security/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.c@b8a032363ba2 (annotated)
security/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.c
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rwxr-xr-x
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
| michael@0 | 1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 4 | /* |
| michael@0 | 5 | * pkix_expirationchecker.c |
| michael@0 | 6 | * |
| michael@0 | 7 | * Functions for expiration validation |
| michael@0 | 8 | * |
| michael@0 | 9 | */ |
| michael@0 | 10 | |
| michael@0 | 11 | |
| michael@0 | 12 | #include "pkix_expirationchecker.h" |
| michael@0 | 13 | |
| michael@0 | 14 | /* --Private-Functions-------------------------------------------- */ |
| michael@0 | 15 | |
| michael@0 | 16 | /* |
| michael@0 | 17 | * FUNCTION: pkix_ExpirationChecker_Check |
| michael@0 | 18 | * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h) |
| michael@0 | 19 | */ |
| michael@0 | 20 | PKIX_Error * |
| michael@0 | 21 | pkix_ExpirationChecker_Check( |
| michael@0 | 22 | PKIX_CertChainChecker *checker, |
| michael@0 | 23 | PKIX_PL_Cert *cert, |
| michael@0 | 24 | PKIX_List *unresolvedCriticalExtensions, |
| michael@0 | 25 | void **pNBIOContext, |
| michael@0 | 26 | void *plContext) |
| michael@0 | 27 | { |
| michael@0 | 28 | PKIX_PL_Date *testDate = NULL; |
| michael@0 | 29 | |
| michael@0 | 30 | PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Check"); |
| michael@0 | 31 | PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext); |
| michael@0 | 32 | |
| michael@0 | 33 | *pNBIOContext = NULL; /* we never block on pending I/O */ |
| michael@0 | 34 | |
| michael@0 | 35 | PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState |
| michael@0 | 36 | (checker, (PKIX_PL_Object **)&testDate, plContext), |
| michael@0 | 37 | PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED); |
| michael@0 | 38 | |
| michael@0 | 39 | PKIX_CHECK(PKIX_PL_Cert_CheckValidity(cert, testDate, plContext), |
| michael@0 | 40 | PKIX_CERTCHECKVALIDITYFAILED); |
| michael@0 | 41 | |
| michael@0 | 42 | cleanup: |
| michael@0 | 43 | |
| michael@0 | 44 | PKIX_DECREF(testDate); |
| michael@0 | 45 | |
| michael@0 | 46 | PKIX_RETURN(CERTCHAINCHECKER); |
| michael@0 | 47 | |
| michael@0 | 48 | } |
| michael@0 | 49 | |
| michael@0 | 50 | /* |
| michael@0 | 51 | * FUNCTION: pkix_ExpirationChecker_Initialize |
| michael@0 | 52 | * DESCRIPTION: |
| michael@0 | 53 | * |
| michael@0 | 54 | * Creates a new CertChainChecker and stores it at "pChecker", where it will |
| michael@0 | 55 | * used by pkix_ExpirationChecker_Check to check that the certificate has not |
| michael@0 | 56 | * expired with respect to the Date pointed to by "testDate." If "testDate" |
| michael@0 | 57 | * is NULL, then the CertChainChecker will check that a certificate has not |
| michael@0 | 58 | * expired with respect to the current date and time. |
| michael@0 | 59 | * |
| michael@0 | 60 | * PARAMETERS: |
| michael@0 | 61 | * "testDate" |
| michael@0 | 62 | * Address of Date representing the point in time at which the cert is to |
| michael@0 | 63 | * be validated. If "testDate" is NULL, the current date and time is used. |
| michael@0 | 64 | * "pChecker" |
| michael@0 | 65 | * Address where object pointer will be stored. Must be non-NULL. |
| michael@0 | 66 | * "plContext" |
| michael@0 | 67 | * Platform-specific context pointer. |
| michael@0 | 68 | * THREAD SAFETY: |
| michael@0 | 69 | * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| michael@0 | 70 | * RETURNS: |
| michael@0 | 71 | * Returns NULL if the function succeeds. |
| michael@0 | 72 | * Returns a CertChainChecker Error if the function fails in a non-fatal way. |
| michael@0 | 73 | * Returns a Fatal Error if the function fails in an unrecoverable way. |
| michael@0 | 74 | */ |
| michael@0 | 75 | PKIX_Error * |
| michael@0 | 76 | pkix_ExpirationChecker_Initialize( |
| michael@0 | 77 | PKIX_PL_Date *testDate, |
| michael@0 | 78 | PKIX_CertChainChecker **pChecker, |
| michael@0 | 79 | void *plContext) |
| michael@0 | 80 | { |
| michael@0 | 81 | PKIX_PL_Date *myDate = NULL; |
| michael@0 | 82 | PKIX_PL_Date *nowDate = NULL; |
| michael@0 | 83 | |
| michael@0 | 84 | PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Initialize"); |
| michael@0 | 85 | PKIX_NULLCHECK_ONE(pChecker); |
| michael@0 | 86 | |
| michael@0 | 87 | /* if testDate is NULL, we use the current time */ |
| michael@0 | 88 | if (!testDate){ |
| michael@0 | 89 | PKIX_CHECK(PKIX_PL_Date_Create_UTCTime |
| michael@0 | 90 | (NULL, &nowDate, plContext), |
| michael@0 | 91 | PKIX_DATECREATEUTCTIMEFAILED); |
| michael@0 | 92 | myDate = nowDate; |
| michael@0 | 93 | } else { |
| michael@0 | 94 | myDate = testDate; |
| michael@0 | 95 | } |
| michael@0 | 96 | |
| michael@0 | 97 | PKIX_CHECK(PKIX_CertChainChecker_Create |
| michael@0 | 98 | (pkix_ExpirationChecker_Check, |
| michael@0 | 99 | PKIX_TRUE, |
| michael@0 | 100 | PKIX_FALSE, |
| michael@0 | 101 | NULL, |
| michael@0 | 102 | (PKIX_PL_Object *)myDate, |
| michael@0 | 103 | pChecker, |
| michael@0 | 104 | plContext), |
| michael@0 | 105 | PKIX_CERTCHAINCHECKERCREATEFAILED); |
| michael@0 | 106 | |
| michael@0 | 107 | cleanup: |
| michael@0 | 108 | |
| michael@0 | 109 | PKIX_DECREF(nowDate); |
| michael@0 | 110 | |
| michael@0 | 111 | PKIX_RETURN(CERTCHAINCHECKER); |
| michael@0 | 112 | |
| michael@0 | 113 | } |
