security/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.c@b8a032363ba2
security/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.c
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rwxr-xr-x
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /*
5 * pkix_expirationchecker.c
6 *
7 * Functions for expiration validation
8 *
9 */
12 #include "pkix_expirationchecker.h"
14 /* --Private-Functions-------------------------------------------- */
16 /*
17 * FUNCTION: pkix_ExpirationChecker_Check
18 * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
19 */
20 PKIX_Error *
21 pkix_ExpirationChecker_Check(
22 PKIX_CertChainChecker *checker,
23 PKIX_PL_Cert *cert,
24 PKIX_List *unresolvedCriticalExtensions,
25 void **pNBIOContext,
26 void *plContext)
27 {
28 PKIX_PL_Date *testDate = NULL;
30 PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Check");
31 PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
33 *pNBIOContext = NULL; /* we never block on pending I/O */
35 PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
36 (checker, (PKIX_PL_Object **)&testDate, plContext),
37 PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
39 PKIX_CHECK(PKIX_PL_Cert_CheckValidity(cert, testDate, plContext),
40 PKIX_CERTCHECKVALIDITYFAILED);
42 cleanup:
44 PKIX_DECREF(testDate);
46 PKIX_RETURN(CERTCHAINCHECKER);
48 }
50 /*
51 * FUNCTION: pkix_ExpirationChecker_Initialize
52 * DESCRIPTION:
53 *
54 * Creates a new CertChainChecker and stores it at "pChecker", where it will
55 * used by pkix_ExpirationChecker_Check to check that the certificate has not
56 * expired with respect to the Date pointed to by "testDate." If "testDate"
57 * is NULL, then the CertChainChecker will check that a certificate has not
58 * expired with respect to the current date and time.
59 *
60 * PARAMETERS:
61 * "testDate"
62 * Address of Date representing the point in time at which the cert is to
63 * be validated. If "testDate" is NULL, the current date and time is used.
64 * "pChecker"
65 * Address where object pointer will be stored. Must be non-NULL.
66 * "plContext"
67 * Platform-specific context pointer.
68 * THREAD SAFETY:
69 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
70 * RETURNS:
71 * Returns NULL if the function succeeds.
72 * Returns a CertChainChecker Error if the function fails in a non-fatal way.
73 * Returns a Fatal Error if the function fails in an unrecoverable way.
74 */
75 PKIX_Error *
76 pkix_ExpirationChecker_Initialize(
77 PKIX_PL_Date *testDate,
78 PKIX_CertChainChecker **pChecker,
79 void *plContext)
80 {
81 PKIX_PL_Date *myDate = NULL;
82 PKIX_PL_Date *nowDate = NULL;
84 PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Initialize");
85 PKIX_NULLCHECK_ONE(pChecker);
87 /* if testDate is NULL, we use the current time */
88 if (!testDate){
89 PKIX_CHECK(PKIX_PL_Date_Create_UTCTime
90 (NULL, &nowDate, plContext),
91 PKIX_DATECREATEUTCTIMEFAILED);
92 myDate = nowDate;
93 } else {
94 myDate = testDate;
95 }
97 PKIX_CHECK(PKIX_CertChainChecker_Create
98 (pkix_ExpirationChecker_Check,
99 PKIX_TRUE,
100 PKIX_FALSE,
101 NULL,
102 (PKIX_PL_Object *)myDate,
103 pChecker,
104 plContext),
105 PKIX_CERTCHAINCHECKERCREATEFAILED);
107 cleanup:
109 PKIX_DECREF(nowDate);
111 PKIX_RETURN(CERTCHAINCHECKER);
113 }
