1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /*
5 * pkix_expirationchecker.c
6 *
7 * Functions for expiration validation
8 *
9 */
10
11
12 #include "pkix_expirationchecker.h"
13
14 /* --Private-Functions-------------------------------------------- */
15
16 /*
17 * FUNCTION: pkix_ExpirationChecker_Check
18 * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
19 */
20 PKIX_Error *
pkix_ExpirationChecker_Check(PKIX_CertChainChecker * checker,PKIX_PL_Cert * cert,PKIX_List * unresolvedCriticalExtensions,void ** pNBIOContext,void * plContext)21 pkix_ExpirationChecker_Check(
22 PKIX_CertChainChecker *checker,
23 PKIX_PL_Cert *cert,
24 PKIX_List *unresolvedCriticalExtensions,
25 void **pNBIOContext,
26 void *plContext)
27 {
28 PKIX_PL_Date *testDate = NULL;
29
30 PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Check");
31 PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
32
33 *pNBIOContext = NULL; /* we never block on pending I/O */
34
35 PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
36 (checker, (PKIX_PL_Object **)&testDate, plContext),
37 PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
38
39 PKIX_CHECK(PKIX_PL_Cert_CheckValidity(cert, testDate, plContext),
40 PKIX_CERTCHECKVALIDITYFAILED);
41
42 cleanup:
43
44 PKIX_DECREF(testDate);
45
46 PKIX_RETURN(CERTCHAINCHECKER);
47
48 }
49
50 /*
51 * FUNCTION: pkix_ExpirationChecker_Initialize
52 * DESCRIPTION:
53 *
54 * Creates a new CertChainChecker and stores it at "pChecker", where it will
55 * used by pkix_ExpirationChecker_Check to check that the certificate has not
56 * expired with respect to the Date pointed to by "testDate." If "testDate"
57 * is NULL, then the CertChainChecker will check that a certificate has not
58 * expired with respect to the current date and time.
59 *
60 * PARAMETERS:
61 * "testDate"
62 * Address of Date representing the point in time at which the cert is to
63 * be validated. If "testDate" is NULL, the current date and time is used.
64 * "pChecker"
65 * Address where object pointer will be stored. Must be non-NULL.
66 * "plContext"
67 * Platform-specific context pointer.
68 * THREAD SAFETY:
69 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
70 * RETURNS:
71 * Returns NULL if the function succeeds.
72 * Returns a CertChainChecker Error if the function fails in a non-fatal way.
73 * Returns a Fatal Error if the function fails in an unrecoverable way.
74 */
75 PKIX_Error *
pkix_ExpirationChecker_Initialize(PKIX_PL_Date * testDate,PKIX_CertChainChecker ** pChecker,void * plContext)76 pkix_ExpirationChecker_Initialize(
77 PKIX_PL_Date *testDate,
78 PKIX_CertChainChecker **pChecker,
79 void *plContext)
80 {
81 PKIX_PL_Date *myDate = NULL;
82 PKIX_PL_Date *nowDate = NULL;
83
84 PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Initialize");
85 PKIX_NULLCHECK_ONE(pChecker);
86
87 /* if testDate is NULL, we use the current time */
88 if (!testDate){
89 PKIX_CHECK(PKIX_PL_Date_Create_UTCTime
90 (NULL, &nowDate, plContext),
91 PKIX_DATECREATEUTCTIMEFAILED);
92 myDate = nowDate;
93 } else {
94 myDate = testDate;
95 }
96
97 PKIX_CHECK(PKIX_CertChainChecker_Create
98 (pkix_ExpirationChecker_Check,
99 PKIX_TRUE,
100 PKIX_FALSE,
101 NULL,
102 (PKIX_PL_Object *)myDate,
103 pChecker,
104 plContext),
105 PKIX_CERTCHAINCHECKERCREATEFAILED);
106
107 cleanup:
108
109 PKIX_DECREF(nowDate);
110
111 PKIX_RETURN(CERTCHAINCHECKER);
112
113 }
114