andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: /* andre@0: * pkix_expirationchecker.c andre@0: * andre@0: * Functions for expiration validation andre@0: * andre@0: */ andre@0: andre@0: andre@0: #include "pkix_expirationchecker.h" andre@0: andre@0: /* --Private-Functions-------------------------------------------- */ andre@0: andre@0: /* andre@0: * FUNCTION: pkix_ExpirationChecker_Check andre@0: * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h) andre@0: */ andre@0: PKIX_Error * andre@0: pkix_ExpirationChecker_Check( andre@0: PKIX_CertChainChecker *checker, andre@0: PKIX_PL_Cert *cert, andre@0: PKIX_List *unresolvedCriticalExtensions, andre@0: void **pNBIOContext, andre@0: void *plContext) andre@0: { andre@0: PKIX_PL_Date *testDate = NULL; andre@0: andre@0: PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Check"); andre@0: PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext); andre@0: andre@0: *pNBIOContext = NULL; /* we never block on pending I/O */ andre@0: andre@0: PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState andre@0: (checker, (PKIX_PL_Object **)&testDate, plContext), andre@0: PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED); andre@0: andre@0: PKIX_CHECK(PKIX_PL_Cert_CheckValidity(cert, testDate, plContext), andre@0: PKIX_CERTCHECKVALIDITYFAILED); andre@0: andre@0: cleanup: andre@0: andre@0: PKIX_DECREF(testDate); andre@0: andre@0: PKIX_RETURN(CERTCHAINCHECKER); andre@0: andre@0: } andre@0: andre@0: /* andre@0: * FUNCTION: pkix_ExpirationChecker_Initialize andre@0: * DESCRIPTION: andre@0: * andre@0: * Creates a new CertChainChecker and stores it at "pChecker", where it will andre@0: * used by pkix_ExpirationChecker_Check to check that the certificate has not andre@0: * expired with respect to the Date pointed to by "testDate." If "testDate" andre@0: * is NULL, then the CertChainChecker will check that a certificate has not andre@0: * expired with respect to the current date and time. andre@0: * andre@0: * PARAMETERS: andre@0: * "testDate" andre@0: * Address of Date representing the point in time at which the cert is to andre@0: * be validated. If "testDate" is NULL, the current date and time is used. andre@0: * "pChecker" andre@0: * Address where object pointer will be stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CertChainChecker Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: pkix_ExpirationChecker_Initialize( andre@0: PKIX_PL_Date *testDate, andre@0: PKIX_CertChainChecker **pChecker, andre@0: void *plContext) andre@0: { andre@0: PKIX_PL_Date *myDate = NULL; andre@0: PKIX_PL_Date *nowDate = NULL; andre@0: andre@0: PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Initialize"); andre@0: PKIX_NULLCHECK_ONE(pChecker); andre@0: andre@0: /* if testDate is NULL, we use the current time */ andre@0: if (!testDate){ andre@0: PKIX_CHECK(PKIX_PL_Date_Create_UTCTime andre@0: (NULL, &nowDate, plContext), andre@0: PKIX_DATECREATEUTCTIMEFAILED); andre@0: myDate = nowDate; andre@0: } else { andre@0: myDate = testDate; andre@0: } andre@0: andre@0: PKIX_CHECK(PKIX_CertChainChecker_Create andre@0: (pkix_ExpirationChecker_Check, andre@0: PKIX_TRUE, andre@0: PKIX_FALSE, andre@0: NULL, andre@0: (PKIX_PL_Object *)myDate, andre@0: pChecker, andre@0: plContext), andre@0: PKIX_CERTCHAINCHECKERCREATEFAILED); andre@0: andre@0: cleanup: andre@0: andre@0: PKIX_DECREF(nowDate); andre@0: andre@0: PKIX_RETURN(CERTCHAINCHECKER); andre@0: andre@0: }