security/manager/ssl/X509CertValidity.cpp

   1 /* This Source Code Form is subject to the terms of the Mozilla Public
   2  * License, v. 2.0. If a copy of the MPL was not distributed with this
   3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   4
   5 #include "X509CertValidity.h"
   6
   7 #include "mozpkix/pkixder.h"
   8 #include "mozpkix/pkixutil.h"
   9 #include "nsComponentManagerUtils.h"
  10 #include "secder.h"
  11
  12 NS_IMPL_ISUPPORTS(X509CertValidity, nsIX509CertValidity)
  13
  14 using namespace mozilla;
  15 using namespace mozilla::pkix;
  16
  17 X509CertValidity::X509CertValidity(Input certDER)
  18     : mNotBefore(0), mNotAfter(0), mTimesInitialized(false) {
  19   using namespace mozilla::pkix::der;
  20
  21   // We're not building a verified certificate chain, so the EndEntityOrCA
  22   // parameter doesn't matter.
  23   BackCert cert(certDER, EndEntityOrCA::MustBeEndEntity, nullptr);
  24   pkix::Result rv = cert.Init();
  25   if (rv != Success) {
  26     return;
  27   }
  28   // Validity ::= SEQUENCE {
  29   //    notBefore      Time,
  30   //    notAfter       Time  }
  31   //
  32   // Time ::= CHOICE {
  33   //    utcTime        UTCTime,
  34   //    generalTime    GeneralizedTime }
  35   //
  36   // NB: BackCert::GetValidity returns the value of the Validity of the
  37   // certificate (i.e. notBefore and notAfter, without the enclosing SEQUENCE
  38   // and length)
  39   Reader reader(cert.GetValidity());
  40   uint8_t expectedTag = reader.Peek(UTCTime) ? UTCTime : GENERALIZED_TIME;
  41   Input notBefore;
  42   pkix::Result result = ExpectTagAndGetValue(reader, expectedTag, notBefore);
  43   if (result != Success) {
  44     return;
  45   }
  46   SECItemType notBeforeType =
  47       expectedTag == UTCTime ? siUTCTime : siGeneralizedTime;
  48   SECItem notBeforeItem = {
  49       notBeforeType, const_cast<unsigned char*>(notBefore.UnsafeGetData()),
  50       notBefore.GetLength()};
  51   SECStatus srv = DER_DecodeTimeChoice(&mNotBefore, &notBeforeItem);
  52   if (srv != SECSuccess) {
  53     return;
  54   }
  55   expectedTag = reader.Peek(UTCTime) ? UTCTime : GENERALIZED_TIME;
  56   Input notAfter;
  57   result = ExpectTagAndGetValue(reader, expectedTag, notAfter);
  58   if (result != Success) {
  59     return;
  60   }
  61   SECItemType notAfterType =
  62       expectedTag == UTCTime ? siUTCTime : siGeneralizedTime;
  63   SECItem notAfterItem = {notAfterType,
  64                           const_cast<unsigned char*>(notAfter.UnsafeGetData()),
  65                           notAfter.GetLength()};
  66   srv = DER_DecodeTimeChoice(&mNotAfter, &notAfterItem);
  67   if (srv != SECSuccess) {
  68     return;
  69   }
  70
  71   mTimesInitialized = true;
  72 }
  73
  74 NS_IMETHODIMP
  75 X509CertValidity::GetNotBefore(PRTime* aNotBefore) {
  76   NS_ENSURE_ARG(aNotBefore);
  77
  78   if (!mTimesInitialized) {
  79     return NS_ERROR_FAILURE;
  80   }
  81
  82   *aNotBefore = mNotBefore;
  83   return NS_OK;
  84 }
  85
  86 NS_IMETHODIMP
  87 X509CertValidity::GetNotAfter(PRTime* aNotAfter) {
  88   NS_ENSURE_ARG(aNotAfter);
  89
  90   if (!mTimesInitialized) {
  91     return NS_ERROR_FAILURE;
  92   }
  93
  94   *aNotAfter = mNotAfter;
  95   return NS_OK;
  96 }