIME(rawNotBefore).get_datetime())

# @executeOnlyIfCertLoaded
# def setNotBefore(self, notbefore):
Expand Down

0 comments on commit e775ffa

Please sign in to comment.