tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

X509CertValidity.cpp (2807B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 #include "X509CertValidity.h"
      6 
      7 #include "mozpkix/pkixder.h"
      8 #include "mozpkix/pkixutil.h"
      9 #include "nsComponentManagerUtils.h"
     10 #include "secder.h"
     11 
     12 NS_IMPL_ISUPPORTS(X509CertValidity, nsIX509CertValidity)
     13 
     14 using namespace mozilla;
     15 using namespace mozilla::pkix;
     16 
     17 X509CertValidity::X509CertValidity(Input certDER)
     18    : mNotBefore(0), mNotAfter(0), mTimesInitialized(false) {
     19  using namespace mozilla::pkix::der;
     20 
     21  // We're not building a verified certificate chain, so the EndEntityOrCA
     22  // parameter doesn't matter.
     23  BackCert cert(certDER, EndEntityOrCA::MustBeEndEntity, nullptr);
     24  pkix::Result rv = cert.Init();
     25  if (rv != Success) {
     26    return;
     27  }
     28  // Validity ::= SEQUENCE {
     29  //    notBefore      Time,
     30  //    notAfter       Time  }
     31  //
     32  // Time ::= CHOICE {
     33  //    utcTime        UTCTime,
     34  //    generalTime    GeneralizedTime }
     35  //
     36  // NB: BackCert::GetValidity returns the value of the Validity of the
     37  // certificate (i.e. notBefore and notAfter, without the enclosing SEQUENCE
     38  // and length)
     39  Reader reader(cert.GetValidity());
     40  uint8_t expectedTag = reader.Peek(UTCTime) ? UTCTime : GENERALIZED_TIME;
     41  Input notBefore;
     42  pkix::Result result = ExpectTagAndGetValue(reader, expectedTag, notBefore);
     43  if (result != Success) {
     44    return;
     45  }
     46  SECItemType notBeforeType =
     47      expectedTag == UTCTime ? siUTCTime : siGeneralizedTime;
     48  SECItem notBeforeItem = {
     49      notBeforeType, const_cast<unsigned char*>(notBefore.UnsafeGetData()),
     50      notBefore.GetLength()};
     51  SECStatus srv = DER_DecodeTimeChoice(&mNotBefore, &notBeforeItem);
     52  if (srv != SECSuccess) {
     53    return;
     54  }
     55  expectedTag = reader.Peek(UTCTime) ? UTCTime : GENERALIZED_TIME;
     56  Input notAfter;
     57  result = ExpectTagAndGetValue(reader, expectedTag, notAfter);
     58  if (result != Success) {
     59    return;
     60  }
     61  SECItemType notAfterType =
     62      expectedTag == UTCTime ? siUTCTime : siGeneralizedTime;
     63  SECItem notAfterItem = {notAfterType,
     64                          const_cast<unsigned char*>(notAfter.UnsafeGetData()),
     65                          notAfter.GetLength()};
     66  srv = DER_DecodeTimeChoice(&mNotAfter, &notAfterItem);
     67  if (srv != SECSuccess) {
     68    return;
     69  }
     70 
     71  mTimesInitialized = true;
     72 }
     73 
     74 NS_IMETHODIMP
     75 X509CertValidity::GetNotBefore(PRTime* aNotBefore) {
     76  NS_ENSURE_ARG(aNotBefore);
     77 
     78  if (!mTimesInitialized) {
     79    return NS_ERROR_FAILURE;
     80  }
     81 
     82  *aNotBefore = mNotBefore;
     83  return NS_OK;
     84 }
     85 
     86 NS_IMETHODIMP
     87 X509CertValidity::GetNotAfter(PRTime* aNotAfter) {
     88  NS_ENSURE_ARG(aNotAfter);
     89 
     90  if (!mTimesInitialized) {
     91    return NS_ERROR_FAILURE;
     92  }
     93 
     94  *aNotAfter = mNotAfter;
     95  return NS_OK;
     96 }