From b455a445428af3dd51f84f2c07f6b4475a6d705c Mon Sep 17 00:00:00 2001 From: Chris Burr Date: Thu, 19 Dec 2024 14:57:14 +0100 Subject: [PATCH] refactor: Optimise ASN1 decoding in X509Certificate --- src/DIRAC/Core/Security/m2crypto/X509Certificate.py | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/DIRAC/Core/Security/m2crypto/X509Certificate.py b/src/DIRAC/Core/Security/m2crypto/X509Certificate.py index 31eba705971..36fe36b013c 100644 --- a/src/DIRAC/Core/Security/m2crypto/X509Certificate.py +++ b/src/DIRAC/Core/Security/m2crypto/X509Certificate.py @@ -10,6 +10,8 @@ import random import time +import M2Crypto.m2 +import M2Crypto.ASN1 import M2Crypto.X509 @@ -211,8 +213,10 @@ def getNotAfterDate(self): :returns: S_OK( datetime )/S_ERROR """ - - notAfter = self.__certObj.get_not_after().get_datetime() + # Here we use the M2Crypto low level API, as the high level API is notably + # slower due to the conversion to a string and then back to an ASN1_TIME. + rawNotAfter = M2Crypto.m2.x509_get_not_after(self.__certObj.x509) # pylint: disable=no-member + notAfter = M2Crypto.ASN1.ASN1_TIME(rawNotAfter).get_datetime() # M2Crypto does things correctly by setting a timezone info in the datetime # However, we do not in DIRAC, and so we can't compare the dates. @@ -242,7 +246,10 @@ def getNotBeforeDate(self): :returns: S_OK( datetime )/S_ERROR """ - return S_OK(self.__certObj.get_not_before().get_datetime()) + # Here we use the M2Crypto low level API, as the high level API is notably + # slower due to the conversion to a string and then back to an ASN1_TIME. + rawNotBefore = M2Crypto.m2.x509_get_not_before(self.__certObj.x509) # pylint: disable=no-member + return S_OK(M2Crypto.ASN1.ASN1_TIME(rawNotBefore).get_datetime()) # @executeOnlyIfCertLoaded # def setNotBefore(self, notbefore):