OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 /* | 4 /* |
5 * pkix_expirationchecker.c | 5 * pkix_expirationchecker.c |
6 * | 6 * |
7 * Functions for expiration validation | 7 * Functions for expiration validation |
8 * | 8 * |
9 */ | 9 */ |
10 | 10 |
11 | |
12 #include "pkix_expirationchecker.h" | 11 #include "pkix_expirationchecker.h" |
13 | 12 |
14 /* --Private-Functions-------------------------------------------- */ | 13 /* --Private-Functions-------------------------------------------- */ |
15 | 14 |
16 /* | 15 /* |
17 * FUNCTION: pkix_ExpirationChecker_Check | 16 * FUNCTION: pkix_ExpirationChecker_Check |
18 * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h) | 17 * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h) |
19 */ | 18 */ |
20 PKIX_Error * | 19 PKIX_Error *pkix_ExpirationChecker_Check( |
21 pkix_ExpirationChecker_Check( | 20 PKIX_CertChainChecker *checker, PKIX_PL_Cert *cert, |
22 PKIX_CertChainChecker *checker, | 21 PKIX_List *unresolvedCriticalExtensions, void **pNBIOContext, |
23 PKIX_PL_Cert *cert, | 22 void *plContext) { |
24 PKIX_List *unresolvedCriticalExtensions, | 23 PKIX_PL_Date *testDate = NULL; |
25 void **pNBIOContext, | |
26 void *plContext) | |
27 { | |
28 PKIX_PL_Date *testDate = NULL; | |
29 | 24 |
30 PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Check"); | 25 PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Check"); |
31 PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext); | 26 PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext); |
32 | 27 |
33 *pNBIOContext = NULL; /* we never block on pending I/O */ | 28 *pNBIOContext = NULL; /* we never block on pending I/O */ |
34 | 29 |
35 PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState | 30 PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState( |
36 (checker, (PKIX_PL_Object **)&testDate, plContext), | 31 checker, (PKIX_PL_Object **)&testDate, plContext), |
37 PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED); | 32 PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED); |
38 | 33 |
39 PKIX_CHECK(PKIX_PL_Cert_CheckValidity(cert, testDate, plContext), | 34 PKIX_CHECK(PKIX_PL_Cert_CheckValidity(cert, testDate, plContext), |
40 PKIX_CERTCHECKVALIDITYFAILED); | 35 PKIX_CERTCHECKVALIDITYFAILED); |
41 | 36 |
42 cleanup: | 37 cleanup: |
43 | 38 |
44 PKIX_DECREF(testDate); | 39 PKIX_DECREF(testDate); |
45 | 40 |
46 PKIX_RETURN(CERTCHAINCHECKER); | 41 PKIX_RETURN(CERTCHAINCHECKER); |
47 | |
48 } | 42 } |
49 | 43 |
50 /* | 44 /* |
51 * FUNCTION: pkix_ExpirationChecker_Initialize | 45 * FUNCTION: pkix_ExpirationChecker_Initialize |
52 * DESCRIPTION: | 46 * DESCRIPTION: |
53 * | 47 * |
54 * Creates a new CertChainChecker and stores it at "pChecker", where it will | 48 * Creates a new CertChainChecker and stores it at "pChecker", where it will |
55 * used by pkix_ExpirationChecker_Check to check that the certificate has not | 49 * used by pkix_ExpirationChecker_Check to check that the certificate has not |
56 * expired with respect to the Date pointed to by "testDate." If "testDate" | 50 * expired with respect to the Date pointed to by "testDate." If "testDate" |
57 * is NULL, then the CertChainChecker will check that a certificate has not | 51 * is NULL, then the CertChainChecker will check that a certificate has not |
58 * expired with respect to the current date and time. | 52 * expired with respect to the current date and time. |
59 * | 53 * |
60 * PARAMETERS: | 54 * PARAMETERS: |
61 * "testDate" | 55 * "testDate" |
62 * Address of Date representing the point in time at which the cert is to | 56 * Address of Date representing the point in time at which the cert is to |
63 * be validated. If "testDate" is NULL, the current date and time is used. | 57 * be validated. If "testDate" is NULL, the current date and time is used. |
64 * "pChecker" | 58 * "pChecker" |
65 * Address where object pointer will be stored. Must be non-NULL. | 59 * Address where object pointer will be stored. Must be non-NULL. |
66 * "plContext" | 60 * "plContext" |
67 * Platform-specific context pointer. | 61 * Platform-specific context pointer. |
68 * THREAD SAFETY: | 62 * THREAD SAFETY: |
69 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | 63 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
70 * RETURNS: | 64 * RETURNS: |
71 * Returns NULL if the function succeeds. | 65 * Returns NULL if the function succeeds. |
72 * Returns a CertChainChecker Error if the function fails in a non-fatal way. | 66 * Returns a CertChainChecker Error if the function fails in a non-fatal way. |
73 * Returns a Fatal Error if the function fails in an unrecoverable way. | 67 * Returns a Fatal Error if the function fails in an unrecoverable way. |
74 */ | 68 */ |
75 PKIX_Error * | 69 PKIX_Error *pkix_ExpirationChecker_Initialize(PKIX_PL_Date *testDate, |
76 pkix_ExpirationChecker_Initialize( | 70 PKIX_CertChainChecker **pChecker, |
77 PKIX_PL_Date *testDate, | 71 void *plContext) { |
78 PKIX_CertChainChecker **pChecker, | 72 PKIX_PL_Date *myDate = NULL; |
79 void *plContext) | 73 PKIX_PL_Date *nowDate = NULL; |
80 { | |
81 PKIX_PL_Date *myDate = NULL; | |
82 PKIX_PL_Date *nowDate = NULL; | |
83 | 74 |
84 PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Initialize"); | 75 PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Initialize"); |
85 PKIX_NULLCHECK_ONE(pChecker); | 76 PKIX_NULLCHECK_ONE(pChecker); |
86 | 77 |
87 /* if testDate is NULL, we use the current time */ | 78 /* if testDate is NULL, we use the current time */ |
88 if (!testDate){ | 79 if (!testDate) { |
89 PKIX_CHECK(PKIX_PL_Date_Create_UTCTime | 80 PKIX_CHECK(PKIX_PL_Date_Create_UTCTime(NULL, &nowDate, plContext), |
90 (NULL, &nowDate, plContext), | 81 PKIX_DATECREATEUTCTIMEFAILED); |
91 PKIX_DATECREATEUTCTIMEFAILED); | 82 myDate = nowDate; |
92 myDate = nowDate; | 83 } else { |
93 } else { | 84 myDate = testDate; |
94 myDate = testDate; | 85 } |
95 } | |
96 | 86 |
97 PKIX_CHECK(PKIX_CertChainChecker_Create | 87 PKIX_CHECK(PKIX_CertChainChecker_Create( |
98 (pkix_ExpirationChecker_Check, | 88 pkix_ExpirationChecker_Check, PKIX_TRUE, PKIX_FALSE, NULL, |
99 PKIX_TRUE, | 89 (PKIX_PL_Object *)myDate, pChecker, plContext), |
100 PKIX_FALSE, | 90 PKIX_CERTCHAINCHECKERCREATEFAILED); |
101 NULL, | |
102 (PKIX_PL_Object *)myDate, | |
103 pChecker, | |
104 plContext), | |
105 PKIX_CERTCHAINCHECKERCREATEFAILED); | |
106 | 91 |
107 cleanup: | 92 cleanup: |
108 | 93 |
109 PKIX_DECREF(nowDate); | 94 PKIX_DECREF(nowDate); |
110 | 95 |
111 PKIX_RETURN(CERTCHAINCHECKER); | 96 PKIX_RETURN(CERTCHAINCHECKER); |
112 | |
113 } | 97 } |
OLD | NEW |