michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: /* michael@0: * pkix_expirationchecker.c michael@0: * michael@0: * Functions for expiration validation michael@0: * michael@0: */ michael@0: michael@0: michael@0: #include "pkix_expirationchecker.h" michael@0: michael@0: /* --Private-Functions-------------------------------------------- */ michael@0: michael@0: /* michael@0: * FUNCTION: pkix_ExpirationChecker_Check michael@0: * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h) michael@0: */ michael@0: PKIX_Error * michael@0: pkix_ExpirationChecker_Check( michael@0: PKIX_CertChainChecker *checker, michael@0: PKIX_PL_Cert *cert, michael@0: PKIX_List *unresolvedCriticalExtensions, michael@0: void **pNBIOContext, michael@0: void *plContext) michael@0: { michael@0: PKIX_PL_Date *testDate = NULL; michael@0: michael@0: PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Check"); michael@0: PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext); michael@0: michael@0: *pNBIOContext = NULL; /* we never block on pending I/O */ michael@0: michael@0: PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState michael@0: (checker, (PKIX_PL_Object **)&testDate, plContext), michael@0: PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED); michael@0: michael@0: PKIX_CHECK(PKIX_PL_Cert_CheckValidity(cert, testDate, plContext), michael@0: PKIX_CERTCHECKVALIDITYFAILED); michael@0: michael@0: cleanup: michael@0: michael@0: PKIX_DECREF(testDate); michael@0: michael@0: PKIX_RETURN(CERTCHAINCHECKER); michael@0: michael@0: } michael@0: michael@0: /* michael@0: * FUNCTION: pkix_ExpirationChecker_Initialize michael@0: * DESCRIPTION: michael@0: * michael@0: * Creates a new CertChainChecker and stores it at "pChecker", where it will michael@0: * used by pkix_ExpirationChecker_Check to check that the certificate has not michael@0: * expired with respect to the Date pointed to by "testDate." If "testDate" michael@0: * is NULL, then the CertChainChecker will check that a certificate has not michael@0: * expired with respect to the current date and time. michael@0: * michael@0: * PARAMETERS: michael@0: * "testDate" michael@0: * Address of Date representing the point in time at which the cert is to michael@0: * be validated. If "testDate" is NULL, the current date and time is used. michael@0: * "pChecker" michael@0: * Address where object pointer will be stored. Must be non-NULL. michael@0: * "plContext" michael@0: * Platform-specific context pointer. michael@0: * THREAD SAFETY: michael@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) michael@0: * RETURNS: michael@0: * Returns NULL if the function succeeds. michael@0: * Returns a CertChainChecker Error if the function fails in a non-fatal way. michael@0: * Returns a Fatal Error if the function fails in an unrecoverable way. michael@0: */ michael@0: PKIX_Error * michael@0: pkix_ExpirationChecker_Initialize( michael@0: PKIX_PL_Date *testDate, michael@0: PKIX_CertChainChecker **pChecker, michael@0: void *plContext) michael@0: { michael@0: PKIX_PL_Date *myDate = NULL; michael@0: PKIX_PL_Date *nowDate = NULL; michael@0: michael@0: PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Initialize"); michael@0: PKIX_NULLCHECK_ONE(pChecker); michael@0: michael@0: /* if testDate is NULL, we use the current time */ michael@0: if (!testDate){ michael@0: PKIX_CHECK(PKIX_PL_Date_Create_UTCTime michael@0: (NULL, &nowDate, plContext), michael@0: PKIX_DATECREATEUTCTIMEFAILED); michael@0: myDate = nowDate; michael@0: } else { michael@0: myDate = testDate; michael@0: } michael@0: michael@0: PKIX_CHECK(PKIX_CertChainChecker_Create michael@0: (pkix_ExpirationChecker_Check, michael@0: PKIX_TRUE, michael@0: PKIX_FALSE, michael@0: NULL, michael@0: (PKIX_PL_Object *)myDate, michael@0: pChecker, michael@0: plContext), michael@0: PKIX_CERTCHAINCHECKERCREATEFAILED); michael@0: michael@0: cleanup: michael@0: michael@0: PKIX_DECREF(nowDate); michael@0: michael@0: PKIX_RETURN(CERTCHAINCHECKER); michael@0: michael@0: }