1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,113 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +/*
1.8 + * pkix_expirationchecker.c
1.9 + *
1.10 + * Functions for expiration validation
1.11 + *
1.12 + */
1.13 +
1.14 +
1.15 +#include "pkix_expirationchecker.h"
1.16 +
1.17 +/* --Private-Functions-------------------------------------------- */
1.18 +
1.19 +/*
1.20 + * FUNCTION: pkix_ExpirationChecker_Check
1.21 + * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
1.22 + */
1.23 +PKIX_Error *
1.24 +pkix_ExpirationChecker_Check(
1.25 + PKIX_CertChainChecker *checker,
1.26 + PKIX_PL_Cert *cert,
1.27 + PKIX_List *unresolvedCriticalExtensions,
1.28 + void **pNBIOContext,
1.29 + void *plContext)
1.30 +{
1.31 + PKIX_PL_Date *testDate = NULL;
1.32 +
1.33 + PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Check");
1.34 + PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
1.35 +
1.36 + *pNBIOContext = NULL; /* we never block on pending I/O */
1.37 +
1.38 + PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
1.39 + (checker, (PKIX_PL_Object **)&testDate, plContext),
1.40 + PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
1.41 +
1.42 + PKIX_CHECK(PKIX_PL_Cert_CheckValidity(cert, testDate, plContext),
1.43 + PKIX_CERTCHECKVALIDITYFAILED);
1.44 +
1.45 +cleanup:
1.46 +
1.47 + PKIX_DECREF(testDate);
1.48 +
1.49 + PKIX_RETURN(CERTCHAINCHECKER);
1.50 +
1.51 +}
1.52 +
1.53 +/*
1.54 + * FUNCTION: pkix_ExpirationChecker_Initialize
1.55 + * DESCRIPTION:
1.56 + *
1.57 + * Creates a new CertChainChecker and stores it at "pChecker", where it will
1.58 + * used by pkix_ExpirationChecker_Check to check that the certificate has not
1.59 + * expired with respect to the Date pointed to by "testDate." If "testDate"
1.60 + * is NULL, then the CertChainChecker will check that a certificate has not
1.61 + * expired with respect to the current date and time.
1.62 + *
1.63 + * PARAMETERS:
1.64 + * "testDate"
1.65 + * Address of Date representing the point in time at which the cert is to
1.66 + * be validated. If "testDate" is NULL, the current date and time is used.
1.67 + * "pChecker"
1.68 + * Address where object pointer will be stored. Must be non-NULL.
1.69 + * "plContext"
1.70 + * Platform-specific context pointer.
1.71 + * THREAD SAFETY:
1.72 + * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1.73 + * RETURNS:
1.74 + * Returns NULL if the function succeeds.
1.75 + * Returns a CertChainChecker Error if the function fails in a non-fatal way.
1.76 + * Returns a Fatal Error if the function fails in an unrecoverable way.
1.77 + */
1.78 +PKIX_Error *
1.79 +pkix_ExpirationChecker_Initialize(
1.80 + PKIX_PL_Date *testDate,
1.81 + PKIX_CertChainChecker **pChecker,
1.82 + void *plContext)
1.83 +{
1.84 + PKIX_PL_Date *myDate = NULL;
1.85 + PKIX_PL_Date *nowDate = NULL;
1.86 +
1.87 + PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Initialize");
1.88 + PKIX_NULLCHECK_ONE(pChecker);
1.89 +
1.90 + /* if testDate is NULL, we use the current time */
1.91 + if (!testDate){
1.92 + PKIX_CHECK(PKIX_PL_Date_Create_UTCTime
1.93 + (NULL, &nowDate, plContext),
1.94 + PKIX_DATECREATEUTCTIMEFAILED);
1.95 + myDate = nowDate;
1.96 + } else {
1.97 + myDate = testDate;
1.98 + }
1.99 +
1.100 + PKIX_CHECK(PKIX_CertChainChecker_Create
1.101 + (pkix_ExpirationChecker_Check,
1.102 + PKIX_TRUE,
1.103 + PKIX_FALSE,
1.104 + NULL,
1.105 + (PKIX_PL_Object *)myDate,
1.106 + pChecker,
1.107 + plContext),
1.108 + PKIX_CERTCHAINCHECKERCREATEFAILED);
1.109 +
1.110 +cleanup:
1.111 +
1.112 + PKIX_DECREF(nowDate);
1.113 +
1.114 + PKIX_RETURN(CERTCHAINCHECKER);
1.115 +
1.116 +}
